Use this guide to make your first request to the TestMachine Token Custody API and interpret the custody-risk behaviors returned for an ERC-20 token.
Authenticate with an API key
Request a token custody analysis (pull mode)
Read the behaviors array and map it to custody controls
behaviors
A TestMachine API key (see Authentication)
A token contract address (0x…) on a supported EVM chain
0x…
The chain ID (see Supported networks)
Store your API key in an environment variable:
export TESTMACHINE_API_KEY="<YOUR_API_KEY>"
Treat API keys like passwords. Don’t commit them to source control.
You’ll need:
NETWORK_ID — EVM chain ID (for example 1 for Ethereum, 8453 for Base)
NETWORK_ID
1
8453
ADDRESS — token contract address (checksummed or lowercase)
ADDRESS
Example:
export NETWORK_ID=1 export ADDRESS="0x0000000000000000000000000000000000000000"
Call your environment’s token analysis endpoint using X-API-Key authentication.
X-API-Key
Because the exact path can vary by deployment, use this as a template and map it to the endpoint described in Tokens.
curl "https://api.testmachine.ai/<TOKENS_ENDPOINT>?network_id=$NETWORK_ID&address=$ADDRESS" \ -H "X-API-Key: $TESTMACHINE_API_KEY"
If you paste the exact request format you’re using (method + URL + params), we can update the docs to match it precisely.
A successful response includes a behaviors array:
Use Behaviors to understand each identifier
Treat the result as an input into your onboarding and monitoring controls (manual review, policy checks, alerting)
{ "address": "0x…", "network_id": 1, "behaviors": ["pause", "upgrade", "confiscation"] }
If your request fails:
Confirm your API key setup in Authentication
Confirm the chain ID in Supported networks
Use Errors for status-code guidance
Read About TestMachine for architecture and modes of use
If you plan to run continuous monitoring (push mode), confirm the integration details for your environment and we’ll document the webhook/event format
Last updated 1 month ago
