Transport Surface
Understand the Talero node HTTP surface without crossing into operator-only territory
The Talero binary exposes more than JSON-RPC. It also serves plain-text health checks, Prometheus metrics,
REST summary routes, explorer-grade data routes, and server-sent event streams. This guide documents the public-safe part
of that HTTP surface and describes what is intentionally excluded from public docs.
HTTP surface
Top-level endpoints
REST tree
Streaming
No sensitive data
Public-safe split
Use HTTP by purpose.
/health is liveness,
/rpc is JSON-RPC,
/api/v1 is structured REST, and
/events or
/api/v1/head/stream are streaming transports.
Important boundary
Not every route belongs on a public edge.
Some heavy or topology-oriented routes exist in the binary but are intentionally omitted or de-emphasized here.
This is a public-safe guide. It does not publish admin RPC, trusted caller details, peer-topology routes,
private metrics policy, or any deployment-specific network control values.
Scope and contract
The Talero node serves multiple HTTP response families:
- Plain text liveness checks.
- Prometheus metrics for operators.
- JSON-RPC over
POST /rpc.
- JSON REST endpoints under
/api/v1 and selected aliases under /api.
- Server-sent event streams.
- Optional static file hosting from the local
static/ directory.
This page focuses on the stable and public-safe contract. Where the binary contains routes that are heavy, trusted-only,
topology-revealing, or better suited to private operator tooling, they are either summarized at a high level or intentionally excluded.
Endpoint families
| Family |
Path pattern |
What it is for |
| Top-level basics |
/health, /metrics, /prom/metrics, /events |
Liveness, operator metrics, and raw event streaming. |
| JSON-RPC |
/rpc |
Ethereum-compatible and Talero-specific JSON-RPC. |
| Stable REST |
/api/v1/* |
Summary, explorer, lookup, streaming, and helper routes. |
| Compatibility aliases |
/api/* |
Legacy or short-form aliases for selected public REST surfaces. |
| Static hosting |
/ |
Deployment-specific static files, not a stable API contract. |
Top-level endpoints
| Endpoint |
Exposure |
Contract |
GET /health |
Public |
Simple plain-text liveness endpoint. The handler returns ok. |
POST /rpc |
Public |
JSON-RPC endpoint. Use the dedicated Public-safe RPC guide for method-level documentation. |
GET /events |
Restricted |
Raw server-sent event broadcast stream. Useful in controlled deployments, but not a universal public contract. |
GET /metrics |
Private |
Prometheus scrape endpoint for operators. |
GET /prom/metrics |
Private |
Compatibility alias for Prometheus scraping. |
If you need structured public-safe JSON rather than plain text or Prometheus text, prefer /api/v1 over the top-level routes.
Streaming endpoints
Talero exposes two HTTP streaming surfaces in the node:
| Endpoint |
Format |
Use it for |
GET /events |
SSE |
Raw broadcast stream from the node event bus. Payloads are runtime-dependent and best treated as an opt-in operational surface. |
GET /api/v1/head/stream |
SSE |
Filtered head/reorg stream for explorer or dashboard consumers. |
/api/v1/head/stream accepts an optional events query parameter containing a comma-separated list of safe event names.
If omitted, the stream defaults to head,reorg.
curl -N https://rpc.talero.info/api/v1/head/stream?events=head,reorg
These streams are delivery channels, not durable message queues. Clients should be ready to reconnect and rebuild state from regular REST or RPC queries.
Metrics surfaces
Talero intentionally splits machine-readable status summaries from operator scrape endpoints:
| Endpoint |
Shape |
Guidance |
GET /api/v1/metrics |
JSON summary |
Public-safe status and metrics summary for dashboards and frontends. |
GET /api/v1/stats |
JSON summary |
Public-safe operational stats, including head/sync-style summary information. |
GET /metrics |
Prometheus text |
Operator-only scrape endpoint. |
GET /prom/metrics |
Prometheus text |
Compatibility alias for operator scraping. |
Public docs should treat Prometheus exposure as private by default. A public-safe deployment can expose JSON summaries without publishing the full metrics scrape.
Public-safe summary routes under /api/v1
These routes are the stable public-safe REST core of the node. They are appropriate for status pages, dashboards, wallets,
explorers, and general integrations that want structured HTTP responses without depending on JSON-RPC.
| Route |
Purpose |
Notes |
GET /api/v1/head |
Best head, finalized head, peer count, role, and timestamp. |
Short-lived cache and ETag support. |
GET /api/v1/health |
Detailed health and service-level summary. |
Better than /health when you need structured data. |
GET /api/v1/stats |
Operational stats summary. |
Includes role and sync-oriented summary fields. |
GET /api/v1/metrics |
Public-safe JSON metrics snapshot. |
Separate from Prometheus text scraping. |
GET /api/v1/fees |
Current fee summary. |
Includes base fee, priority fee, gas price, and volatility fields. |
GET /api/v1/fees/forecast |
Fee forecast summary. |
Useful for wallets and fee planners. |
GET /api/v1/confidence |
Network confidence summary. |
UX-oriented confidence surface. |
POST /api/v1/finality/estimate |
Finality estimate for latest head, tx, or block context. |
REST twin of talero_finalityEstimate. |
GET /api/v1/finalized |
Compact finalized-vs-head summary. |
Simple chain-finality helper. |
GET /api/v1/network/health |
Anonymized network health aggregation. |
No raw peer IPs or peer IDs. |
GET /api/v1/network/risk |
Public-safe network risk summary. |
Built from confidence, finality, and safe-mode signals. |
GET /api/v1/checkpoint/latest |
Latest checkpoint bundle summary. |
Can report unsupported or unavailable if the feature is not active. |
GET /api/v1/checkpoint/history |
Historical checkpoint listing. |
Supports bounded limit. |
GET /api/v1/watchtower/status |
Watchtower status summary. |
Signal-only status route. |
GET /api/v1/diagnostics/node |
Public-safe node diagnostics summary. |
Status-grade diagnostics, not private debug. |
GET /api/v1/diagnostics/modules |
Module-by-module service status. |
Useful for dashboards and status panels. |
GET /api/v1/activity/hints |
Recent public activity hints. |
Supports bounded limit. |
GET /api/v1/activity/events |
Recent operational event summaries. |
Public-safe activity/event snapshot. |
POST /api/v1/route/hints |
Route-hint helper endpoint. |
Public-safe helper for wallet or orchestration flows. |
POST /api/v1/intents/validate |
Intent validation endpoint. |
Public-safe helper for higher-level transaction UX. |
GET /api/v1/receipt/:hash/finality-bundle |
Receipt-level finality bundle by tx hash. |
REST twin of the public finality bundle RPC surface. |
GET /api/v1/validators |
Validator summary listing. |
Public observer route; does not expose validator secrets. |
Explorer-grade and chain-data routes
Talero also exposes REST routes that support explorer-style browsing, chain lookup, and paginated transaction access.
These are still public-facing routes, but some of them are larger, more indexer-shaped, or subject to privacy redaction.
| Route group |
Examples |
Notes |
| Search and address |
GET /api/v1/search
GET /api/v1/address/:addr
GET /api/v1/address/:addr/txs |
Address-centric routes can be redacted or degraded by public privacy and abuse controls. |
| Block browsing |
GET /api/v1/blocks
GET /api/v1/block/height/:height
GET /api/v1/block/hash/:hash |
Supports explorer-style block pages and pagination. |
| Block transactions |
GET /api/v1/block/height/:height/txs
GET /api/v1/block/hash/:hash/txs |
Paginated transaction lists by block. |
| Transaction and receipt lookup |
GET /api/v1/tx/:hash
GET /api/v1/receipt/:hash |
Explorer-grade canonical transaction and receipt lookup. |
| Batch transaction lookup |
GET /api/v1/txs
POST /api/v1/txs
POST /api/v1/receipts
POST /api/v1/txbundle |
Batch helpers for clients that need multiple hashes at once. |
| Logs |
GET /api/v1/logs |
HTTP query surface for log filtering by block range, address, and topics. |
| Reorg and fork diagnostics |
GET /api/v1/reorgs
GET /api/v1/reorgs/:id
GET /api/v1/fork/tips
GET /api/v1/forks/height/:height |
Public chain diagnostics rather than private incident-response tooling. |
| Canonicality checks |
GET /api/v1/canonical/height/:height |
Resolve whether a canonical block exists at a height. |
Public-safe does not mean immutable response shape across all deployment modes. Address-centric routes in particular can be masked,
reduced, or rate-limited on hardened public edges.
Batch and query conventions
A large part of the REST tree uses a few recurring conventions. Understanding these makes the HTTP surface easier to integrate.
Common query patterns
limit is widely used on listing routes and is always bounded server-side.cursor, cursorBlockNumber, and cursorTxIndex appear on paginated transaction listings.format=compact can reduce block payload size on block-listing routes.include=bundle, include=tx, or include=receipt can expand some transaction-list views.
Logs over HTTP
GET /api/v1/logs supports HTTP-native filters such as fromBlock, toBlock, address,
topic0 through topic3, and limit.
curl -sS 'https://rpc.talero.info/api/v1/logs?fromBlock=1000&toBlock=1100&address=0x1111111111111111111111111111111111111111&limit=200'
Batch lookups
Batch POST routes accept a JSON body with a hashes array. Talero validates size and hash format, then returns a map of found items plus a missing list.
curl -sS -X POST https://rpc.talero.info/api/v1/receipts \
-H 'content-type: application/json' \
-d '{
"hashes": [
"0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
]
}'
Compatibility aliases and static hosting
The node also publishes selected short-form aliases under /api. These are compatibility helpers, not a separate API family.
| Alias family |
Examples |
Notes |
| Summary aliases |
/api/health
/api/metrics
/api/confidence
/api/watchtower/status |
Convenience aliases for public-safe summaries. |
| Diagnostics/activity aliases |
/api/diagnostics/node
/api/diagnostics/modules
/api/activity/hints
/api/activity/events |
Mirror selected /api/v1 surfaces. |
| Finality and helper aliases |
/api/checkpoint/latest
/api/network/risk
/api/finality/estimate
/api/route/hints |
Compatibility endpoints for public-safe workflows. |
| Explorer alias |
/api/txs |
Alias for the transaction list surface. |
The node also mounts static files at / from a local static/ directory. That is deployment-specific content and
should not be treated as part of the stable node API contract.
Caching and freshness
Talero uses short-lived REST caching and weak ETags on selected read routes. This matters if you are building dashboards,
polling loops, or public gateway caches.
/api/v1/head, /api/v1/stats, and /api/v1/metrics use very short cache windows suitable for dashboards.- Hot block-list pages can be micro-cached, while more dynamic or cursor-driven pages may use weaker or no-store policies.
- Address transaction history can use different cache behavior for the first page versus historical cursor pages.
- Client integrations should still treat the chain as live data even when short cache headers are present.
Public cacheability is a performance hint, not a consensus guarantee. Finality-sensitive decisions should come from finality-specific surfaces, not from HTTP cache headers.
Safety model for HTTP surfaces
The Talero node does not treat all HTTP routes equally. Public-safe routes are intentionally narrower than the total binary surface.
Public-safe versus private surfaces
/health, /rpc, and selected /api/v1 routes can support public consumers./metrics and /prom/metrics are operator-oriented and should stay private by default.- Topology-oriented, trusted-only, and override-style routes belong on private infrastructure only.
Privacy and abuse controls
- Address-centric REST routes and search can be redacted according to the active privacy policy.
- REST search and address routes also participate in anti-abuse and honeytrap-style protection paths.
- Heavy helper routes can be denied or throttled on hardened public edges.
Shared policy with JSON-RPC
- Some REST routes use the same public-guard logic as their JSON-RPC equivalents.
- Safe mode can tighten public availability for heavier public surfaces.
- Trusted-only routes remain trusted-only even when reachable over HTTP.
Error model
The HTTP surface uses conventional HTTP status codes instead of JSON-RPC error objects. Public clients should expect the following patterns:
| Status |
Typical meaning |
What to do |
200 OK |
Successful REST or streaming handshake. |
Normal success path. |
400 Bad Request |
Invalid query params, invalid path values, or malformed request bodies. |
Fix the request shape rather than retrying. |
403 Forbidden |
Denied by privacy policy or trust-tier requirements. |
Treat as policy, not as transient transport failure. |
404 Not Found |
Missing block, tx, receipt, reorg ID, or similar object. |
Handle as missing data. |
429 Too Many Requests |
Rate limit or abuse protection triggered. |
Back off and reduce request volume. |
503 Service Unavailable |
Temporarily restricted by safe-mode policy. |
Retry later and inspect public-safe status routes. |
500 Internal Server Error |
Unexpected server-side failure. |
Retry cautiously and log enough context to debug. |