tail-fin-arkham

Arkham Intel data API client for the tail-fin workspace — chain analytics, address profiles, entity search, transfer flow. Pure HTTP, no browser, no cookies, no per-user secret.

Why

Arkham's api.arkm.com is signed at the SPA layer with a static client key embedded in the JS bundle — same value for every user. This crate extracts that key, computes the right X-Payload / X-Timestamp headers, and calls the API directly via wreq. The bulk of the documented 84-endpoint surface is reachable this way.

Usage

use tail_fin_arkham::{ArkhamClient, TransfersQuery};

let client = ArkhamClient::new()?;
let res = client.search("binance").await?;
let profile = client.address_enriched("0x971435fc38eed5e0aaff0dd717d0d16a02a4110e").await?;
let bases = ["0x971435fc38eed5e0aaff0dd717d0d16a02a4110e"];
let page = client
    .transfers(&TransfersQuery {
        base: Some(&bases),
        flow: Some("all"),
        usd_gte: Some("1"),
        sort_key: Some("time"),
        sort_dir: Some("desc"),
        limit: Some(16),
        offset: Some(0),
        ..Default::default()
    })
    .await?;

See docs/sites/arkham.md for full details on the auth model, signing algorithm, endpoint coverage, and CLI usage.

Testing

# Unit tests — signing fixtures + parsing
cargo test -p tail-fin-arkham

# Live regression (network)
cargo test -p tail-fin-arkham --test arkham_search_live -- --ignored --test-threads=1 --nocapture

The signing tests pin the algorithm against 5 real (path, timestamp, payload) tuples lifted from a 2026-04-30 HAR. If Arkham rotates NEXT_PUBLIC_WEBAPP_CLIENT_KEY upstream, all 3 signing tests + all 3 live tests fail at once with clear diagnostics.