Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From bankr-agent-dev
Guides secure Bankr API integrations with API key flags, read-only access, IP whitelisting, dedicated agent wallets, rate limits, and TypeScript error handling.
npx claudepluginhub bankrbot/claude-plugins --plugin bankr-agent-devHow this skill is triggered — by the user, by Claude, or both
Slash command
/bankr-agent-dev:bankr-safetyThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Security patterns and best practices for Bankr API integrations.
Guides Bankr API and CLI security: read-only keys, IP whitelisting, rate limits, dedicated agent wallets, key rotation, and transaction safety.
Configures Bankr x402 SDK client with payment and receiving wallets, private keys, environment variables, and two-wallet setup for micropayments and token handling.
Provides reusable TypeScript client code, JobStatus types, transaction interfaces for swaps, approvals, ERC20/NFT transfers, and common files like package.json/tsconfig for Bankr API integrations.
Share bugs, ideas, or general feedback.
Security patterns and best practices for Bankr API integrations.
Each API key has independent toggles managed at bankr.bot/api:
| Flag | Controls | Default |
|---|---|---|
agentApiEnabled | /agent/* endpoints | false |
llmGatewayEnabled | LLM Gateway at llm.bankr.bot | false |
readOnly | Restricts agent to read-only tools | false |
| Config | Agent API Key | LLM Gateway Key |
|---|---|---|
| Env var | BANKR_API_KEY | BANKR_LLM_KEY (falls back to API key) |
| CLI config | apiKey | llmKey (falls back to apiKey) |
When readOnly: true:
/agent/prompt works but only read tools are available/agent/sign returns 403/agent/submit returns 403// Handle read-only 403 errors
const response = await fetch(`${API_URL}/agent/sign`, { ... });
if (response.status === 403) {
const error = await response.json();
// error.message: "This API key has read-only access..."
}
// Requests from non-whitelisted IPs get 403
// Configure allowedIps at bankr.bot/api
const response = await fetch(`${API_URL}/agent/prompt`, { ... });
if (response.status === 403) {
const error = await response.json();
// error.message: "IP address not allowed for this API key"
}
For autonomous agents, create a separate Bankr account:
| Use Case | readOnly | allowedIps | Funding |
|---|---|---|---|
| Monitoring bot | Yes | Yes (server IP) | None |
| Trading bot (server) | No | Yes (server IP) | Limited |
| Development/testing | No | No | Minimal |
| Research agent | Yes | No | None |
| Tier | Daily Limit |
|---|---|
| Standard | 100 messages/day |
| Bankr Club | 1,000 messages/day |
| Custom | Set per API key |
// Handle 429 rate limit responses
const response = await fetch(`${API_URL}/agent/prompt`, { ... });
if (response.status === 429) {
const error = await response.json();
// error.resetAt: Unix timestamp when counter resets
// error.limit: Daily limit
// error.used: Messages used
const retryAfter = error.resetAt - Date.now();
}
// Always use environment variables
const API_KEY = process.env.BANKR_API_KEY;
const LLM_KEY = process.env.BANKR_LLM_KEY || API_KEY;
if (!API_KEY) {
throw new Error("BANKR_API_KEY not set. Get one at https://bankr.bot/api");
}
Storage rules:
~/.bankr/config.json for local development (CLI manages this)~/.bankr/, .env to .gitignore/agent/submit executes immediately with no confirmation promptwaitForConfirmation: true for important transactionsbankr-client-patterns - Client setup with error handlingbankr-api-basics - API fundamentalsbankr-sign-submit-api - Sync endpoints that need extra caution