TeeAPI - Secure Blockchain API Bridge

The Secure Bridge Between Blockchain and APIs

TeeAPI enables smart contracts to securely consume data from external APIs while maintaining decentralization and security principles.

Get StartedExplore Use Cases

Key Benefits

Tamper-Proof

Execution environment that cannot be modified, ensuring data integrity and security.

Trustless

No need to trust intermediaries or centralized services for API calls or data processing.

Data Privacy

Sensitive API keys and private data remain protected while enabling smart contract functionality.

How TeeAPI Works

1. Request

A smart contract calls the Oracle contract to request external API data

Smart Contract --> Oracle Contract
TEE Service

2. Execution

The TEE service monitors for request events, makes the API call, and processes the response

3. Fulfillment

The TEE service submits the API response back to the Oracle contract, which forwards it to the requesting contract

Oracle Contract --> Smart Contract

Main Features

REST API Integration

Secure bridge enabling smart contracts to request and receive data from any external web service while maintaining blockchain security principles.

Selective Data Extraction

Extract only the specific fields needed from API responses, keeping all other data private and off-chain to ensure maximum privacy.

Input Encryption

End-to-end encryption for sensitive request components including URLs, query parameters, and API tokens, preventing exposure on the blockchain.

Confidential Verification

Perform private condition checks against API data within the TEE, returning only boolean results while keeping actual values hidden from the blockchain.

Example Use Cases

Parametric Insurance

Create trustless insurance policies with automatic claims processing based on predefined thresholds.

  • Earthquake magnitude detection
  • Flight delays verification
  • Weather data for crop insurance

Prediction Markets

Secure and trustless verification of outcomes from official sources, eliminating data manipulation risk.

  • Sports game results
  • Company earnings releases and KPIs
  • Political and social event outcomes

DeFi Loans

Verify real-world financial information for automated loan approvals without exposing sensitive data.

  • Bank account balance verification
  • Credit score assessment
  • Income verification

Climate & Supply Chain

Integrate IoT sensor data with blockchain for climate and supply chain applications.

  • Weather data monitoring
  • Air quality measurements
  • Supply chain condition verification

Developer Documentation

Getting Started with TeeAPI

TeeAPI makes it easy to securely connect your smart contracts with any external API. Follow these examples to integrate TeeAPI into your projects.

Example: Flight Delay Insurance

Create a smart contract that automatically pays out insurance claims when a flight is delayed.

Step 1: Initialize TeeAPI in your contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "@teeapi/contracts/RestApiClient.sol";
import "@solady/src/utils/SafeTransferLib.sol";

contract FlightDelayInsurance is RestApiClient {
    // Amount to pay out for delayed flights
    uint256 constant public INSURANCE_PAYOUT = 0.001 ether;
    
    // Flight information structure
    struct FlightInfo {
        bool delayed;
        uint256 delayMinutes;
        bool claimed;
        uint256 claimTimestamp;
    }
    
    // Flight identifier structure
    struct FlightId {
        string flightNumber;
        string date;
    }
    
    // Mappings to store flight data and claims
    mapping(string => mapping(string => FlightInfo)) public flightData;
    mapping(bytes32 => address) public claimers;
    mapping(bytes32 => FlightId) public flightIds;
    
    // Events
    event FlightDelayVerified(string flightNumber, string date, bool delayed, uint256 delayMinutes);
    event ClaimPaid(address claimer, string flightNumber, string date, uint256 amount);
    
    /**
     * @dev Constructor
     * @param _oracle Address of the Oracle contract
     */
    constructor(address _oracle) RestApiClient(_oracle) {
        _initializeOwner(msg.sender);
    }
}
Step 2: Create the claim initiation function
/**
 * @dev Check if a flight is delayed
 * @param flightNumber IATA flight number (e.g., UA1606)
 * @return requestId The unique identifier for the request
 */
function initiateClaim(string memory flightNumber) external payable returns (bytes32) {
    // Create query parameters with encrypted API key
    IOracle.KeyValue[] memory queryParams = new IOracle.KeyValue[](2);
    queryParams[0] = IOracle.KeyValue({
        key: "access_key",
        value: "BKYs...vbD9mAl",
        encrypted: true
    });
    queryParams[1] = IOracle.KeyValue({
        key: "flight_iata", 
        value: flightNumber, 
        encrypted: false
    });

    // Define conditions for verification
    IOracle.Condition memory flightLanded = IOracle.Condition({
        operator: "eq", 
        value: "landed", 
        encrypted: false
    });
    IOracle.Condition memory isDelayed = IOracle.Condition({
        operator: "gt", 
        value: "0", 
        encrypted: false
    });
    IOracle.Condition memory noCondition = IOracle.Condition({
        operator: "", 
        value: "", 
        encrypted: false
    });

    // Create response fields with conditions to verify
    IOracle.ResponseField[] memory responseFields = new IOracle.ResponseField[](5);

    // Verify if flight has landed
    responseFields[0] = IOracle.ResponseField({
        path: "$.data[0].flight_status", 
        responseType: "string", 
        condition: flightLanded
    });

    // Verify if arrival delay is greater than 0
    responseFields[1] = IOracle.ResponseField({
        path: "$.data[0].arrival.delay", 
        responseType: "uint256", 
        condition: isDelayed
    });

    // Extract the actual delay minutes
    responseFields[2] = IOracle.ResponseField({
        path: "$.data[0].arrival.delay", 
        responseType: "uint256", 
        condition: noCondition
    });

    // Extract the flight number
    responseFields[3] = IOracle.ResponseField({
        path: "$.data[0].flight.iata", 
        responseType: "string", 
        condition: noCondition
    });

    // Extract the flight date
    responseFields[4] = IOracle.ResponseField({
        path: "$.data[0].flight_date", 
        responseType: "string", 
        condition: noCondition
    });

    // Make the request
    bytes32 requestId = makeRequest({
        method: IOracle.HttpMethod.GET,
        url: "https://api.aviationstack.com/v1/flights",
        urlEncrypted: false,
        headers: new IOracle.KeyValue[](0),
        queryParams: queryParams,
        body: "",
        bodyEncrypted: false,
        responseFields: responseFields
    });

    // Store claim information
    claimers[requestId] = msg.sender;
    flightIds[requestId] = FlightId({flightNumber: flightNumber, date: ""});
    return requestId;
}

/**
 * @dev Fund the contract to pay for insurance claims
 */
function fundContract() external payable onlyOwner {
    // Simply accepts ETH sent to the contract
}

/**
 * @dev Withdraw funds from the contract (owner only)
 */
function withdrawFunds() external onlyOwner {
    SafeTransferLib.safeTransferAllETH(owner());
}

/**
 * @dev Get flight information
 * @param flightNumber IATA flight number
 * @param date Flight date in YYYY-MM-DD format
 * @return Information about the flight
 */
function getFlightInfo(string memory flightNumber, string memory date) external view returns (FlightInfo memory) {
    return flightData[flightNumber][date];
}

/**
 * @dev Get flight information by requestId
 * @param requestId Unique identifier for the request
 * @return Information about the flight
 */
function getFlightInfoById(bytes32 requestId) external view returns (FlightInfo memory) {
    FlightId memory flightId = flightIds[requestId];
    return flightData[flightId.flightNumber][flightId.date];
}

/**
 * @dev Implementation of _handleResponse from RestApiClient
 * @param requestId Unique identifier for the request
 * @param success Whether the API request was successful
 * @param data ABI-encoded response data according to the requested fields
 */
function _handleResponse(bytes32 requestId, bool success, bytes calldata data) internal override {
    address claimer = claimers[requestId];

    (bool isLanded, bool isDelayed, uint256 delayMinutes, string memory flightNumber, string memory date) =
        abi.decode(data, (bool, bool, uint256, string, string));

    // Update flight data
    FlightInfo memory flight = flightData[flightNumber][date];
    // Return early if flight already exists
    if (flight.claimTimestamp != 0) {
        return;
    }
    flight.delayed = isLanded && isDelayed;
    flight.delayMinutes = delayMinutes;

    emit FlightDelayVerified(flightNumber, date, flight.delayed, delayMinutes);
    if (flight.delayed) {
        flight.claimed = true;
        flight.claimTimestamp = block.timestamp;
        // Transfer payout to claimant
        SafeTransferLib.safeTransferETH(claimer, INSURANCE_PAYOUT);
        emit ClaimPaid(claimer, flightNumber, date, INSURANCE_PAYOUT);
    }
    flightData[flightNumber][date] = flight;
    flightIds[requestId].date = date;
}
Step 3: Implement the response handler
/**
 * @dev Implementation of _handleResponse from RestApiClient
 * @param requestId Unique identifier for the request
 * @param success Whether the API request was successful
 * @param data ABI-encoded response data according to the requested fields
 */
function _handleResponse(bytes32 requestId, bool success, bytes calldata data) internal override {
    address claimer = claimers[requestId];

    (bool isLanded, bool isDelayed, uint256 delayMinutes, string memory flightNumber, string memory date) =
        abi.decode(data, (bool, bool, uint256, string, string));

    // Update flight data
    FlightInfo memory flight = flightData[flightNumber][date];
    // Return early if flight already exists
    if (flight.claimTimestamp != 0) {
        return;
    }
    flight.delayed = isLanded && isDelayed;
    flight.delayMinutes = delayMinutes;

    emit FlightDelayVerified(flightNumber, date, flight.delayed, delayMinutes);
    if (flight.delayed) {
        flight.claimed = true;
        flight.claimTimestamp = block.timestamp;
        // Transfer payout to claimant
        SafeTransferLib.safeTransferETH(claimer, INSURANCE_PAYOUT);
        emit ClaimPaid(claimer, flightNumber, date, INSURANCE_PAYOUT);
    }
    flightData[flightNumber][date] = flight;
    flightIds[requestId].date = date;
}

Ready to Try TeeAPI?

Interact with TeeAPI smart contracts on any EVM chain and see the power of secure API integration firsthand.

Try It Now

Powered by ABI Ninja - Interact with smart contracts on any EVM chain