Endpoints¶
Base URL: https://vectorlabz.io/api/v1
All requests require an API key (x-api-key). See Authentication.
This is the public surface — reading hub data and awarding points. Owner and
admin configuration happens in the studio UI, not through this API.
Get hub configuration¶
GET /hub/{slug}
Public hub configuration for embeds and clients.
| Parameter | In | Required | Description |
|---|---|---|---|
slug |
path | yes | The hub's slug (e.g. aevon). |
Responses: 200 OK · 401 unauthorized · 403 forbidden · 404 not found
Get the staking leaderboard¶
GET /hub/{slug}/leaderboard
| Parameter | In | Required | Description |
|---|---|---|---|
slug |
path | yes | The hub's slug. |
limit |
query | no | Max rows to return. |
Responses: 200 OK · 401 · 403
curl "https://vectorlabz.io/api/v1/hub/aevon/leaderboard?limit=25" \
-H "x-api-key: $VECTORLABZ_API_KEY"
Get holder status + VECTOR balance¶
GET /hub/{slug}/holder/{wallet}
| Parameter | In | Required | Description |
|---|---|---|---|
slug |
path | yes | The hub's slug. |
wallet |
path | yes | The holder's wallet address. |
Responses: 200 OK · 401 · 403
curl https://vectorlabz.io/api/v1/hub/aevon/holder/9vBXYh…7Rvj \
-H "x-api-key: $VECTORLABZ_API_KEY"
Get a wallet's staking summary¶
GET /hub/{slug}/stake-status
| Parameter | In | Required | Description |
|---|---|---|---|
slug |
path | yes | The hub's slug. |
wallet |
query | yes | The wallet to summarize. |
Responses: 200 OK · 400 bad request · 401 · 403
curl "https://vectorlabz.io/api/v1/hub/aevon/stake-status?wallet=9vBXYh…7Rvj" \
-H "x-api-key: $VECTORLABZ_API_KEY"
Award VECTOR to a wallet¶
POST /hub/{slug}/bits/earn
Award VECTOR (reward points) to a wallet. Server-to-server only — in addition
to x-api-key, this request must be signed with x-api-timestamp and
x-api-signature. See Authentication.
| Parameter | In | Required | Description |
|---|---|---|---|
slug |
path | yes | The hub's slug. |
Request body (application/json):
{
"wallet": "9vBXYh…7Rvj",
"amount": 100,
"reason": "quest_completed",
"ref": "unique-idempotency-key"
}
Responses: 200 OK · 400 bad request · 401 · 403
Never expose the signing secret client-side
bits/earn mutates balances, so it is signed and must only be called from
your backend. Never ship the API secret to a browser or mobile client.