> ## Documentation Index > Fetch the complete documentation index at: https://yieldxyz.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # FAQs > Frequently asked questions about Yield.xyz ## General Yield.xyz is a unified, non-custodial yield infrastructure layer for crypto. Through a single API, you can integrate staking and DeFi yield opportunities into wallets, exchanges, fintech apps, and custody platforms — with standardized discovery, execution-ready transaction flows, and portfolio tracking. Yield.xyz is non-custodial. We do not hold funds and we do not sign transactions. We return ordered, unsigned transaction payloads and your platform signs and broadcasts using your own wallet or custody infrastructure. The integration follows a consistent pattern: **Discover** yields and metadata → **Generate** an action (`enter`, `exit`, `manage`) to receive ordered unsigned transactions → **Sign & submit** in your stack → **Track** lifecycle-aware balances and positions. See the [Quickstart](/documentation/quickstart) for the complete flow. Yield.xyz aggregates multiple on-chain yield categories including staking, liquid staking, restaking, DeFi lending/borrowing, vault strategies, and tokenized RWA yields where available. The canonical source is the [Supported Yields](/documentation/coverage/supported-yields) catalog. Coverage evolves over time. For the most accurate list, rely on [Supported Networks](/documentation/coverage/supported-networks), the [Providers catalog](/api-reference/ProvidersController_getProviders), and [Supported Yields](/documentation/coverage/supported-yields). Wallets adding staking/DeFi yield, custody platforms offering client-directed yield under signing policies, fintechs launching yield on crypto or stablecoin balances, and infrastructure teams building yield aggregation and automation. Yes. Yield.xyz is designed for product teams that need a standardized yield layer without giving up custody control. For special constraints (jurisdictions, custody model, allowlists), review the [Enterprise guides](/guides/enterprise/custody-signing-flows) or contact us. Most teams start with a sandbox/test environment for evaluation, then migrate to production once signing and operational checks are complete. [Register interest](https://dashboard.yield.xyz/sign-up/register-interest) to get provisioned. Yield selection is managed through catalog configuration and product policies. For staking, validator selection can be configured using [staking extensions](/documentation/advanced-setup/staking-extensions/preferred-validator-network) depending on your plan. *** ## Technical Include your API key in the `x-api-key` header. Your key should be treated as a secret and never embedded in client-side apps. See [Authentication](/api-reference/authentication) for details. Most integrations rely on three primitives: **Yields** (opportunities and metadata), **Actions** (`enter`, `exit`, `manage` returning unsigned transactions), and **Balances** (lifecycle-aware positions). See [Core Concepts](/documentation/core-concepts/actions). Common reasons: not enabled for your project, region/policy restrictions, temporary disablement due to incidents or risk controls, or protocol-level availability changes. Contact support with the yield identifier and project context. Some actions require multiple transactions (e.g., approval + deposit). Execute them in the order returned, wait for confirmation per step, and report submitted hashes back to Yield.xyz. See [Transaction Submission](/documentation/build-with-api/transaction-submission). **Enter**: request action → sign/submit → confirm → track balances. **Exit**: request action → sign/submit → confirm → track until settled. **Manage**: protocol-specific operations (claims, rebalances). Use balances as your source of truth. See [Enter/Exit Flows](/documentation/build-with-api/enter-exit-manage). Quick triage: **401** = key missing/invalid; **429** = rate limit exceeded (see [Rate Limits](/documentation/plans-limits/rate-limits)); **400** = invalid parameters; **500** = transient error, retry with backoff. Include endpoint, timestamp, request ID, and yield identifier when contacting support. Most issues come from wrong address/chain format, position in lifecycle transition, protocol-specific accounting delays, or indexing delays. Share wallet address, yield ID, transaction hash(es), and timeframe with support. Historical availability depends on plan and product surface. Review [DataKit](/documentation/kits/datakit) pages and confirm requirements with your account team. Share protocol/network name, target assets and yields, expected volume and timeline, and any custody/compliance constraints. We'll confirm feasibility and delivery path. *** ## Business Plans vary by product surface and scale. See [Plans & Limits](/documentation/plans-limits/plans-tiers) for current tiers, included usage, and applicable add-ons. Usage is metered based on your plan's pricing model. See [Compute Unit Pricing](/documentation/plans-limits/compute-unit-pricing) for how usage is measured and how overages are handled. **Staking**: validator economics can be passed through depending on configuration. **DeFi**: [OAVs](/documentation/oavs/overview) enable product-level fee configuration (deposit, management, performance) where supported. See [Fees](/documentation/core-concepts/fees) for details. Fee models are implemented through product configuration and OAVs for DeFi strategies. Your team controls how fees are presented and applied. See [Fees](/documentation/core-concepts/fees) and [OAVs](/documentation/oavs/overview). Timelines depend on vault model, chain coverage, and review requirements. Share your target assets, networks, and fee model with the team for a realistic estimate. Yes. Yield.xyz supports institutional use cases including custody signing flows, policy-controlled execution, and operational workflows. See [Enterprise guides](/guides/enterprise/custody-signing-flows). Enterprise pricing can be customized based on usage, coverage, and support needs. Contact us with expected volume and required features. Reporting capabilities depend on plan and product surface. For finance-grade reporting (positions, rewards, history), review [DataKit](/documentation/kits/datakit) and confirm requirements with your account team. *** ## Security SOC 2 Type I is completed. SOC 2 Type II is in progress. Report sharing is typically handled under NDA via your account team or security review process. Yield.xyz is designed around a non-custodial model (no keys, no custody). [Shield](/documentation/shield-security/shield) validates transaction intent before signing, and monitoring integrations detect suspicious activity. See [Security Overview](/documentation/shield-security/security-overview). Shield is a transaction validation layer that verifies unsigned transaction payloads before signing, reducing the risk of payload tampering and transaction-blind signing. See [Shield](/documentation/shield-security/shield). Contract and protocol risk varies by strategy and provider. Audit posture should be reviewed as part of listing policy. For institutional deployments, request the security package through your account team. API keys are scoped to projects/environments and should be treated like production credentials. Use rotation and least-privilege practices, revoke immediately if exposure is suspected. See [API Keys](/documentation/core-concepts/api-keys-authentication). Security controls for data handling are documented in the security review package. Request specifics (encryption standards, retention, sub-processors) through your account team. Incident handling and escalation are covered by operational/security processes for supported customers. Confirm formal incident SLAs as part of your enterprise agreement. Compliance posture depends on your integration model and the data you send. For formal attestations, refer to [Legal](/legal/terms-of-service) and request the compliance package where required. *** ## Support Email **[hello@yield.xyz](mailto:hello@yield.xyz)** for general support. Enterprise customers use their dedicated Slack/Telegram channel if provisioned. Most integrations follow: kickoff (scope, custody model, target assets) → sandbox integration and testing → security review (as needed) → production rollout and monitoring. See [Onboarding Guide](/guides/onboarding). Email support with: issue description, endpoint(s) affected, timestamp and environment, request/action/yield IDs, and sanitized request/response examples. Do not send secrets. Response times depend on your plan and support agreement. Confirm guaranteed SLAs as part of enterprise onboarding. Use your dedicated support channel (enterprise) or email with "URGENT" in the subject, including environment, affected endpoints, timestamps, and impact. Track public changes in the [Changelog](/changelog). For account-specific coordination, use your support channel or account team. Email **[security@yield.xyz](mailto:security@yield.xyz)** immediately. Do not disclose security issues publicly. Contact your account team or support to coordinate credential rotation, environment shutdown, and any required data/export steps based on your agreement. *** ## Still have questions? [hello@yield.xyz](mailto:hello@yield.xyz) [security@yield.xyz](mailto:security@yield.xyz)