Skip to main content
GET
/
v3
/
vaults
/
{address}
Get v3 vault risk detail (Webacy-native)
curl --request GET \
  --url https://api.webacy.com/v3/vaults/{address} \
  --header 'x-api-key: <api-key>'
import requests

url = "https://api.webacy.com/v3/vaults/{address}"

headers = {"x-api-key": "<api-key>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {'x-api-key': '<api-key>'}};

fetch('https://api.webacy.com/v3/vaults/{address}', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.webacy.com/v3/vaults/{address}",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => [
    "x-api-key: <api-key>"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.webacy.com/v3/vaults/{address}"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("x-api-key", "<api-key>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://api.webacy.com/v3/vaults/{address}")
  .header("x-api-key", "<api-key>")
  .asString();
require 'uri'
require 'net/http'

url = URI("https://api.webacy.com/v3/vaults/{address}")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["x-api-key"] = '<api-key>'

response = http.request(request)
puts response.read_body
{
  "schema_version": "3.0",
  "metadata": {
    "address": "0xD50DA5F859811A91fD1876C9461fD39c23C747Ad",
    "chain": "eth",
    "name": "MEV Capital Resolv USR",
    "symbol": "MC-USR",
    "last_scored_at": "2026-07-07T16:50:38Z"
  },
  "composite": {
    "grading_scheme": "v2",
    "grade": "F",
    "stars": 1,
    "score": 98.5,
    "contributors": {
      "smart_contract": {
        "score": 0,
        "weight": 0.2
      },
      "operational_governance": {
        "score": 0,
        "weight": 0.2
      },
      "asset_collateral": {
        "score": 10,
        "weight": 0.15
      },
      "market_liquidity": {
        "score": 35,
        "weight": 0.2
      },
      "counterparty": {
        "score": 0,
        "weight": 0.1
      },
      "hack_exploit_history": {
        "score": 0,
        "weight": 0.15
      },
      "chain_infrastructure": {
        "score": 0,
        "weight": 0
      }
    },
    "upstream_risk": 98.5,
    "clamped_by_upstream": true
  },
  "categories": {
    "smart_contract": {
      "score": 0,
      "criteria": {
        "contract_verified": {
          "status": "pass",
          "data_quality": {
            "confidence": 0.95,
            "last_observed_at": "2026-06-02T09:49:36Z",
            "source": "rwa-grade-pipeline"
          }
        }
      }
    },
    "market_liquidity": {
      "score": 35,
      "criteria": {
        "large_holder_concentration": {
          "status": "warn",
          "data_quality": {
            "confidence": 0.95,
            "last_observed_at": "2026-06-02T09:49:36Z",
            "source": "rwa-grade-pipeline"
          }
        }
      }
    }
  },
  "coverage": {
    "framework_version": "v1",
    "total_criteria": 42,
    "live_criteria": 28,
    "per_category": {
      "smart_contract": {
        "live": 6,
        "total": 8
      }
    }
  },
  "risk": {
    "overallRisk": 98.5
  }
}
Returns the full V3 risk decomposition for one vault — composite grade, per-category contributors, the dense criteria taxonomy, coverage disclosure, and the pass-through v2 risk envelope.
Understanding the version numbers. Three independent version axes show up on the V3 surface — they are not the same number:
  • API version v3 — the URL path (/v3/...) and the response schema_version (3.0).
  • framework_version — which criteria taxonomy was used. v1 today (the only supported value).
  • grading_scheme — which letter-grade band table is applied. v2 is the default (the standard 11-band scale); v1 is frozen and deprecated.
So the V3 API uses framework_version=v1 and grading_scheme=v2 by default. Seeing v1 on framework_version does not mean you’re on an older API.

Supported chains

The chain query parameter is required. Vault v3 covers 9 chains: eth, arb, base, opt, pol, bsc, avax, gnosis, sol. Chains outside this list return 400 "Invalid chain", even if accepted by a shared parameter enum.

Assessing freshness

This endpoint does not return a stale flag or generated_at. To assess freshness, use metadata.last_scored_at on the response, or read the v2 list / grades endpoints, which carry stale.Treat missing, stale, or errored data as unknown — never as safe. See Hard-gating and fail behavior.

Authorizations

x-api-key
string
header
required

Path Parameters

address
string
required

Vault contract address.

Query Parameters

chain
enum<string>
required

Chain identifier. Vault v3 covers 9 chains: eth, arb, base, opt, pol, bsc, avax, gnosis, sol. Any other value returns 400 "Invalid chain". Required.

Available options:
eth,
arb,
base,
opt,
pol,
bsc,
avax,
gnosis,
sol
grading_scheme
enum<string>
default:v2

Grading scheme to pin (default v2, the standard 11-band risk scale — lower risk = better grade). Pin v1 for the frozen legacy scale (it uses an E band and has no C+). Unknown values return 400 with the supported list.

Available options:
v1,
v2

Response

Webacy-native v3 vault detail.

Webacy-native v3 vault detail (RFC-019). metadata and risk are pass-through from the v2 vault response; composite/categories/coverage are the v3 additions. The three category-keyed maps are dense across all 7 WebacyCategory keys.

schema_version
string
required
Example:

"3.0"

metadata
object
required

Pass-through v2 vault identity/market metadata.

composite
grading_scheme v2 (standard) · object
required

Headline grade block. POLARITY (load-bearing): score is 0–100, HIGHER = WORSE (A+ = 0, F = 100) — same direction as the v2 risk.score on the same response. score = max(Σ contributors·weight, upstream_risk): floored from below by the upstream pipeline risk.

The letter set in grade depends on grading_scheme: v2 (default, standard 11-band scale) emits C+ and never E; v1 (frozen legacy scale) emits E and never C+.

categories
object
required
coverage
object
required

How many criteria are live today vs defined by the framework — so what the grade reflects is on the wire, not just in docs.

risk
object
required

Pass-through v2 risk envelope (overallRisk etc.).