List entitled 0Pools
GET /pools - List pools this partner is entitled to, including partner-visible availability.
0Pools API pages are for approved headless partners. They cover the partner-visible quote, transact, status, trade, and balance lifecycle only.
Endpoint
| Field | Value |
|---|---|
| Method | GET |
| Path | /pools |
| Area | Pools |
| Operation id | listPools |
| Auth boundary | Publishable key (pk_*), discovery only. No body, no side effects. |
Use it for
List the pools your organization is entitled to. This is the discovery entry point for the headless lifecycle: read it first, present the entitled pairs to your own surface, then drive quotes and trades with your secret key.
Use this endpoint only for the partner-scoped resource it describes. Store your own reference id, the returned 0Bit object id, the request id, and the current status so support and reconciliation do not depend on browser callbacks alone.
Authentication
GET /pools is the one Pools read that accepts a publishable key. Publishable keys are discovery-only: they can list entitled pools, but they cannot quote, transact, read balances, or read trades. Every other Pools call requires a secret key from your server.
Publishable keys are read-only discovery
A pk_* key scopes to your organization and lists entitled pools. It never moves money and never returns
balances, quotes, or trades. Keep sk_* keys server-side and use them for the rest of the lifecycle. Sending
a key in the wrong mode returns 403 with code key_mode_mismatch.
Partner scoping
The response contains only the pools your organization is entitled to. Entitlement is operator-provisioned per partner by 0Bit; it is not self-serve. Pools you are not entitled to are not hidden behind a 403 — they simply do not appear in the pools array. There is no way to enumerate, infer, or address another partner's pools through this endpoint.
Because the list is already partner-scoped, treat an empty pools array ({ "pools": [] }) as "no pools provisioned yet for this key/environment," not as an error.
Request
curl -X GET https://pools-api.0bit.app/v1/pools \
-H "Authorization: Bearer pk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"This call takes no query parameters and no body. Every response carries an X-Request-Id header; log it alongside your own reference ids.
Response
200 OK returns a JSON object with a pools array of entitled pool objects.
{
"pools": [
{
"id": "EUR-USDT",
"pair": "EUR/USDT",
"fiatCurrency": "EUR",
"cryptoCurrency": "USDT",
"available": true
},
{
"id": "EUR-USDC",
"pair": "EUR/USDC",
"fiatCurrency": "EUR",
"cryptoCurrency": "USDC",
"available": false
}
]
}| Field | Type | Use it for |
|---|---|---|
pools | array | The list of entitled pool objects. Empty ([]) when no pools are provisioned for this key. |
id | string | The pool id to pass to POST /pools/{id}/quote, /transact, /balance, and /capabilities. Pair-shaped, e.g. EUR-USDT. |
pair | string | Display label for the corridor, e.g. EUR/USDT. |
fiatCurrency | string | Fiat side of the pair. |
cryptoCurrency | string | Crypto side of the pair. |
available | boolean | The pool's current partner-visible availability. |
available is a snapshot, not a guarantee
Use available to populate and order your UI choices. It reflects current partner-visible availability, not a
promise that a future quote will succeed. Pricing is resolved at quote time, where an unavailable route
returns a fail-soft response (available: false) instead of a stale lock.
Additional partner-visible fields may appear in the object. Branch only on the documented fields above, and do not depend on field ordering or undocumented attributes. To read a specific pool's supported networks, sides, fees, and limits, call GET /pools/{id}/capabilities with your secret key rather than hard-coding them.
Production rules
- Send the call from your server with a publishable key; secret keys never belong in client bundles.
- Cache the list lightly and refresh it; entitlement and availability change over time.
- Hide pools whose
availableisfalserather than offering them and failing at quote. - Branch on machine-readable
id,available, errorcode, and theX-Request-Idheader. - Treat examples and placeholder ids as fake data only.
Errors
Errors use the unified envelope. Branch on type and code; never parse the human-readable message.
{
"type": "forbidden",
"code": "key_mode_mismatch",
"message": "Example access error using fake data.",
"request_id": "req_test_000000000123",
"doc_url": null,
"statusCode": 403
}| Status | type | code | Meaning |
|---|---|---|---|
401 | unauthorized | — | Missing or invalid key. Fix credentials before retrying. |
403 | forbidden | key_mode_mismatch | Key used in the wrong mode (for example sending a secret key, or a key from the wrong environment, to this publishable-key route). |
429 | rate_limited | — | Throttled. Back off and retry; respect the limit guidance. |
500 | server_error | — | Transient server failure. Retry with bounded backoff. |
403 here means key mode only
On discovery, a 403 carries a single code: key_mode_mismatch — correct the key mode and retry. Pool-level
denials (such as pools_not_enabled, suspended access, or unapproved KYC) surface on the secret-key pool
endpoints, not on this publishable-key list.
Public boundary
This reference covers partner-visible discovery, quote, transact, status, trade, and balance behavior. Liquidity operations, routing internals, provider details, reserve logic, and runbooks are outside the public API contract. 0Pools is gated early access, provisioned per partner by 0Bit — not general availability, and not self-serve.