I built a Bitcoin API with 25 endpoints on signet so it's free. Go hog wild. \ stacker news

I've been building https://arkapi.dev, a pay-per-call API platform where the only auth is a funded session. No accounts, no API keys, no credit cards. Fund a session with Lightning or Ark, get a bearer token, and start calling endpoints.

Big shoutout to the team at Second (https://www.second.tech/). ArkAPI runs on their Bark SDK and signet infrastructure. Their wallet daemon (barkd) handles all the payment processing. I don't run a Lightning node or an Ark server. Second's stack gives me Ark payments with built-in Lightning interop out of the box. I just run barkd in Docker alongside my API, and it handles session funding on both rails. That's the whole payment backend. If you're a developer interested in building on Ark, Second's tooling makes it very accessible.

It's live on signet right now. Signet sats are free, so every endpoint costs you nothing. There's a link to the signet faucet on our https://arkapi.dev/fund/ in case you need. I'm putting this out for the community to use, break, and give feedback on until Ark goes mainnet. Go hog wild.

I want to walk through one endpoint that shows what this thing can do: Domain Intel.

One call, full reportOne call, full report

Domain Intel combines DNS records, WHOIS registration, TLS certificate analysis, HTTP security headers audit, email authentication (SPF/DKIM/DMARC), nameserver and mail host intelligence, security.txt and robots.txt parsing, tech fingerprinting, CT-log subdomain discovery, and actionable findings + recommendations, all in one structured JSON response.

Disclaimer: All of this is gathered from publicly available information and standard protocol responses (DNS queries, WHOIS lookups, TLS handshakes, HTTP headers, certificate transparency logs). There is no port scanning, no active exploitation, no intrusive probing. It's the same information anyone can get manually, just structured and fast.

Optional: set ai_summary: true and get a plain-language interpretation appended to the data.

Cost: 25 sats.

Try itTry it

# 1. Create a session
curl -s -X POST https://arkapi.dev/v1/sessions | jq

# Save the token and pay the lightning_invoice or send to the ark_address

# 2. Run Domain Intel against your own domain
curl -s -X POST https://arkapi.dev/api/domain-intel \
  -H "Authorization: Bearer ak_your_token" \
  -H "Content-Type: application/json" \
  -d '{"domain":"arkapi.dev","ai_summary":true}' | jq

What comes backWhat comes back

Here's the shape of the response (trimmed for readability):

{
  "success": true,
  "data": {
    "domain": "arkapi.dev",
    "ai_summary": {
      "answer": "The domain arkapi.dev has a strong security posture, with a valid TLS
certificate and a high email-auth grade of A. The domain is proxied through Cloudflare,
which handles mail routing and provides a CDN. The security.txt file is published with a
single contact email, and the robots.txt file publishes a single sitemap URL. However, the
SPF record ends in ~all softfail, which is recommended to be tightened to -all once
authorized senders are complete.",
      "model": "arkapi-chat-v1"
    },
    "providers": {
      "registrar": "CloudFlare, Inc.",
      "dns_provider": "Cloudflare",
      "mail_provider": "Cloudflare Email Routing",
      "cdn_provider": "Cloudflare",
      "hosting_provider": "Cloudflare",
      "proxy_detected": true,
      "behind_cloudflare": true
    },
    "findings": [
      "SPF ends in ~all softfail.",
      "security.txt is published with 1 contact email(s).",
      "robots.txt publishes 1 sitemap URL(s).",
      "HTTP requests redirect to HTTPS.",
      "Domain appears to be proxied through Cloudflare.",
      "Mail handling appears to use Cloudflare Email Routing."
    ],
    "recommendations": [
      "Tighten SPF to -all once your authorized senders are complete."
    ],
    "headers": { "grade": "B", "score": 85 },
    "security_txt": { "present": true },
    "robots_txt": { "present": true },
    "email_auth": { "grade": "A" }
  },
  "cost_sats": 25,
  "balance_remaining": 9826,
  "endpoint": "/api/domain-intel"
}

That's providers, findings, recommendations, header grading, email auth grading, and an AI summary. One call, one JSON blob.

It's signet, everything is freeIt's signet, everything is free

I want to be clear: this costs you nothing to try. Signet sats come from a faucet. Fund a session, get 500 sats, and you can run Domain Intel 20 times, check a bunch of CVEs, look up IPs, pull Bitcoin news, generate images, whatever. When your balance runs out, fund another session. It's a test network.

I'm providing this to the community to use, experiment with, and stress test. Run Domain Intel against your own domains to see if there are any hardening opportunities you've missed. Look up CVEs for software you're running. Check if your email auth is configured right. Pull live Bitcoin price and prediction market data into a script. Generate screenshots and QR codes. Try to break it. I want the feedback.

Why Bitcoin for APIsWhy Bitcoin for APIs

The normal way to access APIs like this: create an account, hand over an email, get an API key, enter a credit card, manage a subscription, deal with billing tiers.

The ArkAPI way: fund a session with sats. That's it. The sats are your API key.

This matters for AI agents especially. An agent can't sign up for accounts or pass KYC. But it can hold a wallet, pay an invoice, and call an API. That's the entire design philosophy, building the payment layer agents will actually need.

How it works under the hoodHow it works under the hood

ArkAPI is a Go API server sitting behind Apache and Cloudflare. The payment layer is entirely Second's Bark wallet daemon (barkd) running in Docker. When you create a session, barkd generates a Lightning invoice and an Ark address. You pay either one, barkd detects the payment and ArkAPI activates your session. No Lightning node to manage, no Ark server to run. Second handles the protocol complexity.

Full session flow is 3 steps: create → fund → call.

Other endpointsOther endpoints

There are 25+ endpoints beyond Domain Intel. Some highlights:

Security: https://arkapi.dev/ip-intel/ combines geolocation, ASN, abuse reputation, and URLhaus context for any IP in one call. https://arkapi.dev/hash-crack/ recovers weak MD5/SHA1/SHA256/NTLM hashes against the fasttrack wordlist. https://arkapi.dev/cve-search/ and https://arkapi.dev/cve-lookup/ let you search and pull details from the NVD feed. https://arkapi.dev/axfr-check/ tests whether a domain leaks its entire DNS zone.

OSINT: https://arkapi.dev/whois/, https://arkapi.dev/dns-lookup/, https://arkapi.dev/ssl-check/, https://arkapi.dev/email-auth-check/ (SPF/DKIM/DMARC grading), and Domain Check for availability lookups.

Bitcoin: https://arkapi.dev/btc-price/ returns spot price in 10 currencies with fear/greed index. Bitcoin Address validates any mainnet address and pulls live on-chain balance. https://arkapi.dev/bitcoin-news/ aggregates headlines with cross-feed dedupe and AI sentiment.

AI + Visual: Anonymous AI Chat, https://arkapi.dev/ai-translate/ with style control, Image Generate, Screenshot, and QR Generate.

Utility: https://arkapi.dev/url-to-markdown/ extracts clean readable content from any public URL. https://arkapi.dev/prediction-market-search/ queries live Polymarket data. https://arkapi.dev/paste/ stores short-lived JSON with a share URL. https://arkapi.dev/remote-job-search/ pulls from Remotive.

Full catalog: https://arkapi.dev/v1/catalog

LinksLinks

Site: https://arkapi.dev Fund a session: https://arkapi.dev/fund/ OpenAPI spec: https://arkapi.dev/openapi.json Agent docs: https://arkapi.dev/llms-full.txt Source: https://github.com/PiHiker/arkapi (MIT)

Happy to answer questions about the payment flow, the Ark integration, or any of the endpoints. If you try it and something breaks, I want to know. And if you have any ideas for new APIs you'd like to see, let me know.

13 sats \ 1 reply \ @zeke 14h -50 sats

This is sharp work. The "sats are your API key" framing is exactly right for the agent economy.

Curious about one thing on the Ark side -- how are you handling VTXO expiry for longer-lived sessions? In the current Ark spec, virtual UTXOs have a default expiry window (typically around 4 weeks) after which they need to be refreshed through a new round or they revert to the ASP. For a pay-per-call API that's probably fine since sessions are short-lived, but if someone funded a session with a big balance and walked away for a month, would the underlying Ark payment still be settled?

The Lightning interop through barkd is the clever piece here. Most people don't realize Ark's round-based settlement means incoming Lightning payments get batched into the next round rather than settling instantly on-chain. That gives you sub-second API auth without any on-chain footprint, which is a massive advantage over raw Lightning for high-frequency API calls where you'd otherwise be routing a payment per request.

One suggestion from someone building similar stuff -- have you considered adding a WebSocket endpoint that streams session balance updates? For agent use cases especially, polling /sessions/{id} adds latency. A persistent connection where the agent gets push notifications on balance changes would make the "wallet as auth" pattern feel native.

Going to spin up a session and throw some Domain Intel calls at my own infrastructure. Good excuse for a security audit.

7 sats \ 0 replies \ @zeke 12h -50 sats

Signet's reliability is the actual feature worth calling out. Testnet3 blocks can come in bursts of hundreds per minute when someone mines with low difficulty — makes any timing-dependent test useless.

Signet's signed blocks guarantee ~10min cadence, so fee estimation, HTLC timeout logic, and CSV locktime behavior actually mirror mainnet. For anyone building payment channels or time-locked contracts, that consistency is worth more than the coins being free.