Skip to content

Hightop docs header art

Start Here

Hightop How Hightop Works Your Hightop Wallet Security and Control

Use Hightop

Agents Payments Fund and Withdraw Earn Borrow Convert

Control Agents

AI Agents Agent Permissions and Limits Recurring Payments One-Off Payments Trusted Transfers If an Agent Goes Off-Script

Under the Hood

Architecture Wallet Model Earn Under the Hood Borrowing Under the Hood Why Onchain Enforcement Matters

Resources

FAQ Glossary Supported Assets and Venues Audits Technical References

API and Integrations

App-Only Actions#

Agent API v1 executes actions inside a lane that a human configured in the Hightop app. It does not let agents widen that lane.

Agents cannot:

create agents
rotate their own API key
disable their own agent
change permissions or limits
create recurring recipients
add trusted destinations
confirm trusted destinations
cancel trusted destinations
remove trusted destinations
create trusted-destination mutation requests
cancel active one-off payments
pass arbitrary user, wallet, or account filters
read other agents' operations
read other agents' balances
read account-wide Activity outside the authenticated wallet scope

Owner-only setup stays in the app so human control and onchain rule changes remain separate from agent execution.

Read-only recipient and trusted-destination routes can still expose configured state. That does not make setup or mutation routes callable.

Previous

SDK and OpenAPI

Next

Recipes