Skip to content

API reference

Every public endpoint: entropy egress (/v1/), the randomness beacon, and the admin registry (/api/v1/).

Conventions

  • The nginx edge exposes both surfaces on one origin: /v1/* → entropy egress, /api/v1/* → admin registry.
  • Bodies are JSON; entropy is returned hex-encoded as bytes_hex alongside a receipt.
  • Request size: 1 – 65,536 bytes per call.
  • With EMS_API_KEYS configured, all /v1/* routes require Authorization: Bearer <key>.

Entropy egress (/v1)

EndpointPurpose
POST /v1/entropy/requestSingle-shot entropy, policy-routed. See Quickstart.
POST /v1/entropy/multiMulti-source extraction across named independent sources. See Multi-source.
WS /v1/entropy/streamContinuous streamed entropy. See Streaming.
GET /v1/pubkeyActive signature algorithm and public key.
GET /v1/sourcesRegistered source mirror (id + note).
GET /v1/sources/:id/qualityLive quality metrics for one source.
GET /v1/entropy/poolsLive tier-pool levels.
GET /v1/receipts/:request_idRe-fetch a previously issued receipt.
GET /v1/healthzLiveness probe (returns "ok").

Randomness beacon

The public beacon publishes signed, chained randomness pulses (ML-DSA-65 in production) for applications that need public, verifiable randomness rather than secret entropy.

EndpointPurpose
GET /v1/beaconBeacon metadata: cadence, signing algorithm, chain info.
GET /v1/beacon/latestMost recent pulse.
GET /v1/beacon/pulse/:pulse_indexHistorical pulse by index.
WS /v1/beacon/streamPulses pushed as they are emitted.

Admin registry (/api/v1)

Operator surface backing the dashboard. The most commonly scripted routes manage sources and budgets (see Sources & collectors):

EndpointPurpose
GET /api/v1/sourcesFull source registry with status and quality.
GET /api/v1/sources/:idOne source.
PATCH /api/v1/sources/:idEnable/disable, budget caps, metadata.
GET /api/v1/poolsPool registry.
GET/POST/PATCH /api/v1/custom-poolsDedicated customer pools with verification jobs.
GET /api/v1/receiptsReceipt store (paginated).

Errors

The platform fails closed: a request that cannot be served at the required quality is refused with a JSON {"error": …} body and a non-2xx status — never silently downgraded. Streaming sessions emit a final error frame, then close. Treat any unverifiable receipt as a failed request even if bytes were delivered.