Skip to main content
POST
/
api
/
admin
/
operations
/
destructive
/
{action}
/
confirm
curl --request POST \
  --url https://mcp.echozero.app/api/admin/operations/destructive/{action}/confirm \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "confirmationToken": "short-lived-token",
  "reason": "Customer support ticket #1234"
}
'
{
  "success": true,
  "data": {
    "actionId": "<string>",
    "status": "<string>"
  }
}

Authorizations

Authorization
string
header
required

User JWT access token issued by POST /api/auth/verify or POST /api/auth/social/verify. Routes that accept both auth modes declare api-key and bearer-jwt security schemes.

Headers

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Path Parameters

action
enum<string>
required
Available options:
suspend_user,
unsuspend_user,
force_close_strategies,
freeze_wallet,
unfreeze_wallet,
issue_refund,
pause_all_trades

Body

application/json
confirmationToken
string
required
reason
string
required

Response

201 - application/json

Action confirmed.

success
boolean
required
Example:

true

data
object
required

Endpoint-specific payload