Arculus Wallet API integration & crypto OpenData export

OpenData · Cold storage · Self-custody · WalletConnect · Protocol analysis

Bring Arculus Wallet balances, transactions and NFTs into your OpenFinance stack

Arculus, built by CompoSecure, is a self-custody cold-storage solution that stores private keys on a CC EAL6+ metal Key Card and signs transactions via NFC tap. The card never connects via USB, Bluetooth, or cable, yet the companion app continuously surfaces structured on-chain data: addresses, balances, transaction history, NFT holdings, staking positions and WalletConnect sessions. That dataset is exactly what OpenData and OpenFinance pipelines need to feed tax engines, treasury dashboards, portfolio risk models, and compliance ledgers.

Why this app's data matters: Arculus holds public addresses across 27+ blockchains (Bitcoin, Ethereum, Polygon, BSC, Cardano, Solana, Cosmos, Litecoin, Polkadot, XRP and more), covering roughly 95% of the crypto market cap and thousands of ERC-20 / BEP-20 tokens — a single integration unlocks portfolio-wide visibility.

NFT & Web3 surface: Ethereum and Polygon NFT inventories plus a WalletConnect bridge to OpenSea, SuperRare, Uniswap, Aave and other DApps — perfect for collector dashboards or DeFi position tracking.

3-factor security context: biometric + 6-digit PIN + physical card. Integrations never request seed phrases or private keys; we only consume signed approvals and public address data.

What we deliver

Every Arculus engagement ships with runnable source code, an OpenAPI specification, a protocol-analysis report, and a compliance brief tailored to your jurisdiction. We do not deliver scaffolding — every endpoint is wired against live RPCs, indexers or signed WalletConnect sessions and validated end-to-end before handover.

Deliverables checklist

OpenAPI 3.1 specification covering address registration, balance polling, transaction export and NFT listing
Protocol report: how the Arculus app derives xpubs, paginates Etherscan/BscScan/Mempool calls, and brokers WalletConnect handshakes
Runnable Python (FastAPI) and Node.js (Express) reference servers — Docker images included
Postman collection plus pytest / vitest integration tests against testnet and mainnet
Compliance brief: MiCA, FATF Travel Rule thresholds, GDPR data-retention guidance

Feature module — balance & portfolio

A normalized balance endpoint that fans out across each blockchain bound to a user's Arculus Key Card (BTC UTXO scan, ETH/EVM eth_getBalance + ERC-20 balanceOf, Solana getTokenAccountsByOwner, Cardano UTxO) and returns a single JSON object with fiat valuations from Chainlink and CoinGecko feeds. Use for treasury dashboards or pre-trade risk checks.

Feature module — transaction history

Paginated transaction export with filters by chain, asset, direction (in / out / self), counterparty address, and date range. Each row includes block height, timestamp, tx hash, gas / fee, USD value at execution time and a deterministic counterparty label when known. Powers reconciliation, Form 8949 filings, and AML monitoring.

Feature module — NFT inventory

Ethereum (ERC-721 / ERC-1155) and Polygon NFT enumeration with metadata resolution, floor-price lookup, and OpenSea / SuperRare collection mapping. Returns a single inventory document per Arculus address that downstream gallery, insurance, or proof-of-ownership systems can consume.

Feature module — WalletConnect bridge

Server-side WalletConnect v2 session manager that mirrors what the Arculus app does locally: receive a DApp pairing URI, surface the approval scope, route signing requests back to the user's mobile app, and persist an audit trail of every approved eth_sendTransaction and personal_sign event.

Feature module — staking & rewards

Read-only staking positions and reward accruals for Cardano (ADA), Solana (SOL) and Cosmos (ATOM) addresses. Useful for tax engines that need to classify staking income separately from capital-gains events, and for back-office tools that monitor delegation health and slashing risk.

Data available for integration

Arculus is fundamentally a key-management surface in front of public blockchains, which makes the OpenData mapping unusually clean: every datum below is either signed by the Key Card or read from a public RPC against an address the card controls. The table below summarises what we expose, where it originates in the app, and what business problems it solves.

Data type	Source (in-app screen / capability)	Granularity	Typical use
Public addresses (xpub / derived)	"Receive" screen per asset; account derivation paths	One per chain / account index	Address book hygiene, on-chain analytics, allowlists
Native balances	"Portfolio" home screen; per-asset detail	Real-time on-chain reads	Treasury dashboards, pre-trade risk, NAV reporting
Token balances (ERC-20 / BEP-20 / SPL)	Custom-token list + automatic asset detection	Per token contract	Portfolio analytics, custom-asset rebalancing
Transaction history	"Activity" / per-asset tx list	Per tx hash, with metadata	Tax reporting, audit trails, AML review
NFT inventory	"NFTs" tab (Ethereum / Polygon)	Per token ID + metadata	Gallery apps, collateral valuation, insurance
Staking positions	Cardano / Solana / Cosmos staking flows	Per delegation / validator	Yield accounting, slashing alerts
WalletConnect session log	WalletConnect pairing screen	Per session + per request	DeFi compliance, DApp usage analytics
Swap / send history	Built-in swap and send flows	Per execution	Trade reconciliation, slippage analysis

Typical integration scenarios

1. Crypto tax engine sync

Context: An accounting firm onboards a client who holds long-term BTC, ETH and ADA on Arculus. Data & APIs: address registration endpoint, paginated /transactions with cost-basis-friendly fields, and a CSV export endpoint compatible with Koinly and CoinTracking. OpenData mapping: follows the same shape as Open Banking statement endpoints — date, amount, currency, counterparty, reference — but with on-chain primitives substituted for IBANs.

2. DeFi position monitoring

Context: A family office wants real-time visibility into Aave, Uniswap and Lido positions opened from an Arculus card via WalletConnect. Data & APIs: WalletConnect session log, plus an enriched /positions endpoint that resolves LP tokens, debt positions and yield accruals. OpenData mapping: parallels OpenBanking "product holdings" endpoints — each open DeFi position becomes a structured holding row.

3. NFT collateral valuation

Context: A lender accepts blue-chip NFTs as collateral. Data & APIs: NFT inventory endpoint per Arculus address, floor-price feed, and a verification endpoint that issues a fresh signed challenge through the Arculus Auth SDK to prove current control. OpenData mapping: behaves like an asset-verification rail in OpenFinance — proof of ownership delivered through a cryptographic signature instead of a bank-confirmed statement.

4. Compliance & Travel Rule attribution

Context: A licensed CASP must attach originator data to outbound transfers above EUR 1,000 under MiCA. Data & APIs: outbound transaction webhook, IVMS-101 originator payload builder, and an unhosted-wallet attestation flow that proves a customer controls their Arculus card. OpenData mapping: aligns with FATF Recommendation 16 messaging and EU Transfer of Funds Regulation requirements.

5. Passwordless enterprise login

Context: An exchange wants its institutional users to authenticate with the same Arculus Key Card they use for self-custody. Data & APIs: integration of the Arculus Auth SDK (FIDO2 / WebAuthn) for passwordless login and transactional authorization, plus an audit-trail export endpoint. OpenData mapping: brings strong-customer-authentication signals into the OpenFinance access-control plane.

Technical implementation

Below are three representative endpoints from the reference server. The full OpenAPI spec covers address binding, balance polling, transaction export, NFT inventory, WalletConnect brokering, staking, and webhooks. Authentication uses short-lived bearer tokens issued after a signed proof-of-control challenge.

Auth: proof-of-control challenge

POST /api/v1/arculus/auth/challenge
Content-Type: application/json

{
  "address": "0x9a8f...e21d",
  "chain": "ethereum",
  "client_id": "of-lab-acct-019"
}

200 OK
{
  "challenge": "Sign-in to OpenFinance Lab at 2026-05-11T10:02:11Z nonce=8c1f...",
  "expires_in": 300
}

# The user taps their Arculus Key Card; the signed message is returned:
POST /api/v1/arculus/auth/verify
{
  "address": "0x9a8f...e21d",
  "signature": "0x7c...91",
  "challenge_id": "ch_01HXY..."
}

200 OK
{ "access_token": "eyJhbGciOi...", "expires_in": 3600 }

Statement export — transactions

POST /api/v1/arculus/transactions
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "addresses": ["bc1q...", "0x9a8f...e21d", "addr1q..."],
  "from_date": "2026-01-01",
  "to_date":   "2026-05-11",
  "chains":    ["bitcoin", "ethereum", "cardano"],
  "format":    "json"
}

200 OK
{
  "page": 1, "page_size": 100, "total": 247,
  "items": [
    {
      "tx_hash": "0x52a...c11",
      "chain": "ethereum",
      "timestamp": "2026-04-12T08:11:42Z",
      "direction": "out",
      "asset": "USDC",
      "amount": "1500.00",
      "fee": "0.00214",
      "usd_value_at_tx": 1500.00,
      "counterparty": "0xUNI...router"
    }
  ]
}

Webhook — WalletConnect signing event

POST https://your-callback.example.com/webhooks/arculus
X-Arculus-Signature: t=1747000000,v1=4d2a...
Content-Type: application/json

{
  "event": "walletconnect.request.approved",
  "session_id": "wc_01HXZ...",
  "dapp": { "name": "Uniswap", "url": "https://app.uniswap.org" },
  "method": "eth_sendTransaction",
  "chain": "ethereum",
  "address": "0x9a8f...e21d",
  "tx_hash": "0x91b...004",
  "approved_at": "2026-05-11T09:55:08Z"
}

# Error envelope is consistent across endpoints:
{
  "error": {
    "code": "rate_limited",
    "message": "Indexer backoff; retry in 12s",
    "retry_after": 12
  }
}

Compliance & privacy

Regulatory alignment

Self-custody integrations sit inside a fast-moving regulatory perimeter. We design every Arculus build around MiCA (in full force across the EU since 30 December 2024), the EU Transfer of Funds Regulation and the FATF Travel Rule. For transfers to or from unhosted wallets above EUR 1,000, attestation of control through a card-signed message is wired in by default. US deployments add FinCEN-style record-keeping; UK deployments map to the FCA cryptoasset financial-promotions regime.

Data minimisation & consent

Private keys never leave the Arculus Key Card. Our APIs only ever request public addresses, signed challenges and explicit user consent for each scope (read balances, read transactions, broker DApp sessions). Consent records, request logs, IP and user-agent metadata are kept for the retention window your jurisdiction requires (e.g. five years in the EU under AMLD), then purged via a documented job.

Security posture

The Arculus Key Card is CC EAL6+ certified — among the highest assurance levels for commercial secure elements. We complement that with mTLS between services, signed webhooks (HMAC-SHA256), short-lived access tokens, IP allowlisting per tenant, and an annual external review of the protocol-analysis report.

Data flow / architecture

A typical pipeline has four nodes: (1) Arculus app & Key Card — user taps the card to sign challenges or transactions; (2) OpenFinance Lab ingestion layer — verifies signatures, normalises across chains, brokers WalletConnect; (3) Storage — append-only event store (Postgres + S3) plus a hot Redis cache for balances; (4) Analytics & API output — REST + webhook delivery to your tax engine, dashboard, compliance ledger, or BI warehouse (BigQuery, Snowflake). Every hop is logged with a deterministic request ID so events can be replayed if a downstream system goes offline.

Market positioning & user profile

Arculus is marketed primarily to North American long-term crypto holders who want a card-form-factor cold wallet without USB, Bluetooth or charging — a clear contrast with Ledger and Trezor's dongle form factor. The user base skews B2C self-custody, but CompoSecure also markets enterprise solutions to crypto exchanges and DAOs for institutional cold storage. Distribution is mostly US (direct + Amazon), with expanding EU and APAC availability. Both Android and iOS apps are first-class, and the in-2024 NFT + WalletConnect launch widened the audience to Web3 collectors and DeFi participants who previously chose MetaMask-tethered hardware wallets.

Screenshots

Click any thumbnail to enlarge. Screenshots reproduced from the Google Play listing for illustrative purposes.

Similar apps & integration landscape

Teams that integrate Arculus Wallet often manage neighbouring datasets from other hardware wallets and Web3 apps. We work across all of the following, and a single unified OpenData layer typically delivers more value than any one-off integration on its own.

Ledger — Industry-leading USB hardware wallet (Nano S Plus / Nano X) with Ledger Live data; common to need unified transaction exports across Ledger + Arculus holdings.

Trezor — Open-source hardware wallet by SatoshiLabs. Trezor Suite holds balance and account metadata that pairs naturally with cross-wallet portfolio dashboards.

Tangem — NFC card-based wallet, the closest form-factor peer to Arculus. Teams often want a single API that abstracts away which card signed which transaction.

CoolWallet — Card-shaped Bluetooth wallet with three-factor authentication. Holds transaction history and DApp connection data similar to Arculus.

SafePal — Air-gapped hardware wallet with a mobile app exposing balances, swaps and on-ramp records.

D'CENT — Biometric and card hardware wallets popular in APAC; the app exposes multi-chain holdings useful for unified reporting.

Cypherock — Shamir-secret-sharing hardware wallet; holds the same shape of address-and-transaction data that Arculus exposes.

ELLIPAL Titan Mini — Fully air-gapped wallet with QR-code transaction signing; integration scope mirrors Arculus minus the WalletConnect bridge.

Blockstream Jade — Bitcoin-focused hardware wallet that pairs with the Blockstream Green app; useful for BTC-only portfolio overlays.

Koinly / CoinTracking — Not wallets, but the dominant downstream consumers of Arculus-style transaction exports for tax filings and accounting.

About our studio

OpenFinance Lab is an independent engineering studio focused on app protocol analysis and OpenData / OpenFinance / OpenBanking integrations. Our team blends backgrounds in fintech engineering, mobile reverse engineering, blockchain indexing and regulatory advisory. We have shipped production integrations across exchanges, custodians, neobanks, retail payments and self-custody wallets.

Fintech, custodial & non-custodial wallets, exchanges, payments
Mobile protocol analysis for Android & iOS, with FIDO2 / WebAuthn experience
Python, Node.js, Go and Rust reference SDKs plus full test harnesses
End-to-end delivery: scope → analysis → build → validation → compliance
Source code delivery from $300 — runnable API source code and full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — access our hosted endpoints and pay only per call; no upfront cost

Contact

Send us the target app, the data scope you need (balances, transactions, NFTs, WalletConnect events) and any existing sandbox or developer-platform credentials. We will reply with a fixed-price quote and a delivery timeline.

Contact page

Engagement workflow

Scope confirmation: which Arculus data (balance, transactions, NFTs, WalletConnect, staking) and which downstream consumers.
Protocol analysis & API design (2–5 business days) — including address derivation, indexer choice and Auth SDK scope.
Build & internal validation (3–8 business days) across mainnet and at least one testnet per chain.
Docs, samples, Postman, and integration tests (1–2 business days).
Typical first delivery: 5–15 business days; multi-chain or compliance-heavy stacks may extend.

FAQ

Does Arculus Wallet expose an official public API for balances and transactions?

CompoSecure publishes a developer platform at developers.getarculus.com focused on the Arculus Auth / FIDO2 SDK, while wallet-level balances and transaction history are read from on-chain public RPCs and indexers using each address held on the Arculus Key Card. Our integration combines both into a single OpenData-style REST surface for your stack.

How long does an Arculus Wallet integration take?

A first delivery covering address registration, balance polling, transaction export and NFT inventory typically takes 5 to 12 business days. WalletConnect session brokering and staking-reward feeds for Cardano, Solana or Cosmos may extend the timeline.

How is compliance handled for self-custody wallets like Arculus?

We operate under documented public APIs and signed user authorization. For EU transfers above EUR 1,000 we attach Travel Rule originator and beneficiary metadata in line with MiCA and the EU Transfer of Funds Regulation, and we provide consent records, request logging and data-minimization guidance.

Can the integration sync with tax tools like Koinly or CoinTracking?

Yes. We expose normalized transaction rows (timestamp, chain, direction, asset, amount, fee, tx hash) and CSV/JSON exports compatible with Koinly, CoinTracking, CoinLedger and Coinpanda intake formats so users can produce IRS Form 8949 or HMRC-ready filings without manual reconciliation.

📱 Original app overview (appendix)

Arculus is a next-generation crypto cold-storage solution from CompoSecure, a 20-year veteran of security, payment and digital-asset storage technology. The product has two parts that always work together: a sleek metal Arculus Key Card with an embedded CC EAL6+ Secure Element that holds the user's private keys, and a mobile Arculus Wallet App for Android and iOS.

Authentication uses three factors — something the user is (biometric), something they know (a 6-digit PIN), and something they have (the Key Card itself). There are no cables, no Bluetooth, no USB and no charging; the user simply enters a PIN and taps the card to the back of the phone over NFC to sign a transaction.

The wallet is strictly non-custodial — CompoSecure does not hold user funds, cannot access private keys and cannot freeze or recover accounts. As of 2025, Arculus supports 27+ blockchains and roughly 95% of the crypto market cap, including Bitcoin, Ethereum, Polygon, BSC, Cardano, Solana, Cosmos, Litecoin, Polkadot and XRP, along with thousands of ERC-20 and BEP-20 tokens. Staking is available for Cardano, Solana and Cosmos, and the in-app NFT tab supports Ethereum and Polygon collections.

A 2023 update brought NFT support and a WalletConnect integration, enabling Arculus to connect to DApps such as OpenSea, SuperRare, Uniswap and Aave while keeping the signing keys inside the metal card. CompoSecure also runs a developer platform at developers.getarculus.com that exposes the Arculus Auth / FIDO2 SDK for passwordless authentication and transactional authorization in third-party apps. Cards can be purchased at getarculus.com.