API

API

API is the network surface for COIN. Every endpoint authenticated. Every response governed.

ENDPOINTS

Endpoints

MethodPathAuthVault Command
GET`/api/v1/wallet`Bearer`vault user-wallet --user {token.user}`
GET`/api/v1/timeline`Bearer`vault user-timeline --user {token.user}`
POST`/api/v1/transfer`Bearer`vault transfer --from {token.user} --to {body.to} --amount {body.amount}`
POST`/api/v1/spend`Bearer`vault spend --user {token.user} --seller {body.seller} --amount {body.amount} --product {body.product}`
POST`/api/v1/settle`Bearer`vault settle --user {token.user} --amount {body.amount}`
GET`/api/v1/verify`Bearer`vault verify-wallet --user {token.user}`
GET`/api/v1/shop`NoneRead VAULT/VIEWS/shop.json
GET`/api/v1/shop/{user}`NoneRead USER SHOP products
POST`/api/v1/checkout`NoneCreate Stripe Checkout session
POST`/api/v1/webhook/stripe`Stripe sigHandle Stripe webhook events
AUTH FLOW

Auth Flow

USER runs: vault auth --user DEXTER Returns: signed JWT-like token (1h expiry) Client sends: Authorization: Bearer <token> API verifies: Ed25519 signature + expiry + USER principal

CONFIGURATION

Configuration

~/.canonic/SERVICES/API/config.json { "host": "0.0.0.0", "port": 8255, "cors_origins": [ "https://canonic-canonic.github.io", "https://hadleylab-canonic.github.io", "https://hadleylab-dexter.github.io", "https://api.canonic.org" ] }

RATE LIMITS

Rate Limits

EndpointLimitKey
All endpoints60 req/minIP
RUNTIME

Runtime

~/.canonic/bin/api — HTTP server (Python) ~/.canonic/SERVICES/API/ — Service governance + config

*API SPEC SERVICES*
TALK AUTO