Skip to main content

Documentation Index

Fetch the complete documentation index at: https://yieldxyz.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Important safety considerations when using AI assistants for Yield.xyz development. Follow these guidelines to protect your integration and users.

Security Guardrails

Never Share API Keys

Never paste API keys in AI prompts.
// ❌ Bad
"My API key is abc123xyz, why isn't it working?"

// ✅ Good
"My API key (a89db9a6***) returns 401, what could be wrong?"

Never Share Private Keys or Seed Phrases

AI assistants should never see private keys, seed phrases, or wallet credentials.If you need help with signing logic, use placeholder values:
// ✅ Safe
const privateKey = process.env.PRIVATE_KEY; // Never hardcode

Don’t Share User Data

Don’t include real user addresses or transaction data in prompts. Use test addresses or anonymize data.

Code Review Guardrails

Always Verify Generated Code

1

Read the Code

Understand what AI-generated code does before using it
2

Check API Calls

Verify endpoints and parameters match the API Reference
3

Verify Types

Check that TypeScript types match the actual API response schemas
4

Test in Staging

Never deploy untested AI code to production
5

Security Review

Check for vulnerabilities, especially around transaction signing

Common AI Mistakes

Watch for these common issues when using AI with Yield.xyz:
AI may suggest v1 API patterns or deprecated endpoints. Always verify against the current API docs.v1 (deprecated):
{ "addresses": { "address": "0x..." }, "args": { "amount": "1" } }
v2 (current):
{ "address": "0x...", "arguments": { "amount": "1" } }
AI often generates happy-path code. Add proper error handling for:
  • Network failures
  • API errors (400, 401, 404, 429, 500)
  • Transaction failures
  • Wallet connection issues
Watch for hardcoded:
  • API URLs (should use environment variables)
  • Yield IDs (may change or be deprecated)
  • Network names
  • Token addresses
Verify proper await/async patterns:
// ❌ Bad - missing await
const action = createEnterAction(yieldId, address, amount);

// ✅ Good
const action = await createEnterAction(yieldId, address, amount);
Yield.xyz returns transactions that must be executed in order (synchronous pattern). Don’t parallelize:
// ❌ Bad - parallel execution
await Promise.all(action.transactions.map(tx => signAndBroadcast(tx)));

// ✅ Good - sequential execution
for (const tx of action.transactions) {
  await signAndBroadcast(tx);
}
The passthrough field is required for manage actions and comes from the balance endpoint:
// ✅ Correct
const balance = await getBalances(yieldId, address);
const passthrough = balance.pendingActions[0].passthrough;
await manageAction(yieldId, address, "CLAIM_REWARDS", passthrough);

Verification Checklist

Before deploying AI-generated code:

API Endpoints

  • Correct base URL (https://api.yield.xyz)
  • Correct HTTP methods
  • Correct path parameters
  • Correct request body structure

Authentication

  • API key in x-api-key header
  • Key loaded from environment
  • No hardcoded keys

Error Handling

  • All API calls have try/catch
  • Rate limiting handled
  • User-friendly error messages

Transaction Flow

  • Sequential execution
  • Hash submission after each tx
  • Status polling implemented

Testing AI-Generated Code

1

Unit Tests

Test individual functions with mocked API responses
2

Integration Tests

Test against testnet yields (e.g., ethereum-holesky)
3

Manual Testing

Walk through flows manually before production
4

Code Review

Have a team member review the implementation

Resources

API Reference

Official API documentation

OpenAPI Spec

Machine-readable API specification

Swagger UI

Interactive API explorer

Security Docs

Security best practices

Next Steps

Quickstart

Integration guide

Security

Security best practices