Skip to main content
POST
/
get-withdraw-authorization
cURL
curl --request POST \
  --url https://api.example.com/get-withdraw-authorization \
  --header 'Content-Type: application/json' \
  --data '
{
  "chain": "base",
  "userAddress": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
}
'
{
  "uuid": "<string>",
  "signature": "<string>",
  "expiresAt": 123,
  "maxWithdrawAmount": 123
}

Overview

Generate a signed authorization to claim scheduled withdrawals from the vault. This is step 2 of the two-phase withdrawal process. The authorization is valid for 30 seconds and can only be used once. It allows the user to claim up to their total unclaimed withdrawal amount.
To avoid ambiguity, we denote the smallest possible multiple of USDC (0.000001 USDC) as one uusdc, which stands for µUSDC (micro-USDC).

Withdrawal Flow

Bison uses a two-phase withdrawal process:
  1. Schedule (/schedule-withdraw): User signs a message to request a withdrawal for a specific amount
  2. Claim (/get-withdraw-authorization + on-chain tx): User gets authorization and executes the withdrawal on-chain
This endpoint handles step 2 - generating the authorization signature for claiming.

Request Body

chain
string
required
Chain to claim withdrawals on. One of base or bsc.
userAddress
string
required
User’s Ethereum wallet address (checksummed or lowercase).

Response

uuid
string
Unique authorization identifier used to prevent replay attacks.
signature
string
EIP-712 signature for the withdrawal authorization that must be submitted to the vault contract.
expiresAt
number
Unix timestamp when the authorization expires (30 seconds from creation).
maxWithdrawAmount
number
Total amount available to claim in µUSDC. This is the sum of all unclaimed scheduled withdrawals.

Error Responses

400 - No Withdrawals
Returned when the user has no unclaimed withdrawals available.
{
  "error": "No unclaimed withdrawals available"
}
400 - Pending Signature
Returned when the user already has an unexpired claim authorization.
{
  "error": "You already have a pending withdrawal signature. Please use it or wait for expiry."
}
500 - Server Error
Returned when authorization generation fails.
{
  "error": "Withdraw authorization failed"
}

Example Request

{
  "chain": "base",
  "userAddress": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
}

Example Response

{
  "uuid": "550e8400-e29b-41d4-a716-446655440000",
  "signature": "0x1234567890abcdef...",
  "expiresAt": 1699564830,
  "maxWithdrawAmount": 1000000
}

Usage Flow

  1. Schedule Withdrawals: Use /schedule-withdraw to request withdrawal(s)
  2. Check Status: Use /pending-withdraws/{userAddress} to see when withdrawals become unclaimed
  3. Get Authorization: Call this endpoint to get claim signature
  4. Execute Claim: Call withdrawUSDC on the vault contract with:
    • uuid: Unique authorization ID
    • usdcAmount: Amount to withdraw (≤ maxWithdrawAmount)
    • userAddress: User’s wallet address
    • expiry: Expiration timestamp
    • signature: EIP-712 signature

Important Notes

  • Authorization expires in 30 seconds
  • Each authorization can only be used once (replay protection via claim locks)
  • User must have scheduled withdrawals in unclaimed status
  • Multiple scheduled withdrawals are batched into a single claim
  • Partial claims are supported - withdraw any amount up to maxWithdrawAmount
  • After claiming, the user receives USDC directly to their wallet

Body

application/json
chain
enum<string>
required

Chain to execute the action on; one of: base, bsc

Available options:
base,
bsc
Example:

"base"

userAddress
string
required

User wallet address

Example:

"0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"

Response

Withdraw authorization generated successfully

uuid
string
required

Unique authorization ID

signature
string
required

EIP-712 signature for the authorization

expiresAt
number
required

Unix timestamp when authorization expires

maxWithdrawAmount
number
required

Total amount available to withdraw in µUSDC