Skip to content
Hightop docs header art
Hightop
API and Integrations

/self

GET/v1/agent/self

Return the authenticated agent and scoped wallet context

Requires API-key authentication (agentAuth, agentId).

Purpose: return the authenticated agent, scoped wallet context, active window, global capability catalog, and rate-limit metadata.

Auth and scope: header-key auth or OAuth agent:read.

Idempotency: not required.

Request: no body.

Response:

json
example
{
  "ok": true,
  "agent": {
    "id": "uuid",
    "name": "Ops Agent",
    "enabled": true,
    "wallet_address": "0x...",
    "manager_address": "0x...",
    "agent_wrapper_address": "0x...",
    "active_window": {
      "starts_at": "2026-05-16T00:00:00.000Z",
      "expires_at": null
    }
  },
  "permissions": {
    "operation_types": ["payment", "earn.deposit", "conversion"],
    "webhook_event_types": ["payment.executed", "operation.updated"]
  },
  "limits": {
    "read": { "limit": 600, "burst": 100, "windowSeconds": 60 }
  },
  "cannot": [],
  "current_usage": {}
}

GET /v1/agent/self returns identity, scoped wallet context, the active window, and the global capability catalog (the operations the API supports, the same for every agent) — not this agent's actual grants or spend caps. For the agent's effective operation grants, spend caps, and current-period usage, use GET /v1/agent/self/limits. These response objects may grow over time, so treat additive fields as expected.

Note the two cannot shapes: GET /v1/agent/self's cannot is an array of { action, reason } objects, whereas GET /v1/agent/self/limits's permissions.cannot is an array of operation-type strings. They are not interchangeable. In Agent API v1, /self.cannot is currently empty and reserved for future global-catalog boundary hints; use /self/limits.permissions.cannot for this agent's effective denied operation types.

active_window.starts_at and active_window.expires_at are exact ISO timestamps for this agent's configured timing. A future starts_at means writes return agent_not_yet_active until that time. A non-null expires_at means writes return agent_expired after that time.

Common errors: authentication_failed, agent_disabled, agent_not_yet_active, agent_expired, insufficient_scope.

Related recipe: Quickstart.