API

API overview

Every Verivyx surface is an HTTP API. This page covers the base URLs, authentication, and conventions shared across them. For endpoints and schemas by area, see the Payment & content API and the Creator & auth API.

Hosts

  • https://api.verivyx.com — REST API: payments, content hydration, auth & creator, connect.
  • https://mcp.verivyx.com — the x402 MCP server for AI agents.
  • https://playground.verivyx.com — the sandboxed playground agent.

Authentication

Different surfaces use different credentials:

  • Creator JWTAuthorization: Bearer <token>. Returned by login and email verification; required for creator and admin endpoints.
  • x402 paymentX-PAYMENT or PAYMENT-SIGNATURE, a signed Stellar payment. Used to unlock paid content.
  • Human session JWT — issued by /auth/verify-human after a proof-of-work challenge; lets a verified browser hydrate content.
  • MCP keyX-Verivyx-MCP-Key (or a Bearer key) for the MCP server.
Internal service-mesh endpoints (X-Internal-Token) and admin endpoints are not for public callers and are documented separately in the admin-gated internal reference.

Conventions

  • Requests and responses are JSON unless noted (the playground chat streams Server-Sent Events).
  • Errors return a non-2xx status with a body like { "error": "code", "detail": "..." }.
  • USDC amounts on the wire are atomic, 7-decimal units — 1 USDC = 10,000,000.
  • Several public endpoints are rate-limited per IP and gated by Cloudflare Turnstile.
  • The payment surface follows the x402 v2 specification (Coinbase x402) and settles on Stellar; networks use CAIP-2 ids such as stellar:testnet.

Quick example

bash
# Log in and call an authenticated endpoint
TOKEN=$(curl -s https://api.verivyx.com/api/v1/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","password":"…","turnstileToken":"…"}' \
  | jq -r .token)

curl https://api.verivyx.com/api/v1/auth/me \
  -H "Authorization: Bearer $TOKEN"

Where to next