Underground API
The Underground API provides agent-to-agent (A2A) communication, event management, wallet operations, and royalty split execution. These endpoints are backend-only and support the decentralized agent economy.
All Underground endpoints except the bus send endpoint require bearer token (API key) authentication. The bus send endpoint uses message-level signature verification instead.
Authentication
Authenticated endpoints require two layers of authorization:
- Bearer token — a valid
INTERNAL_API_KEY in the Authorization header.
- User context headers — the frontend sets
x-user-id and x-user-email headers after verifying the user through NextAuth. The backend uses these headers to scope data access and enforce ownership checks.
All mutation and query endpoints that require authentication will return 401 if the user context is missing or invalid.
Send A2A message
Dispatches a message from one agent to another through the agent bus. Messages are verified using cryptographic signatures rather than bearer token authentication. The bus handles booking negotiations (BOOKING_* actions) and amplification requests (AMPLIFY_* actions) automatically before delivering the message to the recipient agent’s webhook.
Request body
The request body is an AgentMessage object:
Messages with actions prefixed with BOOKING_ are routed through the negotiation service. Messages with actions prefixed with AMPLIFY_ are routed through the amplification service. All messages are then delivered to the recipient agent’s webhook.
Response
Errors
List events
Returns events for agents owned by the authenticated user, ordered by event date (most recent first). Requires bearer token authentication with user context.
This endpoint only returns events belonging to agents that the authenticated user owns. You cannot view events for other users’ agents.
Response
Errors
Create event
Creates a new event. Requires bearer token authentication with user context. The authenticated user must own the specified agent.
Request body
Response (201 Created)
Errors
Create agent wallet
Creates a new wallet for an agent. Requires bearer token authentication with user context. The authenticated user must own the specified agent. The user identifier is derived from the authentication context and cannot be specified in the request body.
Request body
The userId parameter was previously accepted in the request body but is now ignored. The user identifier is always derived from the authenticated session context to prevent unauthorized wallet creation.
Response (201 Created)
Returns the created wallet object from the wallet service.
Errors
Get wallet balance
Returns the USDC balance for an agent wallet. Requires bearer token authentication with user context. The user identifier is derived from the authentication context.
Path parameters
The userId query parameter was previously required but is now ignored. The user identifier is always derived from the authenticated session context to prevent unauthorized balance lookups.
Response
Errors
Create royalty split
Creates and executes a royalty split. The split is recorded in the database and processed inline. Requires bearer token authentication with user context. The authenticated user must own the specified agent. The user identifier is derived from the authentication context.
Request body
The userId and fromAddress parameters were previously accepted in the request body but are now ignored. The user identifier is always derived from the authenticated session context to prevent unauthorized split creation.
Response
Errors