API
HTTP API
The PoolPass services run locally with pnpm api (default http://127.0.0.1:3000). The frontend reaches them through same-origin proxy routes under /api. JSON bodies are strict; extra secret-bearing fields are rejected.
POST /accredit
Send only the 32-byte leaf hash. The demo issuer commits all eight leaves on chain and returns the path.
curlcurl -s http://127.0.0.1:3000/accredit \
-H 'content-type: application/json' \
-d '{"leaf":"<64 lowercase hex>"}'
# -> { leaf, root, epoch, index, merkle_path[3], merkle_indices[3] }POST /faucet
Mints Testnet USDC to an address. Amount optional, in base units, capped at 100,000,000,000 (10,000 tUSDC).
curlcurl -s http://127.0.0.1:3000/faucet \
-H 'content-type: application/json' \
-d '{"address":"G...","amount":"10000000000"}'POST /verify
Verifies a proof against the committed PoolPass verifying key. The server ignores caller key substitution.
curlcurl -s http://127.0.0.1:3000/verify \
-H 'content-type: application/json' \
-d '{"proof":<snarkjs proof>,"publicSignals":[<4 strings>]}'
# -> { "valid": true }POST /prove, fallback only
This endpoint is the fallback, not the default
/prove necessarily receives investor_id, cap, and investor_secret in plaintext. The default user route is in-browser proving with snarkjs. Use /prove only when a client cannot run snarkjs fast enough, and only after an explicit opt-in.
curlcurl -s http://127.0.0.1:3000/prove \
-H 'content-type: application/json' \
-d '{"input":{ ...all circuit signals... }}'
# -> { "proof": <snarkjs proof>, "publicSignals": [<4 strings>] }GET /pool/demo
Returns live PoolInfo plus { id: "demo", contractId }.
curlcurl -s http://127.0.0.1:3000/pool/demo