Nunchuk Bitcoin Wallet API integration services

Self-custodial, but structured

Unlike custodial exchanges that gate data behind KYC-bound REST APIs, Nunchuk produces deterministic, descriptor-anchored data on the user's device. That makes it ideal source material for OpenFinance: the user proves ownership through cryptographic signatures rather than identity documents, and your backend can verify everything against the public Bitcoin chain.

Built for institutional workflows

Group wallets with end-to-end encrypted chat, scheduled transactions, spending limits, and key health checks already mirror corporate treasury patterns. Pulling those events out as a clean OpenData feed lets accounting, audit, and risk teams reconcile on-chain activity against the same approval trail the signers saw.

Inheritance & long-term planning

Nunchuk 2.0, announced on 12 November 2025, introduced an autonomous on-chain inheritance solution enforced by Bitcoin timelocks and Miniscript. Integrating that lifecycle — countdown state, beneficiary attestations, key-health pings — into family-office software is now a real, recurring deliverable.

1. Family-office treasury reporting

A multi-generational family runs three Nunchuk vaults: a daily 2-of-3, a long-term 3-of-5 cold vault, and a Zen Hodl miniscript template. Their CFO needs a single nightly statement. We export each vault's descriptor, scan UTXOs against an Electrum/Esplora full node, and emit a consolidated JSON feed plus a notarized PDF. Mapping: descriptor → address derivation → UTXO set → OpenFinance "account / balance / transactions" triple.

2. Bitcoin-native corporate treasury

A public company holds reserves in a 4-of-7 Nunchuk vault with hardware signers in three jurisdictions. Quarterly disclosures require attested balances and signer-by-signer approval logs for every spend. We hook PSBT lifecycle webhooks into the company's GRC system, flag any out-of-policy spends, and post an immutable audit trail to internal storage. Mapping: PSBT events → OpenFinance "payment initiation + four-eyes approval" pattern.

3. Estate & inheritance dashboards

An advisor manages 30+ inheritance plans built on Nunchuk's autonomous on-chain timelocks. Beneficiaries should see a countdown and a clean explainer, but no spending power until the timelock expires. We expose a read-only inheritance API that streams days_remaining, beneficiary_key_health, and last_proof_of_life. Mapping: miniscript state → OpenFinance "scheduled-transfer / contingent claim" feed.

4. Accounting & tax automation

A Bitcoin-only accounting firm imports Nunchuk activity for hundreds of clients into double-entry ledger software. We map each transaction to a chart-of-accounts entry (deposit, internal transfer, fee, lightning withdrawal), enrich it with USD price snapshots, and push the journal into QuickBooks or Xero via their existing connectors. Mapping: UTXO + label set → OpenFinance "categorized transaction" feed.

5. Risk & compliance screening

A regulated VASP that also serves self-custody users wants to screen incoming deposits against sanctions and chain-analytics risk before crediting. We chain Nunchuk's webhook-on-incoming-tx into a screening provider (e.g. Elliptic Lens, Chainalysis, MetaSleuth) and only release downstream credits when the risk score is below a configured threshold. Mapping: deposit webhook → OpenBanking-style "transaction screening" call → ledger update.

1. Vault statement export (REST)

POST /api/v1/nunchuk/statement
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>

{
  "wallet_id": "wlt_2of3_family_cold",
  "descriptor": "wsh(sortedmulti(2,[fp1/48h/0h/0h/2h]xpub.../0/*,...))",
  "from_block": 800000,
  "to_block": "tip",
  "format": "csv",
  "include_labels": true
}

200 OK
{
  "wallet_id": "wlt_2of3_family_cold",
  "transactions": 412,
  "first_seen": "2024-02-11T08:14:22Z",
  "last_seen": "2026-04-30T19:02:11Z",
  "download_url": "https://api.openfinance-lab.com/exports/abc123.csv",
  "expires_in": 3600
}

2. PSBT coordinator (Node.js pseudocode)

// Build, route, and finalize a PSBT across hardware signers
const psbt = await coordinator.build({
  walletId: 'wlt_4of7_corp',
  outputs: [{ address: 'bc1q...', sats: 50_000_000 }],
  feeRate: 'medium',
  rbf: true,
});

// Route to each signer in turn (NFC, USB, or air-gapped QR)
for (const signer of wallet.signers) {
  await coordinator.routeToSigner(psbt.id, signer.fingerprint);
}

// Wait until quorum is reached, then finalize and broadcast
const final = await coordinator.finalize(psbt.id, {
  broadcast: true,
  webhookUrl: 'https://your.app/hooks/nunchuk',
});

console.log(final.txid, final.signers_collected);

3. Webhook payload (incoming deposit)

POST https://your.app/hooks/nunchuk
X-Signature: t=1714670000,v1=8b...

{
  "event": "tx.received",
  "wallet_id": "wlt_2of3_family_cold",
  "txid": "9a3c...e1f",
  "block_height": 901234,
  "amount_sats": 25000000,
  "fee_sats": 1340,
  "address": "bc1qexample...",
  "labels": ["donations", "fund-2026"],
  "received_at": "2026-04-30T18:55:11Z"
}

// Verify HMAC, idempotency-key on txid+vout, then write to ledger.

4. Auth, error handling, idempotency

Authentication uses scoped bearer tokens (read:wallets, read:transactions, write:psbt, read:inheritance) issued per environment. Errors follow RFC 7807 with type, title, status, and instance fields. Every PSBT and webhook event ships with an idempotency key so retries are safe. Rate limits are surfaced via standard X-RateLimit-* headers. We deliver this as either source you self-host or a hosted endpoint with usage-based billing.

Regulatory framing

Self-custody changes the compliance shape but does not remove it. For US clients we align with FinCEN guidance on convertible virtual currency and the IRS's digital-asset reporting rules. For European users we follow GDPR data-minimization defaults and align outbound transfers with MiCA Title V scope where the counterparty is a regulated CASP. For VASP-to-VASP flows we support the FATF Travel Rule via IVMS-101 payloads.

Privacy by design

Zero KYC is one of Nunchuk's core promises, so we mirror it. Read-only integrations operate from public output descriptors, never private keys. We strip personal identifiers from logs by default, retain transactional metadata only for the contracted window, and ship optional Tor / full-node back-ends so network leakage stays under your control. Group-wallet chat content is processed in encrypted form unless your team explicitly opts into a decrypted archive.

About us

OpenFinance Lab is an independent technical studio focused on App protocol analysis and authorized API integration for fintech and digital-asset platforms. Our team includes engineers from banks, payment networks, Bitcoin core contributors, and mobile-protocol reverse engineers.

• Bitcoin descriptor / PSBT / miniscript tooling and SDKs
• Open-banking and OpenFinance API design (REST, gRPC, webhooks)
• Mobile reverse engineering for Android & iOS where authorized
• Accountancy and ERP connectors (QuickBooks, Xero, NetSuite, SAP)
• Source code delivery from $300 — runnable API source plus full documentation; pay after delivery upon satisfaction
• Pay-per-call API billing — hosted endpoints, usage-based pricing, no upfront cost

Contact

For quotes or to share your target app and requirements, open our contact page:

Contact page

Engagement workflow

1. Scope confirmation: which vaults, which data types, which downstream consumers.
2. Protocol & descriptor analysis (2–5 business days; longer if miniscript or group-wallet chat is in scope).
3. Build and internal validation against testnet and signet first (3–8 business days).
4. Documentation, OpenAPI spec, sample clients, and signed-off test cases (1–2 business days).
5. First production drop typically lands in 5–15 business days.

FAQ

Does Nunchuk publish a public REST API?

Can you export a vault's full transaction history?

Do I need to give you my seed or signing keys?

How long does delivery take?

How do you handle compliance for self-custodial Bitcoin data?