Base URL
/v1. The API returns JSON responses.
Authentication
Three authentication methods depending on the caller:| Method | Header | Format | Used by |
|---|---|---|---|
| Publisher API key | Authorization | Bearer xk_pub_... | Publishers managing sites |
| Site token | X-Site-Token | st_... | Server middleware creating gates |
| Wallet address | X-Wallet-Address | 0x... | Agents querying profiles |
Rate limits
| Endpoint | Limit | Scope |
|---|---|---|
POST /v1/publishers/register | 5/min | Per IP |
POST /v1/publishers/login | 5/min | Per IP |
POST /v1/gates | 200/min | Per site token |
POST /v1/gates/{id}/verify | 50/min | Per gate |
| All other endpoints | 100/min | Per credential |
Retry-After header.
Error format
detail field with a human-readable message.
Common status codes
| Code | Meaning |
|---|---|
| 200 | Success |
| 201 | Created |
| 400 | Bad request (validation error) |
| 401 | Invalid or missing credentials |
| 402 | Payment required (gate response) |
| 404 | Resource not found |
| 409 | Conflict (duplicate resource) |
| 429 | Rate limited |
| 500 | Server error |