RPC Reference

All Cocoon RPC methods are available via the standard JSON-RPC 2.0 interface at the backend proxy endpoint (http://localhost:8546 by default). Every method follows the same envelope format:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "namespace_methodName",
  "params": [...]
}

Standard Ethereum namespaces (eth_, net_, web3_) are also available and behave as per the Ethereum JSON-RPC specification.

token_ — Permissioned Tokens

The token_ namespace provides the full lifecycle for ERC-3643 permissioned tokens: deployment, minting, transfers, compliance, NAV publishing, and document management.

Deployment

token_deploy

Deploy a new ERC-3643 permissioned token contract.

assetType defaults to fund. denominatedCcy defaults to USD for funds, and to the token symbol for stablecoins.

Minting and Burning

token_mint

Mint tokens to a single address. Requires the caller to have the Operator or Admin role.

token_batchMint

Mint tokens to multiple addresses in a single transaction.

token_burn

Burn tokens from an address. The caller must own the tokens or have an approved allowance.

Token Controls

token_pause

Pause all transfers on a token. Only callable by the token owner.

token_freeze

Freeze transfers to or from a specific address.

token_forcedTransfer

Execute a forced transfer between two addresses, bypassing standard compliance checks. Requires Admin role. Used for regulatory recovery scenarios.

token_recovery

Recover tokens from a lost wallet by transferring the full balance to a new address. Both the old and new addresses must have verified identities linked to the same investor record.

token_canTransfer

Dry-run a transfer to check whether compliance rules permit it, without submitting a transaction.

Investor Onboarding

token_onboardInvestor

Register an investor address against the token's identity registry. The investor must already have an on-chain identity (see id_createIdentity).

token_getHolders

Return a paginated list of current token holders with their balances.

token_getHolder

Return detailed information for a single holder.

token_getTokenInfo

Return static and dynamic metadata for a token.

NAV and Pricing

token_publishNAV

Publish a new Net Asset Value for a fund token. The NAV is stored on-chain and used by subscription/redemption calculations.

token_publishPrice

Publish a generic price feed entry for a token (used for non-NAV instruments such as bonds or stablecoins with FX rates).

token_getFeedHistory

Retrieve historical NAV or price feed entries.

Fund Balance Sheet

token_getFundBalanceSheet

Return a snapshot of a fund token's balance sheet, showing liabilities (shares outstanding, NAV, AUM) and assets (stablecoin reserves, DBC bridge reserves, and bank cash).

Compliance Modules

token_addComplianceModule

Attach a compliance module contract to a token. Modules are called on every transfer and can block or modify it.

token_setCountryAllowList

Configure the country allow-list compliance module. Only investors with identity claims matching an allowed country code can hold the token.

token_setMaxBalance

Set the maximum token balance any single investor may hold.

Document Management

token_publishDocument

Attach a document to a token. The document content is stored via the torrent layer; only the content hash and metadata are stored on-chain.

token_getDocument

Retrieve a document record by ID.

token_listDocuments

List all documents attached to a token.

Subscriptions and Redemptions

token_subscribe

Subscribe to a fund token by exchanging a stablecoin amount for token shares at the current NAV.

token_redeem

Redeem token shares for the underlying stablecoin at the current NAV.

id_ — Identity

The id_ namespace manages on-chain identities, claims, and claim access control using the OnchainID / ERC-734/735 standard.

id_createIdentity

Deploy a new on-chain identity contract for an investor address.

id_issueClaim

Issue a signed claim to an identity. The caller must be a trusted claim issuer registered in the TrustedIssuersRegistry.

The topic field uses the ERC-735 claim topic registry. Registered topics:

id_getClaim

Retrieve a claim by its ID.

id_grantClaimAccess

Grant a third party (e.g. a regulator or auditor) read access to an encrypted claim document stored via the torrent layer.

id_revokeClaim

Revoke a previously issued claim.

id_getIdentity

Look up the on-chain identity address for a wallet address.

id_submitKycApplication

Submit a KYC application for a given identity and claim topic, attaching supporting documents for issuer review.

id_getKycApplication

Return the current status and metadata of a previously submitted KYC application.

status values: pending, approved, rejected.

id_reviewKycApplication

Approve or reject a KYC application. Caller must be the trusted claim issuer for the relevant topic. Approving the application issues the claim on-chain.

id_renewClaim

Renew an expiring claim. The issuer re-runs verification and replaces the old claim with a new one carrying an extended expiry.

dbc_ — Confidential Cash

The dbc_ namespace provides the full lifecycle for Digital Bearer Certificate (DBC) confidential value transfer: minting from ERC-20, private transfers, melting back to ERC-20, and regulated payment envelopes for institutional compliance.

dbc_mint

Lock ERC-20 tokens in the bridge and create a confidential DBC note.

dbc_melt

Spend a DBC note and release the corresponding ERC-20 amount from the bridge.

dbc_transfer

Spend input notes and create output notes using a ring signature and range proof.

dbc_getBalance

Scan the note pool for outputs belonging to the caller's view key and return the spendable balance.

dbc_getEscrow

Return the aggregate DBC bridge escrow holdings across all token symbols. Intended for fund manager use to monitor DBC reserves backing the fund.

dbc_sendRegulatedPayment

Send a UCAN-wrapped DBC payment envelope with per-recipient selective disclosures and optional Travel Rule attachments.

dbc_getPaymentReceipt

Return the status and signed receipt for a regulated DBC payment once the counterparty has confirmed it.

status values: pending, confirmed, rejected, refunded.

auth_ — Authorization

The auth_ namespace exposes the UCAN capability system and session management. UCAN delegations are encoded as JWTs and attached to transactions via EIP-8141 frame envelopes.

auth_login

Verify a Sign-In with Ethereum (SIWE) signature, discover the caller's on-chain roles, and return a UCAN session token.

RoleSet structure:

auth_getSession

Check the validity and remaining lifetime of an existing session token.

auth_refreshRoles

Re-discover on-chain roles for the authenticated user without requiring a new SIWE sign-in. Useful when on-chain role assignments change while a session is active.

auth_createDelegation

Create a UCAN capability delegation, granting an audience address the ability to invoke specified methods on behalf of the issuer.

auth_verify

Verify that a delegation JWT is valid, unexpired, and not revoked.

auth_inspect

Decode and return the contents of a delegation JWT without verifying chain or revocation status.

auth_revoke

Revoke a previously issued delegation. Writes the delegation CID to the on-chain revocation registry.

qm_ — QMTree State

The qm_ namespace exposes the QMTree Merkle state commitment. QMTree is the core data structure used to generate ZK proofs and verify state transitions.

qm_getRoot

Return the current QMTree root hash at a given block.

qm_getLeaf

Return the value and position of a leaf node in the QMTree.

qm_getProof

Return a Merkle inclusion proof for a leaf node.

qm_call

Execute a read-only contract call against the QMTree state at a given root (without requiring the full chain state). Used for off-chain verification workflows.

qm_callProof

Execute a contract call and return both the result and a proof of correct execution against the given QMTree root.

qm_verifyProof

Verify an execution proof against a given QMTree root without re-executing the call.

qm_getKeyProof

Return a proof of the current value bound to a key, suitable for use in a SNARK circuit.

qm_getExclusionProof

Return a proof that a key does not exist in the QMTree (non-membership proof).

proof_ — ZK Proofs

The proof_ namespace manages ZK proof generation, batching, and status queries. Proofs are generated by the Zilkworm prover and posted to Ethereum by the proof pipeline.

proof_getProof

Return the ZK proof for a specific block.

ProofStatus values: pending, generating, ready, posted, failed.

proof_getProofStatus

Return only the status of a proof, without the proof data itself.

proof_getBatchProof

Return the aggregate ZK proof for a batch of blocks.

proof_getLatestProved

Return the block number and state root of the most recently proved (and Ethereum-posted) block.

erigon_ — Storage and WebF Extensions

The erigon_ namespace exposes Cocoon's extended storage and web hosting capabilities: torrent-backed document storage and on-chain web site publishing via WebF.

Torrent Storage

erigon_resolveTorrent

Resolve a torrent-ccip content reference to its current download metadata.

erigon_publishTorrent

Publish a new torrent and write its on-chain content reference. The file data must be accessible to the node's torrent storage backend.

erigon_getInscription

Retrieve an on-chain inscription (small content blob written directly into a transaction's calldata via EIP-8141 frame).

WebF — On-Chain Web Hosting

erigon_publishWebSite

Publish a static web site by bundling its files into a torrent and writing the content root on-chain. The site is then accessible via the WebF gateway.

erigon_getWebSite

Retrieve metadata for a published web site.

erigon_listWebSites

List all published web sites, optionally filtered by owner.

fx_ — FX Oracle

The fx_ namespace provides foreign exchange rate management for the Cocoon platform. Supported pairs: EUR/USD, EUR/CHF, EUR/GBP, GBP/USD, USD/CHF, GBP/CHF.

fx_getRates

Return all current FX rates from the oracle.

fx_getRate

Return the current FX rate for a single currency pair.

fx_setRate

Set the FX rate for a currency pair. Requires Admin or Oracle role.

fx_convert

Convert an amount from one currency to another using the current oracle rate.

events_ — Event Stream

events_getLatest

Return the most recent chain events up to the requested count.

events_getLogs

Return events matching a filter (block range, address, topics).

stats_getChainStats

Return aggregated chain-level statistics.

stats_getFundStats

Return fund-level statistics for a specific token.

HTTP REST API

The backend proxy (port 8546) exposes REST endpoints alongside the JSON-RPC interface for IBAN account lookups, audit log queries, and permission management. These are not JSON-RPC methods — they are standard HTTP endpoints.

Health

GET /health

Returns the backend's operational status.

Response: { "status": "ok", "chainReachable": true }

IBAN Registry

IBAN endpoints enable bidirectional lookup between Ethereum addresses and Swiss-style IBANs (format: CH + 2 check digits + chain ID + 12-digit account = 21 characters).

GET /api/ibans

Return all registered IBAN accounts.

Response:

GET /api/iban/:code

Resolve an IBAN to its registered Ethereum address and display name.

Response: { "iban": "CH5200033000000000002", "address": "0x70997970...", "name": "Alice" }

Returns HTTP 404 if the IBAN is not registered.

GET /api/address/:addr/iban

Reverse lookup: resolve an Ethereum address to its IBAN.

Response: { "address": "0x70997970...", "iban": "CH5200033000000000002", "name": "Alice" }

Returns HTTP 404 if the address has no registered IBAN.

Audit Log

Audit endpoints allow querying the audit log of all proxied RPC calls. Requires Admin, Compliance, or Auditor role.

GET /api/audit

Query the audit log with optional filters.

Query parameters:

Response:

GET /api/audit/:id

Return a single audit entry by ID.

GET /api/audit/export

Export filtered audit entries as a CSV file. Accepts the same query parameters as GET /api/audit.

Permission Rules

GET /api/permissions

List all active permission rules in the PermissionRegistry.

Response:

POST /api/permissions

Add a new permission rule. Writes to the PermissionRegistry contract on-chain. Requires Admin role.

Request:

DELETE /api/permissions/:id

Remove a permission rule. Requires Admin role.

Error Codes

All JSON-RPC methods return standard JSON-RPC errors. Cocoon-specific error codes: