> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prflght.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# POST /check — Validate and Attest a Transaction

> Simulate, policy-check, and attest a Solana transaction. Returns signed attestation instructions to prepend before submitting on-chain.

`POST /check` is the core Prflght endpoint. Submit a serialized Solana transaction and your agent's wallet public key, and Prflght will simulate it against a live RPC, evaluate it against your agent's policy, verify the health of any DeFi protocols involved, and — if everything passes — return signed ed25519 attestation instructions you must prepend to the transaction before sending it on-chain.

## Endpoint

```
POST https://api.prflght.xyz/check
```

## Authentication

Pass your agent's wallet public key as the `agentId` field in the request body. Prflght uses this to look up the policy that governs the transaction.

## Request body

<ParamField body="tx" type="string" required>
  Base64-encoded serialized Solana `VersionedTransaction`. Serialize the transaction using `transaction.serialize()` and then encode with `Buffer.from(...).toString('base64')` before sending.
</ParamField>

<ParamField body="agentId" type="string" required>
  Your agent's wallet public key as a base58 string. This identifies which policy Prflght evaluates the transaction against.
</ParamField>

### Request example

```json theme={null}
{
  "tx": "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQAHDg...",
  "agentId": "4sGjMW1sUnHuiSFRhCAUt3pCkTaLRF1rBDUBGfVXvBb3"
}
```

## Response fields

Prflght returns one of two decision shapes: `allow` or `deny`.

### Allow response

<ResponseField name="decision" type="string" required>
  `"allow"` — the transaction passed simulation, policy evaluation, and protocol health checks.
</ResponseField>

<ResponseField name="policyHash" type="string" required>
  Hex string identifying the exact policy version that was evaluated. Use this for audit trails and to verify you're running against the expected policy.
</ResponseField>

<ResponseField name="expiry" type="number" required>
  Unix timestamp (seconds) after which the attestation is no longer valid. You must submit the transaction on-chain before this time.
</ResponseField>

<ResponseField name="attestationIxs" type="array" required>
  List of instruction objects to prepend to your transaction before submitting. Each instruction has the following shape:

  <Expandable title="attestationIxs properties">
    <ResponseField name="programId" type="string" required>
      The on-chain program ID of the Prflght attestation program.
    </ResponseField>

    <ResponseField name="accounts" type="array" required>
      Account metas required by the attestation instruction.
    </ResponseField>

    <ResponseField name="data" type="string" required>
      Base64-encoded instruction data containing the signed attestation payload.
    </ResponseField>
  </Expandable>
</ResponseField>

### Deny response

<ResponseField name="decision" type="string" required>
  `"deny"` — the transaction was blocked.
</ResponseField>

<ResponseField name="reason" type="string" required>
  Human-readable explanation of why the transaction was denied. For example: `"notional exceeds policy max_notional_usdc (10000)"`.
</ResponseField>

### Response examples

<Tabs>
  <Tab title="Allow">
    ```json theme={null}
    {
      "decision": "allow",
      "policyHash": "a3f9c12e8b4d7a0156ef23c9814bdf2e99c0a71d3b55f8e241d36a07c4e89f12",
      "expiry": 1713000000,
      "attestationIxs": [
        {
          "programId": "PrfLGHT11111111111111111111111111111111111111",
          "accounts": [
            { "pubkey": "4sGjMW1sUnHuiSFRhCAUt3pCkTaLRF1rBDUBGfVXvBb3", "isSigner": false, "isWritable": false }
          ],
          "data": "AjKx9mFp..."
        }
      ]
    }
    ```
  </Tab>

  <Tab title="Deny">
    ```json theme={null}
    {
      "decision": "deny",
      "reason": "notional exceeds policy max_notional_usdc (10000)"
    }
    ```
  </Tab>
</Tabs>

<Warning>
  You must prepend every instruction in `attestationIxs` to your transaction before submitting it on-chain. The Prflght on-chain program verifies the attestation as a prerequisite to execution — if the attestation instructions are missing or placed after your other instructions, the transaction will be rejected at the program level.
</Warning>

<Note>
  Transactions are denied for one of three reasons: a policy violation (e.g. notional limit, disallowed program, or slippage cap exceeded), a protocol health check failure (venue health score below your policy threshold), or a simulation failure (the transaction would revert on-chain). The `reason` field in a deny response tells you which condition triggered the block.
</Note>
