# Fast App Agent Guide

Fast App is a browser wallet for FAST accounts. Users can receive funds before signing in, upgrade to passkey or Google sign-in, send FAST-to-FAST payments, fund through Cash or Crypto flows, and manage agent wallets with key handoff.

Live app: <https://app.fast.xyz>

## Agent Surface

Most autonomous FAST operations should use the FAST SDK monorepo: <https://github.com/fastxyz/fast-sdk>. This app exposes only a small HTTP surface for human-in-the-loop wallet flows, read-only balance/activity lookups, and account-manifest sync.

| Resource | URL |
|---|---|
| App | https://app.fast.xyz/ |
| API catalog | https://app.fast.xyz/.well-known/api-catalog |
| Auth metadata | https://app.fast.xyz/.well-known/oauth-protected-resource |
| Markdown landing page | https://app.fast.xyz/index.md |

## Public APIs

| Route | Method | Purpose |
|---|---|---|
| /api/wallet-summary | GET | Read FAST balance for ?address=. |
| /api/wallet-activity | GET | Read wallet activity and chart data for ?address=. |
| /api/fast-rpc | POST | Proxy allowlisted FAST JSON-RPC calls. |
| /api/fast-rest/[...path] | GET/POST | Proxy allowlisted FAST REST calls. |
| /api/account-manifest | GET/PUT | Read or write encrypted account manifests. |
| /api/account-manifest/challenge | POST | Issue a short-lived challenge for manifest auth. |
| /api/fast-balance | GET | FAST balance query helper. |

## Authentication

The account-manifest auth scheme is a custom HMAC challenge plus ed25519 signature flow. Request a challenge from /api/account-manifest/challenge, sign the returned message with the FAST owner key, then present the x-fast-manifest-* headers to /api/account-manifest.

Challenges expire quickly. The server verifies the token, checks that the public key maps to the requested FAST address, and verifies the ed25519 signature over the challenge message.