The permissioned XRPL directory
A directory of every permissioned domain on XRPL, the credentials each one accepts, the issuers backing those credentials, and any DID identity the owner has published. Updates live. No scoring. No editorial filter. No endorsement.
Where the entities running XRPL's permissioned stack are headquartered, attributed per-address from operator-curated identity, on-chain TOML, and external-label domain ccTLDs. Country-as-vanity TLDs (.io, .ai) are not inferred from. Missing > inaccurate.
Per-operator rollup over the last 24 hours: domain count, permissioned offers placed inside their domain, unique traders, and on-chain execution volume per currency pair (native units, no USD conversion). Sourced from XR-Trust's live ledger feed, which captures every OfferCreate inside a permissioned domain at validation time. Operators with no 24h activity are hidden.
Ecosystem-wide rollup of XRPL Permissioned Domain (XLS-70/80) and Permissioned DEX (XLS-81) activity over the last 30 days. Every credential issued or accepted, every permissioned offer placed, every domain created or modified. As more institutions onboard, the counters grow; this is the live institutional-adoption dashboard.
…
Free from this page. Agents pay $0.10 per query over the x402 API at
trust.xrpl-utilities.io. The directory is event-driven: it persists between requests and updates the moment a new domain or credential event validates on the ledger. Reads are instant.
A Permissioned Domain (XLS-80) is an on-chain trading venue that gates participation by credential. The owner publishes a list of accepted credential issuers, and only accounts holding a valid credential from one of those issuers can match orders inside. XLS-81 extends this to permissioned market-maker offers.
Institutional liquidity venues, tokenized real-world-asset issuers, KYC'd OTC desks, and regulated security tokens. The first named live example on XRPL mainnet is xrp-liquid.com, with on-chain identity (XLS-40 DID) and active offers selling XRP for USDC, RLUSD, and EURQ.
The on-chain side is fast. Publishing a Permissioned Domain takes one transaction, about 30 seconds, and roughly $0.01 in XRP fees.
The off-chain side is slower. A useful domain needs a credential issuer, legal review, and a credential-issuance flow that gets attestations into participants' wallets. Self-attested credentials: hours. Third-party KYC and AML: days to weeks.
XR-Trust implements x402 v2 with the
exact scheme on XRPL mainnet.
Verification and settlement are delegated to the
t54 XRPL facilitator.
POST /scan returns 402 Payment Required with the XRP option (RLUSD coming in a follow-up).
PAYMENT-SIGNATURE.
200 with the JSON and a PAYMENT-RESPONSE header.
Free read-only views: GET /permissioned-domains/operators/index (paginated operator list), /permissioned-domains/operators/{addr}/attribution (auto-walker output: funder, gated assets, retail signals, narrative), and /permissioned-domains/usage-summary (ecosystem onboarding stats) all return without a payment header. Use them for dashboards; /scan stays paid for full per-domain drill-down.
xrpl_trust_list_operators_indexxrpl_trust_operator_drilldownxrpl_trust_operator_attributionxrpl_trust_usage_summaryxrpl_trust_jurisdictionsxrpl_trust_list_domains · $0.10xrpl_trust_get_domain · $0.10xrpl_trust_credential_issuers · $0.10xrpl_trust_recent_events · $0.10
Or skip the integration: call any tool above from an
MCP client (Claude Desktop etc.) via
@xrpl-utilities/mcp
or the hosted endpoint at mcp.xrpl-utilities.io/mcp. Free tools work without a payment header; paid tools use the same x402 model wrapped as MCP arguments.
from x402_xrpl import X402RequestsSession from xrpl.wallet import Wallet session = X402RequestsSession( wallet=Wallet.from_seed(seed), rpc_url="https://YOUR_XRPL_RPC", payment_requirements_selector="XRP", ) # look up a single domain by its 64-hex LedgerIndex record = session.post( "https://trust.xrpl-utilities.io/scan", json={"domain_id": "AB12…"}, ).json() for match in record["matches"]: print(match["owner_address"], match["accepted_credentials"])
domains[]: one normalized record per PermissionedDomain ledger objectdomain_id, owner_address, sequence, flags, previous_txn_id, previous_txn_lgr_seq: full XLS-80 ledger-object metadataowner_label: external label when available ({name, desc, domain, verified, twitter}), else nullaccepted_credentials[]: each entry carries {issuer, credential_type, credential_type_decoded, issuer_label}. Hex types are decoded to ASCII when printable (e.g. 4B5943 → KYC).institutional_issuer_count + institutional_issuers[]: count and display names of distinct externally-labeled, non-self credential issuers accepted by the domainidentity_tier: one of institutional (verified TOML + DID), named_entity (TOML or DID only), funder_attributed (no TOML/DID, but parent funder is a labeled entity), credential_attributed (subject linked to a labeled issuer via accepted credential), did_only (XLS-40 DID present), or anonymous. Six-tier ladder, populated on every directory row.lifecycle (creation + last-modified meta walked from PreviousTxnID), permissioned_market (XLS-81 owner-side offers + AMMs), and identity (XLS-40 DID + parsed .well-known/xrp-ledger.toml when published)GET /permissioned-domains/operators/{addr}/attribution): the auto-walker output. funder (parent + well-known label), domains[] with decoded credential types, credentialed_subjects[] with trustline-implied asset gating, retail_signals (self-issued-only, minimal DID, NFT objects on operator wallet, etc.), likely_retail boolean, attribution_confidence (high/medium/low), and a summary_one_line server-generated narrative. Backfilled on every walker revision bump.GET /permissioned-domains/usage-summary): rolled-up onboarding activity over a configurable window: new operators, new credentials, new credentialed subjects, deletes. Right for tracking institutional adoption pace without paying per row.total, limit, offset, next_offset, schema_version, generated_at: pagination + envelope/credentials/issuers returns issuers[] with {issuer_address, issuer_label, domains_referencing, credential_types_issued}
Reserved fields surfaced as null in v1, populated later: member_count_estimate, verified_attestation, health_score. Full field-level details at /schema.
Source. XR-Trust reads PermissionedDomain ledger objects directly from the validated XRPL ledger. No third-party indexer, no editorial filter, no curated list. If it's on-ledger and validated, it's in the directory.
Materialization. The directory is event-driven. A persisted snapshot is hydrated on startup, kept current by an incremental refresh of every known owner, and extended in real time by a long-lived ledger-subscribe stream that picks up new owners the moment a PermissionedDomainSet from them is validated. No periodic full-ledger walk; reads stay instant.
Drill-down vs enumeration. Looking up a single domain by its domain_id is O(1) against the live ledger state. Whole-network enumeration is served from the persisted snapshot.
Owner labels. Where an external label provider recognizes a domain owner (banks, asset managers, infrastructure providers), the label appears on the directory row and the drill-down panel. Unlabeled owners surface their raw classic address.
Cross-product link. Every drill-down includes a one-click jump to XR-Sentinel to inspect the owner's on-chain behavioral pattern. Eventually the same panel will surface XR-Telemetry macro context, the XR-Pulse permissioned_domain_lifecycle event feed, and an XR-Vault link when the owner is a tracked RWA issuer; all queued for v2.
XR-Trust describes what's on-chain. We do not certify, endorse, or assess the legitimacy of any domain, owner, credential issuer, or member. Inclusion is not approval; absence is not disapproval. Not a compliance, AML, sanctions, or KYC determination; not legal or investment advice. Compliance, verification, and trust judgments remain with the consumer.
Membership in a permissioned domain is implicit (any address holding an accepted credential), and v1 does not estimate member counts.
