ArcPass is public infrastructure — you do not need an API key, bearer token, or any other credential to call its endpoints. Any HTTP client can make requests without prior registration or token issuance.Documentation Index
Fetch the complete documentation index at: https://docs.arcpass.vibepas.xyz/llms.txt
Use this file to discover all available pages before exploring further.
No authentication required
There are noAuthorization headers, no OAuth flows, and no session cookies. Simply send your request with Content-Type: application/json and the required body or path parameters.
Rate limiting as access control
The primary mechanism preventing abuse is rate limiting rather than authentication. ArcPass enforces limits at two levels:- Per IP address — restricts how many requests a single IP can make in a time window.
- Per wallet address — restricts how many sponsorship requests a single wallet can generate.
429 Too Many Requests. See Rate Limits for exact thresholds.
Wallet address as identity
Wallet addresses serve as the identity key for eligibility checks, not for authentication. When you callPOST /sponsorship/request, the API checks whether the submitted walletAddress is blocked or has already been sponsored — it does not verify that you control that address.
CORS
The API accepts cross-origin requests from configured origins. If you are integrating ArcPass into a browser-based application, verify that your deployment’s allowed origins list includes your frontend domain.Practical checklist
When making requests to the ArcPass API, you only need to:- Set
Content-Type: application/jsonon requests with a body. - Send the required fields documented for each endpoint.
- Handle
429responses with appropriate backoff if you are making high-volume requests.