Hindenrank API

The risk oracle for crypto. Programmatic access to risk grades, value scores, and mechanism analysis for 600+ protocols.

Also available as an MCP server for AI coding assistants.

Quick Start

Check a protocol's risk grade with a single request — no authentication required:

# Get Aave's risk profile
curl "https://hindenrank.com/api/v1/protocols/aave"

Response (truncated):

{
  "data": {
    "slug": "aave",
    "name": "Aave",
    "grade": "B+",
    "rawScore": 22,
    "sector": "Lending",
    "topRisks": ["Oracle dependency on Chainlink..."],
    // ... more fields
  }
}

Authentication

The API supports three access tiers. Pass your key via the X-API-Key header.

Tier	Auth	Daily Limit	Data Access
Anonymous	No key needed	500/day	Grades, scores, top risks, retail summary
Free Key	`X-API-Key`	2,000/day	+ value grades, market data, grade history, compare endpoint
Pro Key	`X-API-Key`	50,000/day	+ mechanisms, interactions, collapse scenarios, sources

# Authenticated request with an API key
curl "https://hindenrank.com/api/v1/protocols/aave" \
  -H "X-API-Key: hr_your_key_here"

Base URL

https://hindenrank.com/api/v1

All endpoints below are relative to this base. Responses are JSON with Content-Type: application/json.

Endpoints

GET/protocols

List all protocols. Supports filtering by sector and grade range, with pagination.

Parameter	Type	Required	Description
sector	string	optional	Filter by sector name (case-insensitive), e.g. "Lending", "DEX"
minGrade	string	optional	Minimum grade (inclusive), e.g. "B" — returns B and worse
maxGrade	string	optional	Maximum grade (inclusive), e.g. "B" — returns B and better
limit	number	optional	Max results to return (0 = all)
offset	number	optional	Number of results to skip (for pagination)

# Top 10 Lending protocols graded B or better
curl "https://hindenrank.com/api/v1/protocols?sector=Lending&maxGrade=B&limit=10"

Response:

{
  "data": [
    { "slug": "aave", "grade": "B+", ... }
  ],
  "meta": {
    "total": 42,
    "count": 10,
    "offset": 0,
    "tier": "anon"
  }
}

GET/protocols/:slug

Get a single protocol by slug. The response fields vary by tier: anonymous gets grades and retail info, free keys add value scores and market data, pro keys get the full mechanism analysis.

curl "https://hindenrank.com/api/v1/protocols/lido"

Response fields by tier:

Field	Anonymous	Free	Pro
slug, name, sector, website	Y	Y	Y
grade, rawScore, gradeBreakdown	Y	Y	Y
topRisks, retailSummary, verdict	Y	Y	Y
tvl, funding, fdv	Y	Y	Y
valueGrade, valueRawScore, valueBreakdown	—	Y	Y
marketCap, circulatingSupply, protocolRevenue30d	—	Y	Y
previousGrade, previousRawScore, lastGradeChange	—	Y	Y
mechanisms, interactions	—	—	Y
noveltySignals, collapseScenarios	—	—	Y
deepDiveRecommendations, sources	—	—	Y

GET/protocols/search?q=

Fuzzy search protocols by name or slug. Returns basic protocol data.

Parameter	Type	Required	Description
q	string	required	Search query (minimum 2 characters)
limit	number	optional	Max results (default 10, max 50)

curl "https://hindenrank.com/api/v1/protocols/search?q=uni&limit=5"

GET/protocols/compare?slugs=

Compare 2–5 protocols side-by-side. Requires an API key (free or pro). Returns full protocol data for each plus a comparison summary.

Parameter	Type	Required	Description
slugs	string	required	Comma-separated protocol slugs (2-5)

curl "https://hindenrank.com/api/v1/protocols/compare?slugs=aave,compound,morpho" \
  -H "X-API-Key: hr_your_key_here"

Response includes:

{
  "data": {
    "protocols": {
      "aave": { ... },
      "compound": { ... },
      "morpho": { ... }
    },
    "comparison": {
      "safest": "aave",
      "riskiest": "morpho",
      "bestValue": "compound"
    }
  }
}

GET/protocols/:slug/history

Retrieve the grade history for a protocol over time. Requires an API key (free tier or above). Returns chronological grade snapshots including both risk and value scores with their full breakdowns.

Parameter	Type	Required	Description
slug	string	required	Protocol slug (path parameter)
limit	number	optional	Number of history entries to return (default 90, max 365)

# Get last 30 days of Aave v3 grade history
curl "https://hindenrank.com/api/v1/protocols/aave-v3/history?limit=30" \
  -H "X-API-Key: hr_your_key_here"

Response:

{
  "data": {
    "slug": "aave-v3",
    "history": [
      {
        "date": "2026-03-10",
        "grade": "B+",
        "rawScore": 22,
        "valueGrade": "A-",
        "valueRawScore": 78,
        "gradeBreakdown": { ... },
        "valueBreakdown": { ... }
      }
    ]
  },
  "meta": {
    "count": 30,
    "tier": "free",
    "rateLimit": { ... }
  }
}

GET/sectors

List all sectors with protocol counts and average risk scores.

curl "https://hindenrank.com/api/v1/sectors"

Response:

{
  "data": [
    {
      "name": "DeFi",
      "protocolCount": 187,
      "averageRawScore": 41.3
    }
  ]
}

Vault Endpoints

Access risk ratings for 3,900+ DeFi vaults across Beefy, Hyperliquid, and Morpho. Vault risk is computed using a weakest-link model across underlying protocols.

GET/vaults

List vaults with optional filters. Sorted by TVL descending.

Parameter	Type	Required	Description
source	string	optional	Filter: beefy, hyperliquid, or morpho
chain	string	optional	Filter by chain (e.g. ethereum, arbitrum)
minGrade	string	optional	Minimum risk grade (inclusive)
maxGrade	string	optional	Maximum risk grade (inclusive)
rated	string	optional	Set to 'true' to only return vaults with risk grades
limit	integer	optional	Max results (0 = all)
offset	integer	optional	Pagination offset

curl "https://hindenrank.com/api/v1/vaults?source=hyperliquid&rated=true&maxGrade=B"

GET/vaults/:vaultId

Get a single vault by ID. Fields returned depend on your API tier.

Parameter	Type	Required	Description
vaultId	string	required	Vault ID (e.g. hl-0x1234..., beefy-aave-eth)

curl "https://hindenrank.com/api/v1/vaults/hl-0x1234..."

GET/vaults/search

Search vaults by name or asset. Matches vault name, asset symbols, and vault IDs.

Parameter	Type	Required	Description
q	string	required	Search query (min 2 characters)
limit	integer	optional	Max results (default 10, max 50)

curl "https://hindenrank.com/api/v1/vaults/search?q=HYPE"

Vault-of-Vaults: Use GET /vaults?source=hyperliquid&rated=true&maxGrade=B to find A/B-rated Hyperliquid vaults, then allocate across them for risk-adjusted yield. The protocolSlugs field links each vault to its underlying protocol risk profile.

POST/portfolio/risk

Analyze the aggregate risk of a portfolio of protocol positions. Submit up to 50 positions and receive a composite risk score, grade distribution, concentration warnings, and weakest links. Requires an API key.

Request body:

Parameter	Type	Required	Description
positions	array	required	Array of positions, each with protocol (slug) and value (USD). Max 50.
positions[].protocol	string	required	Protocol slug (e.g. "aave-v3", "lido")
positions[].value	number	required	Position value in USD

# Analyze portfolio risk across two positions
curl -X POST "https://hindenrank.com/api/v1/portfolio/risk" \
  -H "X-API-Key: hr_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "positions": [
      { "protocol": "aave-v3", "value": 5000 },
      { "protocol": "lido", "value": 3000 }
    ]
  }'

Response:

{
  "data": {
    "riskScore": 28,
    "riskGrade": "B",
    "totalValue": 8000,
    "positionCount": 2,
    "positions": [ ... ],
    "gradeDistribution": {
      "B+": 5000,
      "B": 3000
    },
    "concentrationWarnings": ["62.5% concentrated in aave-v3"],
    "weakestLinks": [ ... ],
    "unmatchedProtocols": []
  },
  "meta": {
    "tier": "free",
    "rateLimit": { ... }
  }
}

GET/account/usage

Check your current rate limit status. Requires an API key.

curl "https://hindenrank.com/api/v1/account/usage" \
  -H "X-API-Key: hr_your_key_here"

Response:

{
  "data": {
    "tier": "free",
    "limit": 2000,
    "used": 142,
    "remaining": 1858,
    "resetsAt": "2026-02-24T00:00:00.000Z"
  }
}

Webhooks

Register webhooks to receive real-time notifications when protocol grades change. All webhook endpoints require an API key.

Event Types

Event	Description
grade.changed	Any grade change (up or down)
grade.downgraded	Grade worsened (e.g. B to C)
grade.critical	Protocol downgraded to D or F

POST/webhooks

Parameter	Type	Required	Description
url	string	required	HTTPS URL to receive webhook POST requests
secret	string	required	Shared secret for HMAC-SHA256 signature verification
events	string[]	required	Array of event types: "grade.changed", "grade.downgraded", "grade.critical"

# Register a webhook for grade downgrades
curl -X POST "https://hindenrank.com/api/v1/webhooks" \
  -H "X-API-Key: hr_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/hooks/hindenrank",
    "secret": "whsec_your_signing_secret",
    "events": ["grade.downgraded", "grade.critical"]
  }'

GET/webhooks

List all webhooks registered under your API key.

curl "https://hindenrank.com/api/v1/webhooks" \
  -H "X-API-Key: hr_your_key_here"

DELETE/webhooks

Delete a webhook by ID. Pass the webhook ID in the request body.

Parameter	Type	Required	Description
webhookId	string	required	The ID of the webhook to delete

curl -X DELETE "https://hindenrank.com/api/v1/webhooks" \
  -H "X-API-Key: hr_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{ "webhookId": "wh_abc123" }'

Webhook Payload

When an event fires, Hindenrank sends a POST request to your registered URL with this payload:

{
  "event": "grade.downgraded",
  "data": {
    "slug": "terra-luna",
    "name": "Terra Luna",
    "oldGrade": "C",
    "newGrade": "D+",
    "oldRawScore": 52,
    "newRawScore": 61,
    "changedAt": "2026-03-10T14:30:00.000Z"
  },
  "timestamp": "2026-03-10T14:30:05.000Z"
}

Signature Verification

Every webhook request includes an X-Hindenrank-Signature header containing an HMAC-SHA256 hex digest of the raw request body, signed with your webhook secret. Always verify this signature before processing the payload.

// Node.js signature verification
const crypto = require("crypto");

function verifySignature(body, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(body)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  );
}

Rate Limits

Rate limits are enforced per day (24-hour rolling window). Every response includes rate limit headers:

Header	Description
X-RateLimit-Limit	Your daily request quota
X-RateLimit-Remaining	Requests remaining in this window
X-RateLimit-Reset	ISO 8601 timestamp when the window resets

Tier	Requests / Day	Best For
Anonymous	500	Quick lookups, testing
Free	2,000	Dashboards, bots, portfolio trackers
Pro	50,000	Data pipelines, research platforms, production apps

When you exceed your limit, the API returns 429 Too Many Requests with a Retry-After header in seconds.

Response Format

Every successful response follows the same envelope:

{
  "data": // The requested resource(s)
  "meta": {
    "tier": "free",
    "rateLimit": {
      "used": 42,
      "remaining": 1958,
      "resetsAt": "2026-02-24T00:00:00.000Z"
    }
  }
}

Errors follow a consistent structure:

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Protocol not found"
  }
}

Error Codes

HTTP	Code	Description
400	BAD_REQUEST	Invalid parameters (missing query, bad slug format, etc.)
401	INVALID_KEY	The provided API key is invalid or revoked
401	AUTH_REQUIRED	Endpoint requires an API key (e.g., compare, usage)
404	NOT_FOUND	Protocol or resource not found
429	RATE_LIMITED	Daily rate limit exceeded. Check `Retry-After` header.

MCP Server

Use Hindenrank as a tool in AI coding assistants via the Model Context Protocol. The MCP server exposes 7 tools — protocol lookups, search, compare, and vault risk ratings — that Claude, Cursor, and other MCP-compatible assistants can call directly.

Source: github.com/hindenrank/hindenrank-mcp

Add to your Claude Code or Cursor config:

{
  "mcpServers": {
    "hindenrank": {
      "command": "npx",
      "args": ["hindenrank-mcp@latest"],
      "env": {
        "HINDENRANK_API_KEY": "hr_your_key_here"
      }
    }
  }
}

Available tools:

Tool	Description
get_protocol_risk	Look up risk grade for a protocol by name or slug
search_protocols	Fuzzy search protocols by name
list_protocols	List protocols with sector/grade filters
compare_protocols	Compare 2-5 protocols side by side
get_vault_risk	Look up vault risk by ID or name (Beefy, Hyperliquid, Morpho)
search_vaults	Search vaults by name or asset
list_vaults	List vault risk ratings with source/chain/grade filters

Get Your API Key

Create a free account to get an API key with 2,000 requests per day. Upgrade to Pro for 50,000 requests and full mechanism data.

Create Free Account Manage API Keys