Skip to main content
Every build returns an unsigned bundle:

Order of operations

1

Send approvals first

Sign and broadcast each entry in approvals[] from the user’s wallet. Empty for native ETH.
2

Then the transaction

Sign and broadcast tx (to, data, value) from the same wallet.

Two paths

In-app signing

Prompt the connected wallet (wagmi/viem/ethers, WalletConnect, or a Safe) with the raw approvals + tx. Full control of your UX.

Hosted handoff

Redirect the user to meta.signingUrl — the Spiral app, prefilled, where they review and sign. Zero signing code on your side.

Freshness

meta.expiresAt marks when the embedded swap calldata goes stale (~60 seconds). Build right before the user signs. If they hesitate past expiresAt, rebuild — signing a stale bundle will simply revert on-chain (funds are never at risk, but the transaction fails).

Safety guarantees

  • Approvals are scoped to the exact contract, for the exact amount — never infinite.
  • Every swap carries a minTokenOut floor (≥ 99% of quote) — it can’t be sandwiched.
  • The transaction targets the strategy you chose and is bound to userAddress.