Skip to content

API overview

The public API lets your own app, bot or backend read hub data and award points. It's versioned, key-authenticated, and CORS-enabled for browser reads.

Base URL:

https://vectorlabz.io/api/v1

A no-auth discovery document lists the current surface:

curl https://vectorlabz.io/api/v1

What's public

Method Path Purpose
GET /hub/{slug} Hub configuration for embeds/clients
GET /hub/{slug}/leaderboard?limit= Top stakers
GET /hub/{slug}/holder/{wallet} Holder status + VECTOR balance
GET /hub/{slug}/stake-status?wallet= A wallet's staking summary
POST /hub/{slug}/bits/earn Award VECTOR (signed, server-to-server)

See the API reference for full request and response schemas.

Note

This is the whole public surface — reads plus one signed write. Owner and admin configuration (creating hubs, phases, allowlists, roles) happens in the studio UI and is not exposed as an API.

Read vs. write

  • Reads need only your public clientId in x-api-key. Safe from a browser.
  • Writes (/bits/earn) additionally need an HMAC signature proving you hold the secret. Server-to-server only — never ship the secret to a browser.

See Authentication for both.

Scoping

An API key is scoped to one hub. A key issued for hub-a can't read or write hub-b — you'll get 403 forbidden. Mint one key per hub you operate.