Skip to main content
POST
/
api
/
admin
/
operations
/
destructive
/
{action}
/
propose
curl --request POST \ --url https://mcp.echozero.app/api/admin/operations/destructive/{action}/propose \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "userId": "64f0f0000000000000000001" } '
{
  "success": true,
  "data": {
    "actionId": "<string>",
    "status": "<string>",
    "confirmationToken": "<string>",
    "expiresAt": "2023-11-07T05:31:56Z",
    "requiresSecondApproval": true,
    "dryRun": {}
  }
}

Authorizations

Authorization
string
header
required

User JWT access token issued by POST /api/auth/verify or POST /api/auth/social/verify. Routes that accept both auth modes declare api-key and bearer-jwt security schemes.

Headers

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Path Parameters

action
enum<string>
required
Available options:
suspend_user,
unsuspend_user,
force_close_strategies,
freeze_wallet,
unfreeze_wallet,
issue_refund,
pause_all_trades

Body

application/json
userId
string
strategyId
string
strategyIds
string[]
amountUsd
number
source
string
metadata
object

Response

201 - application/json

Action proposed.

success
boolean
required
Example:

true

data
object
required

Endpoint-specific payload