API overview
The public API lets your own app, bot or backend read hub data and award points. It's versioned, key-authenticated, and CORS-enabled for browser reads.
Base URL:
A no-auth discovery document lists the current surface:
What's public¶
| Method | Path | Purpose |
|---|---|---|
GET |
/hub/{slug} |
Hub configuration for embeds/clients |
GET |
/hub/{slug}/leaderboard?limit= |
Top stakers |
GET |
/hub/{slug}/holder/{wallet} |
Holder status + VECTOR balance |
GET |
/hub/{slug}/stake-status?wallet= |
A wallet's staking summary |
POST |
/hub/{slug}/bits/earn |
Award VECTOR (signed, server-to-server) |
See the API reference for full request and response schemas.
Note
This is the whole public surface — reads plus one signed write. Owner and admin configuration (creating hubs, phases, allowlists, roles) happens in the studio UI and is not exposed as an API.
Read vs. write¶
- Reads need only your public
clientIdinx-api-key. Safe from a browser. - Writes (
/bits/earn) additionally need an HMAC signature proving you hold the secret. Server-to-server only — never ship the secret to a browser.
See Authentication for both.
Scoping¶
An API key is scoped to one hub. A key issued for hub-a can't read or write
hub-b — you'll get 403 forbidden. Mint one key per hub you operate.