Skip to content

Endpoints

Base URL: https://vectorlabz.io/api/v1

All requests require an API key (x-api-key). See Authentication. This is the public surface — reading hub data and awarding points. Owner and admin configuration happens in the studio UI, not through this API.


Get hub configuration

GET /hub/{slug}

Public hub configuration for embeds and clients.

Parameter In Required Description
slug path yes The hub's slug (e.g. aevon).

Responses: 200 OK · 401 unauthorized · 403 forbidden · 404 not found

curl https://vectorlabz.io/api/v1/hub/aevon \
  -H "x-api-key: $VECTORLABZ_API_KEY"

Get the staking leaderboard

GET /hub/{slug}/leaderboard

Parameter In Required Description
slug path yes The hub's slug.
limit query no Max rows to return.

Responses: 200 OK · 401 · 403

curl "https://vectorlabz.io/api/v1/hub/aevon/leaderboard?limit=25" \
  -H "x-api-key: $VECTORLABZ_API_KEY"

Get holder status + VECTOR balance

GET /hub/{slug}/holder/{wallet}

Parameter In Required Description
slug path yes The hub's slug.
wallet path yes The holder's wallet address.

Responses: 200 OK · 401 · 403

curl https://vectorlabz.io/api/v1/hub/aevon/holder/9vBXYh…7Rvj \
  -H "x-api-key: $VECTORLABZ_API_KEY"

Get a wallet's staking summary

GET /hub/{slug}/stake-status

Parameter In Required Description
slug path yes The hub's slug.
wallet query yes The wallet to summarize.

Responses: 200 OK · 400 bad request · 401 · 403

curl "https://vectorlabz.io/api/v1/hub/aevon/stake-status?wallet=9vBXYh…7Rvj" \
  -H "x-api-key: $VECTORLABZ_API_KEY"

Award VECTOR to a wallet

POST /hub/{slug}/bits/earn

Award VECTOR (reward points) to a wallet. Server-to-server only — in addition to x-api-key, this request must be signed with x-api-timestamp and x-api-signature. See Authentication.

Parameter In Required Description
slug path yes The hub's slug.

Request body (application/json):

{
  "wallet": "9vBXYh…7Rvj",
  "amount": 100,
  "reason": "quest_completed",
  "ref": "unique-idempotency-key"
}

Responses: 200 OK · 400 bad request · 401 · 403

Never expose the signing secret client-side

bits/earn mutates balances, so it is signed and must only be called from your backend. Never ship the API secret to a browser or mobile client.