API

HTTP API

The PoolPass services run locally with pnpm api (default http://127.0.0.1:3000). The frontend reaches them through same-origin proxy routes under /api. JSON bodies are strict; extra secret-bearing fields are rejected.

POST /accredit

Send only the 32-byte leaf hash. The demo issuer commits all eight leaves on chain and returns the path.

curlcurl -s http://127.0.0.1:3000/accredit \
  -H 'content-type: application/json' \
  -d '{"leaf":"<64 lowercase hex>"}'

# -> { leaf, root, epoch, index, merkle_path[3], merkle_indices[3] }

POST /faucet

Mints Testnet USDC to an address. Amount optional, in base units, capped at 100,000,000,000 (10,000 tUSDC).

curlcurl -s http://127.0.0.1:3000/faucet \
  -H 'content-type: application/json' \
  -d '{"address":"G...","amount":"10000000000"}'

POST /verify

Verifies a proof against the committed PoolPass verifying key. The server ignores caller key substitution.

curlcurl -s http://127.0.0.1:3000/verify \
  -H 'content-type: application/json' \
  -d '{"proof":<snarkjs proof>,"publicSignals":[<4 strings>]}'

# -> { "valid": true }

POST /prove, fallback only

This endpoint is the fallback, not the default

/prove necessarily receives investor_id, cap, and investor_secret in plaintext. The default user route is in-browser proving with snarkjs. Use /prove only when a client cannot run snarkjs fast enough, and only after an explicit opt-in.

curlcurl -s http://127.0.0.1:3000/prove \
  -H 'content-type: application/json' \
  -d '{"input":{ ...all circuit signals... }}'

# -> { "proof": <snarkjs proof>, "publicSignals": [<4 strings>] }

GET /pool/demo

Returns live PoolInfo plus { id: "demo", contractId }.

curlcurl -s http://127.0.0.1:3000/pool/demo