The Smart Account API v1 provides a RESTful interface for managing Solana smart accounts, following standard REST conventions while accounting for blockchain-specific considerations.

Base URL

https://developers.squads.so/api/v1

Resource Structure

The API is organized around the following resource hierarchy:

/smart-accounts
└── /{smart_account_address}
    ├── /balances
    └── /spending-limits
        └── /{spending_limit_address}
            └── /debits

Key Concepts

Smart Accounts

A smart account is a programmable Solana account that can be controlled by multiple signers with different permissions. Each smart account has:

  • A unique address
  • Multiple signers with specific permissions
  • A signing threshold
  • Optional admin control
  • Optional time lock settings
  • Optional spending limits

Security Policies

Smart accounts support multiple security policies:

  1. Thresholds

    • Defines minimum number of approvals required (M-of-N setup)
    • Based on signers with CAN_VOTE permission
    • Required for all transactions except spending limit debits
    • Can be modified by admin or threshold-based approval

  2. Admin Control

    • Optional admin address for settings management
    • Admin-only configuration changes
    • Regular transactions still follow threshold rules

  3. Time Locks

    • Configurable delay between approval and execution
    • Applies to all non-admin transactions
    • Does not affect spending limit debits

  4. Spending Limits

    • Token-specific allowances
    • Periodic resets (daily, weekly, etc.)
    • Destination restrictions
    • Bypass threshold requirements for routine transactions

Permissions

Signers can have the following permissions:

  • CAN_INITIATE: Required to propose transactions
  • CAN_VOTE: Required to approve transactions (must have enough for threshold)
  • CAN_EXECUTE: Required to execute approved transactions

Transaction Handling

Most mutation endpoints return partially-signed gas abstracted transactions that must be:

  1. Signed by the required signers (based on threshold or admin mode)
  2. Wait for time lock period if configured
  3. Submitted to the Solana network

These transactions have a ~2 minute validity window due to Solana’s recent blockhash mechanism.

Authentication

All API requests require authentication using your API key in the header:

Authorization: Bearer YOUR_API_KEY

Optional Headers

Network Selection

x-squads-network: mainnet  # or devnet

Idempotency

For account creation, you can prevent duplicates using an idempotency key:

x-idempotency-key: YOUR_RANDOM_KEY

Response Format

Successful responses follow standard REST conventions:

{
  "status": "created", // For idempotent requests
  "smart_account_address": "..."
}

Error responses provide detailed information:

{
  "error": {
    "code": "ERROR_CODE",
    "message": "Human readable message",
    "details": {
      // Additional context
    }
  }
}