cURL
System
Remote MCP
Model Context Protocol (MCP) Streamable HTTP transport. Accepts a JSON-RPC 2.0 request and returns a JSON-RPC response. Supported methods: initialize, notifications/initialized, ping, tools/list, tools/call. Remote MCP exposes 29 read-only tools for public V1 read operations: get_leaderboard, get_trader, batch_get_traders, get_whale_trades, get_whale_trade, get_whale_trades_history, get_market_intel, batch_get_market_intel, get_smart_money_flows, get_market_snapshot, get_insider_radar, get_insider_radar_flag, get_positions, get_position_timeline, get_position_timeline_by_id, search_markets, explore_markets, get_event_replay_since, list_webhooks, get_webhook, get_daily_report_snapshot, get_weekly_report_snapshot, get_monthly_report_snapshot, get_report, get_trader_export_snapshot, get_platforms, get_large_positions, get_trending_wallets, get_trader_pnl. Webhook create/update/delete/verify/rotate operations are intentionally not exposed as remote MCP tools. The remote endpoint advertises tools only; it does not implement resources/list, resources/read, prompts/list, or prompts/get. Each tool dispatches to the matching /api/v1/* handler in-process so auth, rate limits, and payload shape match. Auth should use Authorization: Bearer <token>. ?token=<token> remains a legacy compatibility path for URL-only MCP clients, but URL secrets can land in shell history, browser history, and logs, so prefer headers or the stdio package. Mcp-Session-Id is minted on initialize and echoed on every response. Origin header, when present, is validated against the 0xinsider + localhost allowlist.
POST
cURL
Hosted, streamable HTTP MCP endpoint. Use it when your agent can’t spawn a local
A
npx subprocess: a serverless function, a browser-based agent, or a hosted automation runtime.
Remote MCP exposes the 21 read-only V1 data operations below as tools. Each tool dispatches to the matching /api/v1/* handler in-process, so auth, rate limits, and payload contracts match direct REST calls. Meta endpoints (/usage, /health) and webhook mutations are not exposed as tools.
The remote endpoint is tools-only. It supports initialize, notifications/initialized, ping, tools/list, and tools/call; it does not implement resources or prompts.
Current tools:
get_leaderboardget_traderbatch_get_tradersget_whale_tradesget_whale_trades_historyget_market_intelbatch_get_market_intelget_market_snapshotget_insider_radarget_positionsget_position_timelineget_position_timeline_by_idsearch_marketsexplore_marketsget_event_replay_sincelist_webhooksget_webhookget_daily_report_snapshotget_weekly_report_snapshotget_monthly_report_snapshotget_trader_export_snapshot
Authentication
Prefer the header form:?token=... query parameter is still available for URL-only clients but is legacy. URL secrets leak into shell history, browser history, proxies, and logs. Use headers wherever you can.
For the streaming response, see Remote MCP Stream.Authorizations
API key: Authorization: Bearer oxi_sk_live_... for live data (requires an active Insider subscription), or oxi_sk_test_... for sandbox/test mode (free account, deterministic fixture data, no live rows). Both key classes use the same paths; the prefix selects live vs sandbox.
Headers
Session ID minted by the server on initialize; echoed on every subsequent request.
Query Parameters
Deprecated compatibility API-key query parameter for remote MCP clients that cannot send Authorization headers. Prefer Authorization: Bearer or the stdio package because URL secrets are easier to leak through logs and history.
Body
application/json