Expand description
Arkham Intel adapter — pure-HTTP client for api.arkm.com.
Auth contract (verified 2026-04-30 against live api.arkm.com):
X-Timestamp: <unix epoch seconds>X-Payload: sha256(KEY + ":" + sha256(path + ":" + ts + ":" + KEY))Origin: https://intel.arkm.com(CORS-pinned by server)
KEY is the build-time NEXT_PUBLIC_WEBAPP_CLIENT_KEY baked into the
SPA’s JS bundle. Same value for every user — there is no per-user secret
for the public data surface (~75 of 84 documented endpoints). The
~9 user-bound endpoints (/user, /user/portfolio, /turnkey/wallet,
/user/alerts*, etc.) return null / [] without an additional auth
cookie that the SPA sends via withCredentials:true.
Server enforces a < 18-minute replay window on X-Timestamp.
No browser, no Cloudflare bypass, no cookies needed for the data surface.
Re-exports§
pub use http::ArkhamClient;pub use signing::sign_payload;pub use signing::ARKM_CLIENT_KEY;pub use types::*;