NFT contract security audit via x402 — check any NFT collection on-chain for $0.01 per call.
What it does
The `/defi/nft` endpoint is part of the DeFi Intelligence API hosted at defi.hugen.tokyo. It performs an NFT contract security check given a chain ID and NFT contract address. The endpoint returns security signals such as whether the NFT is open-source, uses a proxy pattern, has privileged burn capabilities, or restricted approval mechanisms. It is one of 26 DeFi security and data endpoints offered by this API, all gated via the x402 payment protocol at $0.01 USDC on Base per call.
The endpoint accepts two required query parameters: `chain` (a chain ID string, e.g. "1" for Ethereum, "56" for BSC, "8453" for Base) and `address` (the NFT contract address). It returns a JSON object with security flags. The x402 challenge captured during probing confirms the endpoint is live and returns sample fields including `nft_open_source`, `nft_proxy`, `privileged_burn`, and `restricted_approval`.
Payment is handled via the x402 protocol — callers send a USDC micropayment on Base to unlock each response. Alternative access methods include a broker API (no wallet needed, use an API key), an MCP server at mcp.hugen.tokyo, or the `x402-pay` Python SDK. No API keys or rate limits are required for direct x402 calls. The broader API also covers token audits, address security, rug-pull detection, phishing checks, bridge routing, gas prices, protocol analytics (TVL, fees, DEX volume), and more.
Capabilities
Use cases
- —Checking whether an NFT contract is open-source or uses a proxy before minting
- —Screening NFT collections for privileged burn or restricted approval risks
- —Integrating automated NFT security checks into a trading bot or portfolio dashboard
- —Agent-driven due diligence on NFT projects before recommending purchases
- —Bulk auditing NFT contracts across multiple chains
Fit
Best for
- —AI agents needing on-demand NFT contract security data
- —DeFi dashboards adding NFT risk indicators
- —Developers building NFT marketplace safety features
- —Automated trading systems that need pre-trade NFT contract checks
Not for
- —NFT metadata or image retrieval (this is security-only)
- —Off-chain NFT provenance or ownership history
- —Free/unlimited-volume batch scanning (each call costs $0.01)
Quick start
# Using the x402-pay Python SDK
pip install x402-pay
import x402_pay
resp = x402_pay.get(
'https://defi.hugen.tokyo/defi/nft?chain=1&address=0xBC4CA0EdA7647A8aB7C2061c2E118A18a936f13D'
)
print(resp.json())Example
Request
{
"url": "https://defi.hugen.tokyo/defi/nft?chain=1&address=0xBC4CA0EdA7647A8aB7C2061c2E118A18a936f13D",
"method": "GET",
"headers": {
"Accept": "application/json"
}
}Response
{
"nft_proxy": false,
"nft_open_source": true,
"privileged_burn": false,
"restricted_approval": false
}Endpoint
Quality
The endpoint is confirmed live via a 402 challenge that includes sample response fields. A full OpenAPI spec is available with parameter definitions, but response schemas are empty (no formal output schema). Pricing is clear ($0.01 USDC on Base). The response fields are inferred from the x402 challenge payload rather than a documented response schema.
Warnings
- —Response schema is not formally defined in the OpenAPI spec — the sample fields come from the x402 challenge payload only
- —No dedicated documentation page exists beyond the auto-generated Swagger UI
- —Root URL returns 404; no landing page or README available
Citations
- —The endpoint requires chain and address query parametershttps://defi.hugen.tokyo/docs
- —26 DeFi security and data endpoints with one x402 payment per callhttps://defi.hugen.tokyo/docs
- —Payment is $0.01 USDC on Base per callhttps://defi.hugen.tokyo/defi/nft
- —Response includes nft_open_source, nft_proxy, privileged_burn, restricted_approval fieldshttps://defi.hugen.tokyo/defi/nft
- —Alternative access via broker API, MCP server, or x402-pay Python SDKhttps://defi.hugen.tokyo/defi/nft