# Token Approval Security API > Live audit of the token approvals (allowances) a crypto wallet has granted, and the risk of the contracts it has approved to spend its tokens — powered by the public GoPlus Security data, no key, nothing stored. Token approvals are the single most common way wallets get drained: once you approve a contract to move a token, a malicious or compromised spender can take it whenever it likes. This is the allowance-hygiene layer — the data behind tools like revoke.cash. The approvals endpoint lists every token a wallet has approved, who it approved (the spender contract), how much was approved and when, and whether that spender is flagged as malicious, trusted or unverified, together with a risk summary counting the dangerous approvals to revoke. The contract endpoint profiles a single spender contract before you approve it — its name, whether it is open-source, its creator, deploy time and risk tags. The chains endpoint lists the 40-plus supported blockchains. Catch wallet-draining allowances before they cost a user everything. This is the approval / allowance-risk cut — distinct from the token-contract-security, scam-detection and on-chain APIs in the catalogue. ## Authentication All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys. ```bash curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/approvalsecurity-api/..." ``` ## Pricing - **Free** (Free) — 12,000 calls/Mo, 3 req/s - **Builder** ($10/Mo) — 170,000 calls/Mo, 10 req/s - **Pro** ($28/Mo) — 760,000 calls/Mo, 28 req/s - **Scale** ($62/Mo) — 2,700,000 calls/Mo, 65 req/s ## Endpoints ### Approvals #### `GET /v1/approvals` — A wallet token approvals with spender risk **Parameters:** - `address` (query, required, string) — Wallet address Example: `0x28c6c06298d514db089934071355e5743bf21d60` - `chain` (query, optional, string) — GoPlus chain id (default 1=Ethereum) Example: `1` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/approvalsecurity-api/v1/approvals?address=0x28c6c06298d514db089934071355e5743bf21d60&chain=1" ``` ### Contract #### `GET /v1/contract` — A spender contract risk profile **Parameters:** - `contract` (query, required, string) — Spender contract address Example: `0x1111111254eeb25477b68fb85ed929f73a960582` - `chain` (query, optional, string) — GoPlus chain id (default 1) Example: `1` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/approvalsecurity-api/v1/contract?contract=0x1111111254eeb25477b68fb85ed929f73a960582&chain=1" ``` ### Chains #### `GET /v1/chains` — Supported blockchains **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/approvalsecurity-api/v1/chains" ``` ### Meta #### `GET /v1/meta` — Service metadata **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/approvalsecurity-api/v1/meta" ``` --- Marketplace page: https://www.oanor.com/api/approvalsecurity-api OpenAPI spec: https://www.oanor.com/api/approvalsecurity-api/openapi.json