Documentation

Changelog

Notable changes to the Arca platform, SDKs, and API. Breaking changes are marked with a ⚠️ icon.

2026-04-08

Trade summary: fee breakdown, funding totals, and position-level cost attribution. tradeSummary() now returns per-fee-type breakdown (totalExchangeFees, totalPlatformFees, totalBuilderFees), cumulative funding (totalFundingPaid / totalFundingReceived), and an openPositionCosts object per market with costs attributed to the current open position using proportional close-out accounting. Existing fields are unchanged.
Swift SDK: new fields and methods. Added platformFee on SimFill, cumulativeFunding on SimPosition, getAssetFees(objectId:builderFeeBps:) for per-asset fee rates, and enableAutoTracking(operations:balances:exchange:) for optimistic UI updates. Also added AssetFeeEntry type.
Swift SDK: PaymentLinkView now uses WKWebView. PaymentLinkView / .paymentLinkSheet() now uses WKWebView instead of SFSafariViewController, enabling window.close() support for returnStrategy: "close".
TypeScript SDK: aggregation revaluation includes perp entries. revalueAggregation() now revalues perp breakdown entries using fresh mid prices, keeping aggregation equity in sync with per-object valuations between server pushes.
Platform: object creation response includes timestamps. createObject responses now populate createdAt and updatedAt immediately, enabling deterministic ordering of newly created objects without waiting for background workflow completion.
Docs: clarified fundAccount behavior by realm type and documented that watchCandleChart count is best-effort (sets time window, actual count depends on asset history).
Platform: realm listing now returns realms across all org memberships. GET /api/v1/realms now returns realms from all of the builder's organizations, not just the first resolved org. Builders with multiple org memberships will now see all their realms. When a preferred org header is set, results are scoped to that org only.
API: nextFundingTime now populated on market tickers. MarketTicker.nextFundingTime is now returned as a Unix-ms timestamp from the /api/v1/exchange/market/tickers endpoint and SDK getMarketTickers() calls.
Fix: P&L chart no longer double-counts initial deposit. When a chart window started before the account's first deposit, the deposit was counted both in startingEquityUsd (via leading-zero trimming) and in cumulative inflows, producing an inflated loss. getPnlHistory now returns an effectiveFrom field, and watchPnlChart uses it to align flowsSince correctly. Affects both TypeScript and Swift SDKs.
Fix: portal exchange positions now revalue on live mid prices. The portal's exchange detail panel previously displayed stale unrealized P&L from the sim-exchange snapshot. It now revalues cached exchange positions on every WebSocket mid-price update, matching the SDK's behavior.

2026-04-07

Platform + API + Portal: builder operation signing keys. Builders can now register Ed25519 signing keys and sign API requests for cryptographic non-repudiation. New endpoints: POST /api/v1/signing-keys (register), GET /api/v1/signing-keys (list), DELETE /api/v1/signing-keys/:id (revoke), POST /api/v1/signing-keys/:id/cancel (cancel pending), GET /api/v1/signing-keys/:id/events (audit log). The server verifies X-Arca-Key-Id, X-Arca-Signature, and X-Arca-Timestamp headers and records signatures on operations. Signing is optional in this release; it will become required for production realms in a future release. A new portal page under Manage → Signing Keys provides key registration, revocation, and lifecycle visibility. Key lifecycle events are recorded in a hash-chained, tamper-evident audit log.

2026-04-06

Objects + exchange processing: stricter object path validation and more robust venue account lookup. Object creation now rejects path segments containing whitespace or control characters, preventing malformed identities from entering the system, and exchange account resolution now accepts both venueAccountId and legacy simAccountId metadata when mapping sim-exchange events back to Arca objects.
SDK + streaming: candle WebSocket events now include optional delivery timestamps. Candle subscriptions still emit the same coin, interval, and candle payload, and now may also include publishedAt, platformReceivedAt, and wsSentAt for delivery attribution and latency debugging.
SDK: client-side recovery key generation. New static method Arca.generateRecoveryKey() creates a 12-word BIP-39 mnemonic and derives the Ethereum address at the standard BIP-44 path, entirely client-side. Uses crypto.getRandomValues for entropy and zeroes all intermediate key material after derivation. Recovery key docs now cover a two-path UX model: “use an existing wallet” (recommended) or “generate a new one”, with platform-specific backup guidance for iOS, Android, and web.

2026-04-05

Explorer + SDK + API: path-level isolation zones. The explorer browse response now includes path entries and isolation metadata so the portal can mark boundary roots and paths contained within a boundary. A newPOST /api/v1/isolation-zones endpoint andarca.createIsolationZone({ path }) SDK method let builders declare an isolation zone before any object exists under that path, fixing the empty-path race for zone-first explorer workflows.
Explorer + SDK + API: Phase 1 audit evidence export. Operation detail now accepts includeEvidence=true, returning journal-backed evidence, proof references, chain transaction metadata, and integrity annotations for a single operation. A new GET /api/v1/operations/export endpoint exports the same evidence bundle across a realm and time range, the TypeScript SDK addsgetOperation(id, { includeEvidence: true }) andexportOperationEvidence(...), and the portal Explorer now supports copy/download of per-operation JSON plus realm-scoped evidence export.
Objects: full withdrawals now terminate the object path. When a non-exchange Arca is fully withdrawn, its status becomes withdrawnand the response includes withdrawnAt. Withdrawn paths remain visible in history, show a zero-cliff in aggregation after the withdrawal timestamp, and cannot be reused for a new object generation.
Objects: deleted generations now expose tombstone displayName. Object responses now include an optional displayName field. Active objects usually leave it unset, while deleted objects receive a tombstone label like wallet.deleted.YYYY.MM.DD.SSSSS so explorer and version-history views can distinguish repeated deleted generations at the same canonical path.
SDK: custody contract integration. New methods for reading on-chain custody state (getCustodyStatus, getBoundary, listBoundaries, listExchangeArcas), registering recovery keys (registerRecoveryKey), and preparing unsigned sovereignty transactions (prepareLockBoundary, prepareWithdraw, prepareAssignRecoveryKey, etc.). Recovery keys give users non-custodial control over their isolation boundaries: lock, unlock, withdraw, and emergency recovery.
API: custody endpoints. New REST endpoints for custody contract state: GET /custody/status (full aggregated view including boundaries, exchange arcas, and venue halts), GET /custody/boundaries, GET /custody/exchange-arcas (with optional boundaryId filter), and POST /custody/recovery-key. The /custody/status response now includes contractAddress, chainId, and all nested state in a single call.
⚠️ Backend: balance ledger writes fully migrated to journal. All balance-affecting write paths in the worker service now commit exclusively through the unified journal (journal_entries / journal_legs). Legacy arca_balance_ledger writes have been removed from all activities. All read paths (forensics, aggregation, explorer snapshots, balance ledger compatibility layer) have been migrated to source data from the journal tables.

2026-04-03

Swift SDK: fixed live P&L chart discontinuity in watchPnlChart. The live tail point now correctly accounts for deposits and withdrawals. Previously, the Swift SDK's flow accounting was non-functional — deposits appeared as profit and withdrawals as losses, causing a massive jump at the chart's live edge (especially visible with anchor: .equity). The fix uses server-authoritative cumulative flow values via the new flowsSince parameter on watchAggregation.
Swift SDK: watchAggregation now accepts flowsSince. Pass an ISO 8601 timestamp to receive cumulative inflow/outflow values computed from that point forward. PathAggregation now includes cumInflowsUsd and cumOutflowsUsd fields.
SDK: reduced chart discontinuity on reload. Both TypeScript and Swift SDKs now trim trailing server-generated live points from historical chart data, preventing small jumps where the server's HTTP-time equity diverged from the WebSocket-time equity.

2026-04-02

Market data: guaranteed sparklines via background pre-computation. Sparkline data is now pre-computed every ~5 minutes by a background process and stored in Redis. All tracked coins are always included — no more missing sparklines due to timeouts or computation pressure. The serving path is a single Redis read, making it faster and more reliable across all replicas. Sparkline data may be up to 5 minutes behind real-time; for live price information, use mid prices (watchPrices) or candle subscriptions (subscribeCandles).
⚠️ Sparklines: interval and points parameters removed. The sparkline endpoint now always returns 24 hourly close prices. The query parameters are still accepted for backward compatibility but ignored. Previously, requesting a non-default interval/points combination would return empty data because only the default (1h/24) was pre-computed. Use getCandles for custom intervals.
Trading: TWAP (Time-Weighted Average Price) orders. Execute large trades over time by placing market orders at regular intervals. TWAPs support durations up to 30 days, configurable intervals (10s–1h), and automatic catch-up if slices are missed. New SDK methods: placeTwap(), cancelTwap(), getTwap(), listTwaps(), getTwapLimits(). API endpoints: POST /api/v1/objects/{id}/exchange/twap, GET .../twap/{operationId}, DELETE .../twap/{operationId}, GET .../twaps. New event types: twap.started, twap.progress, twap.completed, twap.cancelled, twap.failed. Active TWAPs are automatically cancelled on account liquidation.
Market data: candle CDN publish schedule reduced to daily. The CDN publish workflow now runs at 00:05 and 00:35 UTC (retry window) instead of every 5 minutes. Missing closed chunks discovered during API reads are repaired asynchronously via a fire-and-forget checker that verifies GCS and enqueues a Temporal repair workflow when needed, with 30-minute cooldown deduplication.

2026-04-01

Trading: deleted exchange accounts now disappear cleanly from live trading. The API no longer allows place/cancel order requests or live exchange reads against a soft-deleted exchange object ID. The portal also invalidates its trading caches when an exchange object is deleted, fixing the stale state where a just-deleted account could still show cached cash while reporting zero buying power.
Market infrastructure: Bright Data-managed Hyperliquid proxy routing. The Hyperliquid /info transport now supports backend-managed Bright Data datacenter routing. Instead of hand-maintained proxy URLs, the backend can use a Bright Data API key to reconcile a zone, mint managed proxy identities, and feed them into the shared HL router with direct fallback and per-lane telemetry. The current rollout sends all Hyperliquid read traffic through the shared arca_hl_read_only rotating zone first, so the direct Hyperliquid rate limiter is only consumed when the proxy path fails.
API: candle fetch cancellations and timeouts now use specific HTTP error types. GET /api/v1/exchange/market/candles/{coin} no longer flattens every downstream market-data failure into 502 EXCHANGE_ERROR. Client-aborted candle requests now return 499 REQUEST_CANCELED, downstream deadline overruns return 504 EXCHANGE_TIMEOUT, and 502 is reserved for genuine upstream failures.
SDK: equity-anchored P&L charts. watchPnlChart now accepts an anchor option. Set anchor: 'equity' to shift the P&L chart so the live (rightmost) value equals the current account equity — a portfolio value view. Each point includes a valueUsd field for the chart y-axis. The offset is stable during price movements; historical points never wiggle. Available in both the TypeScript and Swift SDKs.

2026-03-31

Portal: default exchange selection now prefers the newest persisted account. When multiple active exchange objects are present, the portal now orders them by createdAt descending instead of raw path order, with a deterministic id tie-breaker. The SDK and API docs now also clarify that listObjects and browseObjects always return authoritative timestamps for persisted objects, while the immediate create response may briefly leave those fields empty until async creation completes.
SDK: candle chart range loads now coalesce overlapping requests. Repeated ensureRange calls on the same candle chart stream no longer drop gesture-driven history loads while an earlier fetch is in flight. The TypeScript and Swift SDKs now merge overlapping pending ranges, and failed gaps stay retryable instead of being marked covered. This fixes charts that could appear frozen after rapid pan/zoom interactions.
Fix: repeated exchange order cancels now return deterministic API errors. Repeating DELETE /api/v1/objects/{id}/exchange/orders/{orderId} now reuses the original cancel operation instead of surfacing an internal server error from a duplicate implicit operation path. Already-cancelled orders now return 409 ORDER_FAILED instead of a generic upstream/internal-style failure.
Exchange state: removed the legacy 5s sim-exchange heartbeat. The sim-exchange no longer emits a periodic equity ticker that forced a full clearinghouse refresh every five seconds for active accounts. Structural exchange updates now come from mutation-driven account events and venue reconciliation. The TypeScript SDK, Swift SDK, and portal were hardened to refetch exchange state when an exchange.updated notification arrives without inline exchangeState, so watch streams and explorer views still converge without relying on the old heartbeat.
Fix: aggregation watch flowsSince now accepts standard RFC 3339 timestamps. The platform had started requiring exactly six fractional digits for flowsSince, which caused valid client timestamps like 2026-01-01T00:00:00Z and 2026-01-01T00:00:00.000Z to be rejected when creating aggregation watches over HTTP or WebSocket. The parser now accepts RFC 3339 variants and normalizes them to UTC while responses continue to use the canonical microsecond format.
Fix: P&L chart no longer shows a momentary spike on deposits. The aggregation watch response now includes cumInflowsUsd and cumOutflowsUsd fields, computed from the balance ledger. The SDK's PnlChartStream uses these server-provided values instead of tracking flows client-side from operation.updated events, ensuring equity and flow data are always derived from the same source.
Fix: P&L flow tracking no longer double-counts or misses flows. The watchAggregation method now accepts an optional flowsSince parameter. watchPnlChart passes the chart's from time so the server computes cumulative flows over the entire chart window — eliminating the gap/overlap between historical and watch-creation time windows.
Market data: first-class HIP-3 (builder-deployed perp) coverage. All HIP-3 markets now receive the same trade, candle, and sparkline data coverage as native Hyperliquid perps. Previously, HIP-3 markets could have gaps in sparkline and candle data because their trade feeds were demand-driven. Now all discovered markets — native and HIP-3 — are automatically subscribed to trade and order book streams at startup. The fallback data provider also supplements trades for markets that the primary data source hasn't seen, closing coverage gaps during data source transitions.
Perf: Payment link page now loads instantly. The /pay/ page is now a self-contained static HTML file instead of loading the full portal SPA. Previously, opening a payment link downloaded ~1.4MB of JavaScript (React, charts, markdown, OAuth, etc.) before showing a simple payment card. The standalone page is ~16KB with zero external dependencies and loads in under 200ms. All features preserved: branding, dark mode, polling, return strategies.
Platform: white-label payment portal branding. Realms can now configure custom branding for the payment portal via PATCH /api/v1/realms/:id/settings with a branding object. Supported fields: displayName, accentColor (hex), logoUrl (HTTPS), hideExpiryTimer, and environmentBannerText. When configured, the payment page renders the builder's branding instead of the default Arca logo and name. The “Powered by Arca” footer always remains.
Swift SDK: fix watchCandleChart hang on rapid interval switching. Switching candle intervals quickly (e.g. tapping 1D → 1M → 3M) could cause the SDK to hang indefinitely when loading large candle counts. The cancelled task's CDN chunk fetches were falling back to the REST API instead of exiting, saturating the HTTP client queue and blocking the new request. Cancelled tasks now bail out immediately at every async boundary.
SDK: watchPnlChart() and watchEquityChart() now documented. Live chart streams for P&L and equity are now fully documented in the SDK reference with usage examples. watchPnlChart merges historical P&L data with real-time aggregation updates and automatically adjusts for deposits, withdrawals, and transfers that cross the path boundary — no client-side workarounds needed. Both methods are available in TypeScript and Swift SDKs.
Platform: atomic event delivery for related events. Operations that produce multiple related events (e.g. operation.updated + balance.updated) now deliver them as a single atomic batch over the WebSocket connection. Previously, these events were published as separate messages with potential inter-message gaps. Affects deposits, withdrawals, transfers, and deletions.
SDK: watchEquityChart() cache invalidation on deposit. The equity chart stream now detects when live equity diverges significantly from the last historical data point (e.g. after a deposit) and automatically invalidates the cached history so subsequent chart opens fetch fresh data.
Fix: resultingPosition.leverage in fill events. The leverage field in fill.recorded events and listFills results now correctly reflects the per-coin leverage setting used at fill time. Previously, it always returned 1 for new positions because the worker defaulted to the pre-fill platform leverage instead of reading the venue's actual leverage.
Market metadata: displayName, isHip3, deployerDisplayName. getMarketMeta now returns three new fields per asset: displayName (human-readable name, e.g. “Crude Oil” for BRENTOIL), isHip3 (whether the asset is a HIP-3 deployer market), and deployerDisplayName (the deployer's full name for HIP-3 assets). Available in TypeScript, Swift, and CLI.
Docs: sparklines freshness model. SDK and API docs now document the sparkline freshness guarantee: data is pre-computed every ~5 minutes with all tracked coins always included. For real-time prices, use mid prices or candle subscriptions.
Fix: watchMaxOrderSize not updating after position close. The investment slider / max order size stream was not reflecting freed margin after selling a position. A premature exchange.updated event emitted at order placement time poisoned the event bus dedup cache, silently suppressing the real post-fill event that carried the updated exchange state. The TypeScript SDK also lacked watchPath/unwatchPath calls (the Swift SDK already had them), which prevented event delivery on standalone WebSocket connections. Both issues are now fixed.

2026-03-30

Market metadata: logoUrl and feeScale added. getMarketMeta now includes logoUrl (CDN URL for the asset logo) and feeScale (HIP-3 fee multiplier, defaults to 1.0 for standard perps). Together with the previously added displayName, isHip3, and deployerDisplayName, the market meta response now provides full display metadata for all assets. displayName and logoUrl are curated and managed via the admin panel. Available in TypeScript, Swift, and CLI.
SDK: CDN candle history enabled by default. The candleCdnBaseUrl config now defaults to the production CDN. Historical candle data for longer intervals (1d, 4h, 1h) is now served from the CDN automatically — no configuration needed. Pass null or """" to disable CDN and use the REST API exclusively (e.g. for local development). Affects both TypeScript and Swift SDKs.
Fix: watchCandleChart sparse initial data handling. When the initial fast-path fetch (skipBackfill) returns fewer candles than expected, the SDK now detects this as sparse data and retries with a full backfill in the background. Previously, a single cached candle would mark the entire requested range as covered, preventing further loads. The retry now also requires the result to have more candles than the initial load to count as successful, preventing premature stop. Affects both TypeScript and Swift SDKs.
Fix: Explorer equity column now populated on initial load. The watch snapshot now includes per-object valuations for multi-object watches, so the Explorer table displays equity values immediately without waiting for a state change event.
⚠️ Breaking: availableToTrade is now a single USD string. ActiveAssetData.availableToTrade changed from [string, string] (buy/sell token pair) to a single string representing raw available margin in USD (equity minus margin in use). This is direction-agnostic — use maxBuyUsd/maxSellUsd for per-side max exposure. Affects both TypeScript and Swift SDKs, the REST API, and client-side derivation.
SDK: New Arca.orderBreakdown() static helper. Pure calculator (no network call) that converts between three order input modes: spend (total from balance), notional (position exposure), and tokens (token count). Returns tokens, notionalUsd, marginRequired, estimatedFee, totalSpend, price, and feeRate. Available in both TypeScript and Swift SDKs. Dollar values are estimates at the provided price.
SDK: sizeTolerance on placeOrder. New parameter that allows the server to reduce order size by up to the specified percentage if a margin check fails due to price drift. Only reduces, never increases. Works with or without useMax. Recommended: 0.01 (1%) for interactive flows, 0.02 (2%) for retail. maxSizeTolerance is deprecated but still works as an alias.
SDK: feeRate is all-in. ActiveAssetData.feeRate includes exchange taker fee (HIP-3 scaled), platform fee, and builder fee (when builderFeeBps is passed to getActiveAssetData). No need to add builder fees separately.
SDK: getActiveAssetData now accepts optional leverage. Both TypeScript and Swift SDKs now pass an optional leverage parameter to the server. When provided, the server uses this value instead of the stored per-coin leverage setting (which defaults to 1x if updateLeverage hasn't been called). This ensures getActiveAssetData returns max order sizes consistent with the intended leverage, even if there's a timing gap between updateLeverage and the query. For live max-size streaming, continue using watchMaxOrderSize() which computes client-side with the leverage from options.
⚠️ Breaking: computed field removed from valuations. The computed boolean has been removed from ObjectValuation and PathAggregation in both TypeScript and Swift SDKs, and from the corresponding API responses. The server now guarantees accurate data by using last-known mid prices as a fallback when market data is temporarily unavailable. When a mid price is genuinely unavailable for a position, price-derived fields (unrealizedPnl, valueUsd, markPrice) are omitted from that position rather than sending placeholder zeros. These fields on PositionValue are now optional in both SDKs.
⚠️ Breaking: PathAggregation no longer includes objects. The objects: ObjectValuation[] field has been removed from PathAggregation (TypeScript SDK), PathAggregationResponse (Go API), and the matching Swift PathAggregation model. Portfolio rollups still include totalEquityUsd, breakdown, and in-transit USD fields. For per-object valuations, use watchObject(path) or the new watchObjects(paths) in TypeScript and watchObjects(paths:exchange:) in Swift — these emit merged per-path ObjectValuation updates. For one-shot reads, use getObjectValuation(path). Client-side revalueAggregation now derives live totals from breakdown (spot entries revalued; exchange/perp pass-through; departingUsd / arrivingUsd unchanged as USD pass-through).
Real-time P&L on exchange state. watchExchangeState() now subscribes to mid prices and revalues position P&L, equity, and margin summary client-side on every price tick. Previously, exchange state updates arrived only every ~5 seconds via a server round-trip. Position P&L now updates at the same frequency as watchObject() and watchAggregation(). Each update includes a source field ('exchange' for server-pushed structural changes, 'mids' for client-side revaluation). Available in both TypeScript and Swift SDKs. Use revalueExchangeState(state, mids) for manual revaluation outside a stream.
Mid price responsiveness: all assets have prices immediately. watchPrices() now guarantees that .prices is fully populated when the await resolves — including illiquid and HIP-3 assets that previously could take seconds to minutes to appear. The server now seeds mid prices from the full asset universe at startup, and the SDK no longer resolves ready() before data arrives.

2026-03-29

⚠️ SDK fix: max order size now uses correct margin metric. watchMaxOrderSize() and deriveActiveAssetDataFromState() previously used availableToWithdraw (withdrawal cushion: equity minus maintenance margin) to compute max order sizes. This inflated buying power because maintenance margin is much smaller than initial margin. The SDK now correctly uses equity - initialMarginUsedto determine available trading margin, matching the backend's order validation logic. If you were computing max order sizes with your own code using availableToWithdraw, switch to equity - initialMarginUsed.
Docs: clarified availableToWithdraw semantics. The availableToWithdraw field documentation previously described it as "equity minus initial margin," which was incorrect. It is equity minus maintenance margin — a withdrawal safety metric, not trading capacity. Docs now clearly distinguish between withdrawable amount and available trading margin.

2026-03-26

Swift SDK: watchCandleChart(coin:interval:count:) New CandleChartStream that blends historical candles from the REST API with live WebSocket events into a single, always-up-to-date candle array. Handles deduplication, sorting, in-place updates for in-progress candles, and automatic gap recovery on WebSocket reconnection. This replaces the need to manually merge getCandles() and watchCandles() in your app — the stream does it for you.

2026-03-21

Active asset data now streams in real time. watchMaxOrderSize() now receives live exchange state updates (orders, fills, leverage, deposits, funding) in addition to price changes. Previously, max order sizes only updated on price ticks.
Swift SDK: watchMaxOrderSize(options:) Added watchMaxOrderSize() to the Swift SDK, matching the TypeScript SDK. Returns a MaxOrderSizeWatchStream that recomputes ActiveAssetData on price and exchange state changes.

2026-03-09

⚠️ ActiveAssetData sell sizing fields are now unsigned. maxSellSize, maxSellUsd, and the sell entry in availableToTrade are now returned as positive magnitudes. Direction continues to be selected via order side.

2026-03-08

⚠️ ActiveAssetData: named fields replace arrays. maxTradeSzs and availableToTrade arrays have been replaced with four named fields: maxBuySize, maxSellSize, maxBuyUsd, maxSellUsd. Affects the REST API, TypeScript SDK, and Swift SDK.
placeOrder leverage parameter now works. The leverage parameter on placeOrder now automatically sets the account's per-coin leverage before placing the order. Previously, it was accepted but ignored — callers had to call updateLeverage separately.
Swift SDK v0.1.0 tag. First semver tag for the Swift SDK. Pin your SPM dependency to from: "0.1.0" instead of branch: "main".
Weekly reset status endpoint. GET /api/v1/status/reset returns the next and last weekly reset timestamps. No authentication required.
REST docs: transfer examples and balance cross-reference. Added curl example for the transfer endpoint, clarified transfer vs withdrawal semantics, and added a balance endpoint cross-reference in Getting Started.