> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Framework Taxonomy

> Public methodology endpoint (no API key). Returns the full criteria taxonomy plus the supported framework / grading-scheme version lists. Unknown `framework_version` pins return 400 with the supported list. Cached 5 min.

This endpoint returns the canonical V3 risk framework — the seven categories and their criteria, with each criterion's live/planned status.

<Note>
  **Understanding the version numbers.** Three independent version axes show up on the V3 surface — they are not the same number:

  * **API version `v3`** — the URL path (`/v3/...`) and the response `schema_version` (`3.0`).
  * **`framework_version`** — which criteria taxonomy was used. `v1` today (the only supported value).
  * **`grading_scheme`** — which letter-grade band table is applied. **`v2` is the default** (the standard 11-band scale); `v1` is frozen and deprecated.

  So the V3 API uses `framework_version=v1` and `grading_scheme=v2` by default. The `v1` you may see on `framework_version` is **not** an older API — it's just the current taxonomy version.
</Note>


## OpenAPI

````yaml GET /v3/framework
openapi: 3.0.1
info:
  title: Risk Score API
  description: API definition for Webacy Risk Scores
  version: 1.2.0
servers:
  - url: https://api.webacy.com
    description: Webacy Risk Score API (Production)
  - url: https://api-development.webacy.com
    description: Webacy Risk Score API (Development)
  - url: http://0.0.0.0:3030/api/v1/risk-score
    description: Webacy Risk Score API - Local
security:
  - api_key: []
tags:
  - name: Threat Risks
    description: Analyze addresses for security threats and malicious activity
  - name: Sanction Checks
    description: Check addresses against OFAC and other sanction lists
  - name: Approval Risks
    description: Analyze token approvals and associated risks
  - name: Transaction Risks
    description: Assess risk details for blockchain transactions
  - name: Exposure Risk
    description: Understand risk profile and exposure of addresses
  - name: Contract Risk
    description: Real-time smart contract security analysis
  - name: URL Risks
    description: Analyze URLs for phishing and security threats
  - name: API Usage
    description: Monitor and manage API consumption
  - name: Holder Analysis
    description: Token holder distribution and sniper detection
  - name: Address Poisoning
    description: Detect address poisoning attack patterns
  - name: Token Analysis
    description: Comprehensive token security and market analysis
  - name: Pool Analysis
    description: Liquidity pool data and analysis
  - name: Transaction Scanning
    description: Scan and simulate transactions for risks
  - name: trading-lite
    description: Lightweight trading risk assessment
  - name: RWA & Pegged Tokens
    description: >-
      Real-world asset and pegged-token analytics (supply flows, mint/burn
      velocity)
  - name: Vault Risk v3
    description: >-
      Webacy-native v3 vault risk surface — composite grade, categories,
      coverage, and the framework taxonomy (RFC-019).
  - name: RWA Risk v3
    description: >-
      Webacy-native v3 RWA / stablecoin risk surface — composite grade,
      structural-health criteria, and batch (RFC-019).
paths:
  /v3/framework:
    get:
      tags:
        - Vault Risk v3
      summary: Get the v3 framework taxonomy
      description: >-
        Public methodology endpoint (no API key). Returns the full criteria
        taxonomy plus the supported framework / grading-scheme version lists.
        Unknown `framework_version` pins return 400 with the supported list.
        Cached 5 min.
      operationId: getFrameworkV3
      parameters:
        - name: framework_version
          in: query
          required: false
          schema:
            type: string
            enum:
              - v1
            default: v1
          description: Framework version to pin (default v1).
      responses:
        '200':
          description: Framework taxonomy.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FrameworkResponse'
              example:
                schema_version: '3.0'
                framework_version: v1
                supported_versions:
                  - v1
                supported_grading_schemes:
                  - v1
                  - v2
                categories:
                  - key: smart_contract
                    name: Smart contract
                    description: >-
                      Code quality, verification, audits, upgradeability, and
                      proxy structure of the contracts that custody user funds.
                    criteria:
                      - key: contract_verified
                        name: Contract verified on explorer
                        live: true
                      - key: formal_verification
                        name: Formal verification
                        live: false
        '400':
          description: Unsupported framework_version.
      security: []
components:
  schemas:
    FrameworkResponse:
      type: object
      description: >-
        v3 framework taxonomy (RFC-019). The canonical machine-readable
        category/criteria catalog; Mintlify renders the methodology page from
        this.
      properties:
        schema_version:
          type: string
          example: '3.0'
        framework_version:
          type: string
          example: v1
        supported_versions:
          type: array
          items:
            type: string
        supported_grading_schemes:
          type: array
          items:
            type: string
        categories:
          type: array
          items:
            $ref: '#/components/schemas/FrameworkCategoryDefinition'
      required:
        - schema_version
        - framework_version
        - supported_versions
        - supported_grading_schemes
        - categories
    FrameworkCategoryDefinition:
      type: object
      properties:
        key:
          type: string
          enum:
            - smart_contract
            - operational_governance
            - asset_collateral
            - market_liquidity
            - counterparty
            - hack_exploit_history
            - chain_infrastructure
        name:
          type: string
        description:
          type: string
        criteria:
          type: array
          items:
            $ref: '#/components/schemas/FrameworkCriterionDefinition'
      required:
        - key
        - name
        - description
        - criteria
    FrameworkCriterionDefinition:
      type: object
      properties:
        key:
          type: string
        name:
          type: string
        live:
          type: boolean
          description: false = known-future criterion not yet scored.
      required:
        - key
        - name
        - live
  securitySchemes:
    api_key:
      type: apiKey
      in: header
      name: x-api-key

````