When a subscribed event occurs, an HTTP POST request is sent to the registered
callback_url for the subscribed event type(s). Events are batched and sent every 60 seconds.
Delivery Guarantees and Client Requirements
- Client Response Time: The client's endpoint must respond with a 200 OK or 204 No
Content status code within 5 seconds to prevent the request from timing out and
triggering a retry. - Retry Logic: If a non-2xx HTTP response or a timeout is received, the system will retry
the delivery up to three times. - Idempotency: Clients must utilize the unique id field within each event to prevent
duplicate processing due to network errors or retries. - Batching: Each POST request may contain a batch of up to 5,000 events to optimize.
Request Body Parameters
| Name | Type | Description |
|---|---|---|
| total | integer | Number of events sent in this callback. |
| events | array of objects | List of event objects, see Event Parameters below. |
Event Parameters
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the event. |
| type | string | Event type identifier. |
| timestamp | string | ISO timestamp for the time of the event occurrence. |
| data | object | Event-specific data fields. See Event-Specific Data below for details. |
Event-Specific Data
Event Type: token.created
token.createdEmitted when a new token deployment is detected.
Parameters
| Name | Type | Description |
|---|---|---|
| chain_id | integer | Numeric chain identifier for the token. |
| token_address | string | Address of the token. |
| name | string | Name of the token as returned by the contract. |
| symbol | string | Symbol of the token as returned by the contract. |
Event Type: token.malicious
token.maliciousEmitted when a token is flagged as a scam.
Parameters
| Name | Type | Description |
|---|---|---|
| chain_id | integer | Numeric chain identifier for the token. |
| token_address | string | Address of the token. |
| exploits | array of objects | List of exploit objects. |
| exploits.id | integer | Numeric exploit identifier. |
| exploits.name | string | Name of the exploit. |
| exploits.types | array of strings | Types associated with the exploit (comma-separated list). |
Event Type: liquidity.created
liquidity.createdEmitted when a new liquidity pool deployment is detected.
Parameters
| Name | Type | Description |
|---|---|---|
| chain_id | integer | Numeric chain identifier for the token. |
| pool_address | string | Address of the liquidity pool. |
| token_address | string | Address of the first token in the pool. |
| token_address | string | Address of the second token in the pool. |
Event Type: liquidity.removed
liquidity.removedEmitted when a sudden liquidity removal (rugpull) is detected in a pool.
Parameters
| Name | Type | Description |
|---|---|---|
| chain_id | integer | Numeric chain identifier for the token. |
| pool_address | string | Address of the liquidity pool. |
| token_address | string | Address of the first token in the pool. |
| token_address | string | Address of the second token in the pool. |
Example Request Body
{
"total": 1,
"events": [
{
"id": "224a9fe2-4313-49d0-b24b-0cdbaf200e9d",
"type": "token.malicious",
"timestamp": "2025-09-08T01:46:36.436Z",
"data": {
"chain_id": 8453,
"token_address": "0x861d95981c53856245ccdfe0fb5f4848cd130894",
"exploits": [
{
"id": 1002,
"name": "Serial rug pull",
"types": "rugpull"
}
]
}
}
]
}
IP Allowlist
Notification requests will originate from only the following IP addresses:
54.173.174.186
54.156.31.250