Verivyx
Open app

API

Creator & auth API

Accounts, content management, analytics, humanity verification, and the zero-config Connect handshake. Base URL https://api.verivyx.com. Creator endpoints requireAuthorization: Bearer <token>.

Accounts

  • POST /api/v1/auth/register{ email, password, turnstileToken }. Creates an unverified account and emails a verification link.
  • POST /api/v1/auth/verify-email{ token }. Verifies and returns a session token + user.
  • POST /api/v1/auth/resend-verification{ email }. Always returns success.
  • POST /api/v1/auth/login{ email, password, turnstileToken }. Returns token + user. Email must be verified.
bash
curl https://api.verivyx.com/api/v1/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","password":"…","turnstileToken":"…"}'
# → { "status": "success", "token": "<jwt>", "user": { … } }

Profile & payouts

  • GET /api/v1/auth/me — the current creator.
  • PATCH /api/v1/auth/settings — update pricePerRequest (0.0001–1 USDC), domain, stellar_address, or paywallEnabled. The price must strictly exceed the platform fee (default 0.001 USDC) — a lower or equal price is rejected with price_must_exceed_platform_fee.
  • GET /api/v1/auth/payout-status — checks the creator's on-chain USDC trustline / payout readiness.

Content

  • GET /api/v1/auth/contents — list content (metadata only).
  • POST /api/v1/auth/contents{ slug, title?, body, mimeType? }. Body up to 200 KB.
  • GET /api/v1/auth/contents/{slug} — one item with body.
  • PATCH /api/v1/auth/contents/{slug} — update title/body/mimeType.
  • DELETE /api/v1/auth/contents/{slug} — delete.
bash
curl https://api.verivyx.com/api/v1/auth/contents \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"slug":"my-article","title":"My article","body":"<p>…</p>"}'
# → 201 { "content": { "id": 1, "slug": "my-article", … } }

Analytics & transactions

  • GET /api/v1/auth/analytics — a 7-day summary: totals, per-agent breakdown, recent activity, reputation signals, anomalies.
  • GET /api/v1/auth/transactions?limit&cursor — settled payments, newest first. Page with nextCursor.

Humanity verification

A two-step proof-of-work flow used by the browser paywall to issue a human session (which the hydration service accepts). The difficulty adapts to the requester's reputation.

  • POST /api/v1/auth/challenge{ domain, slug } → a signed challenge, salt, difficulty.
  • POST /api/v1/auth/verify-human{ challenge, nonce }{ sessionToken, ttlSeconds }.

Connect handshake

The zero-config "Connect to Verivyx" flow that provisions a per-domain token (used by the WordPress plugin). OAuth-authorization-code style — the secret is only returned at the final server-to-server exchange.

  • POST /api/v1/domains/connect/init{ site }{ connect_id, nonce }.
  • POST /api/v1/domains/connect/authorize — Bearer; { connect_id }. Verifies ownership via an SSRF-guarded callback and returns a one-time code.
  • POST /api/v1/domains/connect/token{ connect_id, code }{ token } (the per-domain internal token).
Also public: POST /api/v1/mcp-waitlist joins the MCP early-access waitlist ({ email, turnstileToken }).