Authenticate: POST https://app.bitgo.com/api/v2/user/login or use a long-lived access token; set Authorization: Bearer YOUR_ACCESS_TOKEN on all requests
POST https://app.bitgo.com/api/v2/{coin}/wallet/generate with body: {"label": "<wallet_name>", "passphrase": "YOUR_WALLET_PASSPHRASE", "enterprise": "<enterprise_id>", "type": "custodial"} to create a custodial wallet; capture id (walletId)
For self-managed multi-sig, omit type; BitGo creates user key, backup key (optionally via KRS provider), and BitGo key — back up the encrypted user keychain immediately from the response
GET https://app.bitgo.com/api/v2/{coin}/wallet/{walletId}/address to get the default deposit address; POST .../address with {"chain": 0} to derive additional receive addresses
Subscribe to wallet events: POST https://app.bitgo.com/api/v2/webhook with {"type": "wallet", "url": "<your_webhook_url>", "walletId": "<walletId>"} to receive transaction, transfer, and pendingApproval notifications
Verify the webhook by checking the BitGo-Signature header against an HMAC-SHA256 of the raw payload using your webhook secret
Known gotchas
BitGo uses coin-specific base paths (e.g. /api/v2/btc/, /api/v2/eth/, /api/v2/polygon:usdc/); using the wrong coin identifier returns 404 or silently routes to the wrong network
Custodial wallets do not expose private key material — you cannot export keys; ensure the custody tier (hot/warm/cold) is selected intentionally at creation because it cannot be changed post-creation
Backup key recovery requires the KRS provider (e.g. BitGo KRS, Coincover) to be configured at wallet creation; retrofitting a KRS after creation is not supported
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp