Skip to main content

API Overview

Quickstart

Run the full flow in 4 API calls.

Stealth endpoints

Create and scan stealth payments.

Yellow endpoints

Private trading channels.

Base URLs

EnvironmentURL
Productionhttps://backend.specterpq.com
Local devhttp://localhost:3001

Endpoint map

GroupEndpointsPurpose
KeysPOST /keys/generateGenerate ML-KEM-768 keypairs and meta-address
StealthPOST /stealth/create, POST /stealth/scanCreate stealth payments, discover incoming payments
RegistryPOST /registry/announcements, GET /registry/announcements, GET /registry/statsStore and query announcements
NamesGET /ens/resolve/:name, GET /suins/resolve/:nameENS and SuiNS name resolution
IPFSPOST /ipfs/upload, GET /ipfs/:cidMeta-address storage and retrieval
YellowPOST /yellow/channel/*, GET /yellow/configPrivate channel operations

The integration loop

01

Health check

Confirm the backend is alive with GET /health.

02

Generate keys

POST /api/v1/keys/generate returns spending/viewing keypairs and a meta-address.

03

Create stealth payment

POST /api/v1/stealth/create with the recipient's meta-address.

04

Publish announcement

POST /api/v1/registry/announcements with the returned ciphertext and view tag.

05

Scan and recover

POST /api/v1/stealth/scan with recipient keys to find and recover payments.

Quick health check

curl -s https://backend.specterpq.com/health | jq .

Authentication and security

The API server includes built-in security middleware:

  • API key auth for write endpoints (when API_KEY env var is set)
  • Per-IP rate limiting (default: 10 req/s, 30 burst)
  • Security headers (CSP, X-Frame-Options, X-Content-Type-Options)
  • Body size limits to prevent abuse
  • CORS configurable via ALLOWED_ORIGINS
Warning

If API_KEY is not configured, write routes are open. Always set an API key in production.

See Auth and Errors for the full error contract and status codes.

Need help with the API? Email pranshurastogi3196@gmail.com or open an issue on GitHub.