← Blog

Free tier + anonymous OFAC endpoint: PaladinFi v0.11.78a

2026-05-25 · Engineering free-tier ofac signup

v0.11.77 (free anonymous OFAC) shipped: 2026-05-23.   v0.11.78a (free-tier signup + auth platform) shipped: 2026-05-23.

Two evaluation paths went live this week and changed the cost of trying PaladinFi from "sign a contract" to "curl in a terminal." Both are real-data, both are on Base mainnet, and both let a builder validate API shape and uptime before any commercial conversation.

The anonymous path is for the five-minute first look. The free-tier signup is for builders ready to wire the full composite trust check or quote routing into an agent loop without paying anything until they cross 1,000 requests in a month.

Five-minute look — /v1/trust-check/ofac (anonymous)

The OFAC SDN wallet screen now runs as a standalone free endpoint. No signup, no API key, no x-payment header. Rate-limited at one request per second per IP with a small burst, declared as a separate nginx zone (trustcheck_ofac_free) so abuse of the free path can't impact paid traffic.

Try it now (replace the address with whatever wallet you want to screen): 

curl -X POST https://swap.paladinfi.com/v1/trust-check/ofac \
  -H 'content-type: application/json' \
  -d '{"address":"0xeA8C33d018760D034384e92D1B2a7cf0338834b4","chainId":8453}'

Response shape (clean wallet, returns allow): 

{
  "address": "0xeA8C33d018760D034384e92D1B2a7cf0338834b4",
  "chainId": 8453,
  "trust": {
    "recommendation": "allow",
    "factors": [
      { "source": "ofac", "signal": "not_listed", "weight": 0, "real": true }
    ],
    "version": "1.1",
    "_real": true,
    "_scope": "ofac-only (wallet-address screen; use /v1/trust-check for full composition)",
    "_ofac_list_updated_at": "2026-05-25T04:27:01Z",
    "_ofac_sdn_count": 93
  },
  "_paid_endpoint_info": {
    "url": "https://swap.paladinfi.com/v1/trust-check",
    "method": "POST",
    "auth": "x402 (USDC EIP-3009 transferWithAuthorization on Base)",
    "price_usdc": "0.001",
    "plugins": { "elizaos": "...", "agentkit": "..." },
    "docs": "https://paladinfi.com/trust-check/"
  }
}

Two fields worth pointing at. _ofac_list_updated_at is the timestamp the SDN list was last rotated server-side — if you build a monitor that worries about list staleness, this is the field to read. _ofac_sdn_count is the current entry count, which surfaces both in this response and in /health as a freshness signal.

Scope of the free OFAC endpoint

The Treasury OFAC SDN list contains roughly 93 wallet addresses (mostly EOA addresses sanctioned for specific incidents). It is a hard compliance floor, not a full risk picture. The endpoint screens against that list and that list only — it does not evaluate contract-source verification, honeypot patterns, fresh-deploy heuristics, or destination-address lookalike checks. Those layers live on the paid /v1/trust-check endpoint and in the free-tier signup path below.

Free-tier signup — paladinfi.com/signup

1,000 requests/month free. Email verification only; the address is used for the verify magic link and account-critical notices, nothing else. Issues an API key that authenticates the full composite paths:

The signup flow: email, Cloudflare Turnstile CAPTCHA, email-verify magic link, key issued. Verification links are HMAC-signed and one-shot (single redemption).

Kill switch. The auth platform ships with a DB-backed kill switch wired into every authenticated request path. If the service misbehaves or a key compromise is suspected on our side, we engage it and every authenticated /v1/account/* call returns 503 until disengaged. The OFAC anonymous path is unaffected. The operational primitive is surfaced in the runbook so the failure mode is named upfront.

What the auth stack actually does

Brief tour for anyone who wants to know what runs behind /v1/account/* before pointing an agent at it.

The review process behind the ship

v0.11.78a went through a full Tier-1 three-adversary review on the code (Security in audit-mode framing, Maintainer for operational posture, plus a Maintainer Tier-2 amendment-coherence pass). Findings across HIGH, MED, and CRITICAL severity tiers were addressed in code before deploy. Six items cleared as ship-safe deferrals — each one tracked, each one non-CRITICAL per the Security re-review.

What's on the followup list:

What's not in v0.11.78a (deliberately)

Paid tiers, Stripe, invoicing, and tax handling are queued as v0.11.78b. They depend on SES production access landing (request submitted; AWS is reviewing) and on the first paid customer pipeline maturing enough to shape the right tier structure. The engineering shape is locked in the plan doc; the SES dependency gates the ship date.

Why ship a free tier at all

Most trust APIs gate evaluation behind a sales conversation. The cost of that for an agent builder is real: a week of back-and-forth before you know whether the response shape fits your loop. The OFAC anonymous endpoint compresses that to a single curl; the free-tier signup compresses the full composite to an afternoon.

The value isn't in writing the integration code — that's a few-hundred-line job either way. The value is the trust-data composition, the uptime, and the operational discipline behind the endpoint. Free evaluation paths are how a builder can verify those before any commercial conversation.

Verify

Integration paths: if you're working in ElizaOS or Coinbase AgentKit, the npm plugins above are the fastest path. If you're calling HTTP directly from a custom agent, signup → email-verify → key in env → first /v1/trust-check call is roughly ten minutes end-to-end for anyone already working on Base.

Questions, repro cases, integration questions: dev@paladinfi.com.