KiiWORKS / Documentation

API Reference

SOURCE · docs/api-reference.md · synced from the engineering repo

API Reference

All services are mounted under /api/{service-name}/. The node runs on port 4000 by default.

Base URL: http://localhost:4000/api/{service-name}


Table of Contents

  1. Auth
  2. Entity Storage
  3. Blob Storage
  4. Document Management
  5. Verifiable Storage
  6. Synchronised Storage
  7. Immutable Proof
  8. Logging
  9. Identity Auth
  10. Attestation
  11. Trust
  12. Rights Management
  13. DPP (Digital Product Passport)
  14. IoT Ingest
  15. Feedback
  16. Regulator
  17. Lineage
  18. Circular
  19. Geo
  20. Event Bus
  21. Event Stream (WebSocket)
  22. Telemetry
  23. Background Task
  24. Workflow
  25. Webhook
  26. Sentinel
  27. Gateway
  28. Wallet
  29. Wire Service
  30. Identity (Forge)
  31. Supply Chain (Trace)
  32. NFT (Stamp)
  33. Dataspace
  34. Data Space Connector
  35. Data Processing
  36. Federated Catalogue
  37. Auditable Item Graph
  38. Auditable Item Stream

Auth

Authentication and JWT token management.

MethodPathDescription
POST/api/auth/loginAuthenticate with username/password, returns JWT
POST/api/auth/validateValidate a JWT token

POST /api/auth/login

// Request
{"username": "alice", "password": "secure_password"}

// Response 200
{"token": "eyJhbGci...", "expires_in": 3600}

Entity Storage

JSON entity CRUD with collection-based organization. Supports PostgreSQL or in-memory backend.

MethodPathDescription
POST/api/entity-storage/{collection}Create entity in collection
GET/api/entity-storage/{collection}/{id}Get entity by ID
PUT/api/entity-storage/{collection}/{id}Update entity
DELETE/api/entity-storage/{collection}/{id}Delete entity
POST/api/entity-storage/{collection}/findQuery entities with filter
POST/api/entity-storage/{collection}/countCount matching entities

POST /api/entity-storage/{collection}

// Request — any JSON object
{"name": "Widget A", "price": 29.99, "category": "electronics"}

// Response 201
{"id": "uuid-here", "name": "Widget A", "price": 29.99, "category": "electronics"}

POST /api/entity-storage/{collection}/find

// Request
{"filter": {"category": "electronics"}, "limit": 10, "offset": 0}

// Response 200
[{"id": "...", "name": "Widget A", ...}]

Blob Storage

Binary object storage with metadata.

MethodPathDescription
POST/api/blob-storage/blobs/{*key}Store a blob
GET/api/blob-storage/blobs/{*key}Retrieve a blob
DELETE/api/blob-storage/blobs/{*key}Delete a blob
GET/api/blob-storage/metadata/{*key}Get blob metadata
GET/api/blob-storage/blobsList all blobs

Immutable Proof

SHA-256 proof generation and blockchain anchoring.

MethodPathDescription
POST/api/immutable-proof/proofsCreate a SHA-256 proof
GET/api/immutable-proof/proofs/{id}Get proof by ID
POST/api/immutable-proof/proofs/{id}/verifyVerify a proof
POST/api/immutable-proof/proofs/{id}/anchorAnchor proof on blockchain

POST /api/immutable-proof/proofs

// Request
{"data": "base64-encoded-data"}

// Response 201
{"id": "proof-uuid", "hash": "sha256-hex", "created_at": "2026-03-20T10:00:00Z"}

Identity Auth

DID-based challenge/response authentication.

MethodPathDescription
POST/api/identity-auth/challengeRequest an auth challenge for a DID
POST/api/identity-auth/verifySubmit signed challenge for verification

POST /api/identity-auth/challenge

// Request
{"did": "did:kaspa:testnet-12:a1b2c3..."}

// Response 200
{"challenge": "base64-nonce", "expires_at": "2026-03-20T10:05:00Z"}

POST /api/identity-auth/verify

// Request
{"did": "did:kaspa:testnet-12:a1b2c3...", "challenge": "base64-nonce", "signature": "hex-schnorr-sig"}

// Response 200
{"valid": true, "token": "eyJhbGci..."}

Event Bus

Pub/sub event distribution.

MethodPathDescription
POST/api/event-bus/publishPublish an event to a topic

Event Stream (WebSocket)

MethodPathDescription
GET/api/event-stream/ws/eventsWebSocket connection for real-time events

Background Task

Task scheduling and execution.

MethodPathDescription
POST/api/background-task/tasksSubmit a new task
GET/api/background-task/tasksList all tasks
GET/api/background-task/tasks/statsTask statistics
GET/api/background-task/tasks/{id}Get task by ID
DELETE/api/background-task/tasks/{id}Remove a task
POST/api/background-task/tasks/{id}/startStart a task
POST/api/background-task/tasks/{id}/completeMark task complete
POST/api/background-task/tasks/{id}/cancelCancel a task
POST/api/background-task/tasks/{id}/pausePause a task
POST/api/background-task/tasks/{id}/resumeResume a paused task

Scheduler Endpoints

MethodPathDescription
POST/api/background-task/scheduler/tasksCreate scheduled task
GET/api/background-task/scheduler/tasksList scheduled tasks
GET/api/background-task/scheduler/tasks/{id}Get scheduled task
POST/api/background-task/scheduler/checkCheck and trigger due tasks

DPP

Digital Product Passport — ESPR/EPCIS/GS1 compliant.

MethodPathDescription
POST/api/dpp/dppCreate a new passport
GET/api/dpp/dppList all passports
GET/api/dpp/dpp/{id}Get passport by ID
PUT/api/dpp/dpp/{id}Update passport
POST/api/dpp/dpp/{id}/lifecycleAdd a lifecycle stage
POST/api/dpp/dpp/{id}/anchorAnchor passport hash on Kaspa
POST/api/dpp/dpp/{id}/epcisIngest EPCIS event → auto-map to lifecycle
GET/api/dpp/dpp/{id}/qrGenerate QR code (PNG) with GS1 Digital Link

POST /api/dpp/dpp

// Request
{
  "product_name": "Li-Ion Battery Module 48V",
  "gtin": "04012345000010",
  "manufacturer": "did:kaspa:testnet-12:abc123",
  "category": "EV Battery",
  "batch_id": "BATCH-2026-001"
}

// Response 201
{
  "id": "dpp-uuid",
  "product_name": "Li-Ion Battery Module 48V",
  "gtin": "04012345000010",
  "lifecycle_stages": [],
  "anchors": [],
  "created_at": "2026-03-20T10:00:00Z"
}

POST /api/dpp/dpp/{id}/epcis

// Request
{
  "event_type": "ObjectEvent",
  "action": "OBSERVE",
  "biz_step": "urn:epcglobal:cbv:bizstep:commissioning",
  "disposition": "urn:epcglobal:cbv:disp:active",
  "event_time": "2026-03-20T10:00:00Z",
  "read_point": "urn:epc:id:sgln:0012345.11111.0"
}

// Response 200
{"lifecycle_stage": "Manufacturing", "event_recorded": true}

GET /api/dpp/dpp/{id}/qr

Returns Content-Type: image/png — a QR code encoding the GS1 Digital Link URI.


IoT Ingest

Sensor data ingestion for DPP lifecycle updates.

MethodPathDescription
POST/api/iot-ingest/iot/devicesRegister an IoT device
GET/api/iot-ingest/iot/devicesList registered devices
GET/api/iot-ingest/iot/devices/{id}Get device details
PUT/api/iot-ingest/iot/devices/{id}Update device
POST/api/iot-ingest/iot/ingestBatch ingest sensor readings
GET/api/iot-ingest/iot/readingsList recent readings
GET/api/iot-ingest/iot/devices/{id}/readingsReadings for a specific device
POST/api/iot-ingest/iot/thresholdsCreate threshold rule
GET/api/iot-ingest/iot/thresholdsList threshold rules
DELETE/api/iot-ingest/iot/thresholds/{id}Delete threshold rule

POST /api/iot-ingest/iot/ingest

// Request
{
  "device_id": "sensor-001",
  "readings": [
    {"sensor_type": "Temperature", "value": 42.5, "unit": "CEL", "timestamp": "2026-03-20T10:00:00Z"},
    {"sensor_type": "Humidity", "value": 65.0, "unit": "P1", "timestamp": "2026-03-20T10:00:00Z"}
  ]
}

// Response 200
{"ingested": 2, "threshold_alerts": 0, "lifecycle_updates": 0}

Feedback

Consumer micropayment feedback with sompi rewards.

MethodPathDescription
POST/api/feedback/feedbackSubmit feedback for a product
GET/api/feedback/feedbackList all feedback
GET/api/feedback/feedback/{id}Get feedback by ID
GET/api/feedback/feedback/passport/{passport_id}Feedback for a passport
GET/api/feedback/feedback/statsFeedback statistics
GET/api/feedback/feedback/configGet reward configuration
PUT/api/feedback/feedback/configUpdate reward configuration

Reward Calculation

  • Base reward: 1,000 sompi
  • Photo bonus: +500 sompi
  • Defect report bonus: +2,000 sompi
  • Daily cap: 10,000 sompi per user

Regulator

Regulatory compliance query responder.

MethodPathDescription
POST/api/regulator/regulator/reportsCreate compliance report
GET/api/regulator/regulator/reportsList reports
GET/api/regulator/regulator/reports/{id}Get report by ID
POST/api/regulator/regulator/queryExecute regulatory query
GET/api/regulator/regulator/carbon/{passport_id}Carbon footprint report
GET/api/regulator/regulator/materials/{passport_id}Material composition report
GET/api/regulator/regulator/battery/{passport_id}Battery-specific report
POST/api/regulator/regulator/compliance/{passport_id}Run compliance checks
POST/api/regulator/regulator/carbonSubmit carbon data
POST/api/regulator/regulator/materialsSubmit material declaration
POST/api/regulator/regulator/batterySubmit battery data
GET/api/regulator/regulator/auditGet audit trail

Pre-built Compliance Checks

EU Battery Regulation (5 checks):

  1. Carbon footprint below threshold
  2. Recycled content minimums met
  3. State of health monitoring active
  4. Material composition complete
  5. Due diligence documentation present

ESPR (4 checks):

  1. Data completeness (all required fields)
  2. Lifecycle coverage (all stages recorded)
  3. Tamper evidence (blockchain anchored)
  4. Data carrier available (QR/Digital Link)

Lineage

Product-to-product DAG for supply chain traceability.

MethodPathDescription
POST/api/lineage/lineage/nodesCreate a lineage node
GET/api/lineage/lineage/nodesList all nodes
GET/api/lineage/lineage/nodes/{id}Get node by ID
POST/api/lineage/lineage/edgesCreate an edge (with cycle detection)
GET/api/lineage/lineage/edgesList all edges
GET/api/lineage/lineage/nodes/{id}/edgesEdges for a specific node
GET/api/lineage/lineage/nodes/{id}/traceTrace ancestors (upstream)
GET/api/lineage/lineage/nodes/{id}/impactTrace descendants (downstream)
GET/api/lineage/lineage/pathFind shortest path between nodes
GET/api/lineage/lineage/rootsList root nodes (no parents)
GET/api/lineage/lineage/leavesList leaf nodes (no children)
GET/api/lineage/lineage/statsGraph statistics

Node Types

RawMaterial, Component, SubAssembly, Assembly, FinishedProduct, Facility, Mine, Recycler

Edge Relationships

ContainedIn, SourcedFrom, ManufacturedAt, AssembledFrom, RecycledInto, TestedAt, ShippedVia, OwnedBy


Circular

Circular economy marketplace for end-of-life materials.

MethodPathDescription
POST/api/circular/circular/listingsCreate material listing
GET/api/circular/circular/listingsList all listings
GET/api/circular/circular/listings/{id}Get listing by ID
PUT/api/circular/circular/listings/{id}Update listing
DELETE/api/circular/circular/listings/{id}Withdraw listing
POST/api/circular/circular/searchSearch with geospatial filter
POST/api/circular/circular/listings/{id}/bidsPlace a bid
GET/api/circular/circular/listings/{id}/bidsList bids
POST/api/circular/circular/listings/{id}/bids/{bid_id}/acceptAccept a bid
POST/api/circular/circular/listings/{id}/bids/{bid_id}/rejectReject a bid
GET/api/circular/circular/statsMarket statistics

POST /api/circular/circular/search

// Request
{
  "material_type": "Lithium",
  "max_distance_km": 500,
  "location": {"lat": 52.37, "lon": 4.89},
  "min_quantity": 100
}

// Response 200
[{"id": "listing-uuid", "material": "Lithium", "quantity": 500, "distance_km": 123.4, ...}]

Geo

Geospatial supply chain tracking.

MethodPathDescription
POST/api/geo/geo/locationsBatch ingest location data
GET/api/geo/geo/locations/{entity_id}Location history for entity
GET/api/geo/geo/locations/{entity_id}/latestLatest location
GET/api/geo/geo/locations/{entity_id}/routeRoute (ordered waypoints)
POST/api/geo/geo/fencesCreate a geofence
GET/api/geo/geo/fencesList geofences
GET/api/geo/geo/fences/{id}Get geofence details
DELETE/api/geo/geo/fences/{id}Delete geofence
GET/api/geo/geo/fences/{id}/crossingsFence crossing events
POST/api/geo/geo/nearbySearch nearby entities
GET/api/geo/geo/statsGeospatial statistics

Spatial Algorithms

  • Haversine distance: Great-circle distance between two points
  • Point-in-polygon: Ray casting algorithm for geofence containment
  • Fence crossing detection: Entry/exit event generation
  • Nearby search: Radius-based entity search

Sentinel

Anomaly detection and integrity watchdog.

MethodPathDescription
POST/api/sentinel/sentinel/rulesCreate monitoring rule
GET/api/sentinel/sentinel/rulesList all rules
GET/api/sentinel/sentinel/rules/{id}Get rule by ID
PUT/api/sentinel/sentinel/rules/{id}Update rule
DELETE/api/sentinel/sentinel/rules/{id}Delete rule
POST/api/sentinel/sentinel/ingestIngest data points
GET/api/sentinel/sentinel/alertsList alerts (with filtering)
GET/api/sentinel/sentinel/alerts/{id}Get alert by ID
POST/api/sentinel/sentinel/alerts/{id}/acknowledgeAcknowledge alert
POST/api/sentinel/sentinel/alerts/{id}/resolveResolve alert
POST/api/sentinel/sentinel/analyzeRun manual analysis
GET/api/sentinel/sentinel/statsAlert statistics

Rule Types

TypeDescriptionKey Parameters
AnchorFrequencyDetect gaps in blockchain anchoringmax_gap_hours
GapDetectionDetect missing data pointsmax_gap_hours
ValueThresholdDetect sudden value changesthreshold_percent
SequenceCheckDetect out-of-order eventsexpected_sequence (array)
VolumeBaselineDetect volume anomalies (std deviation)window_size, std_dev_threshold
ComplianceWatchDetect expiring certificationswarning_days

Alert Filtering

GET /api/sentinel/sentinel/alerts?severity=high&acknowledged=false&since=2026-03-01T00:00:00Z

Gateway

API key management and rate limiting.

MethodPathDescription
POST/api/gateway/gateway/keysCreate API key (raw key shown once)
GET/api/gateway/gateway/keysList all keys (no hashes exposed)
GET/api/gateway/gateway/keys/{id}Get key info
PUT/api/gateway/gateway/keys/{id}Update key (name, permissions, limits)
DELETE/api/gateway/gateway/keys/{id}Revoke key
POST/api/gateway/gateway/keys/{id}/rotateRotate key (new key, old revoked)
GET/api/gateway/gateway/keys/{id}/usageUsage report
POST/api/gateway/gateway/validateValidate a raw API key

POST /api/gateway/gateway/keys

// Request
{
  "name": "production-frontend",
  "permissions": ["dpp:read", "dpp:write", "wallet:read"],
  "rate_limit": {"requests_per_minute": 120, "requests_per_hour": 5000, "requests_per_day": 50000}
}

// Response 201
{
  "id": "key-uuid",
  "name": "production-frontend",
  "key": "kw_a1b2c3d4...",  // SHOWN ONCE — save this!
  "key_prefix": "kw_a1b2c",
  "permissions": ["dpp:read", "dpp:write", "wallet:read"],
  "rate_limit": {"requests_per_minute": 120, ...},
  "warning": "Store this key securely. It will not be shown again."
}

POST /api/gateway/gateway/validate

// Request
{"key": "kw_a1b2c3d4..."}

// Response 200
{"valid": true, "key_id": "key-uuid", "permissions": ["dpp:read", ...], "rate_limited": false}

Wallet

BIP-39 HD wallet management.

MethodPathDescription
POST/api/wallet/walletsCreate wallet (mnemonic shown once)
GET/api/wallet/wallets/{id}Get wallet info (no secrets)
GET/api/wallet/wallets/{id}/balanceQuery balance
GET/api/wallet/wallets/{id}/utxosList UTXOs
POST/api/wallet/wallets/{id}/deriveDerive next address
POST/api/wallet/wallets/{id}/sendSend KAS

POST /api/wallet/wallets

// Request
{"network": "testnet-12"}

// Response 201
{
  "id": "wallet-uuid",
  "address": "kaspatest:qr...",
  "network": "testnet-12",
  "mnemonic": "word1 word2 ... word12",  // SHOWN ONCE
  "created_at": "2026-03-20T10:00:00Z"
}

POST /api/wallet/wallets/{id}/send

// Request
{"to": "kaspatest:qr...", "amount": 100000000, "fee": 30000}

// Response 200
{"tx_id": "hex-txid", "amount": 100000000, "fee": 30000}

Wire Service

Encrypted P2P messaging channels (X25519 + XChaCha20-Poly1305 with HKDF-SHA256 directional key separation).

MethodPathDescription
POST/api/wire/channelsCreate channel (generate keypair)
GET/api/wire/channelsList channels
GET/api/wire/channels/{id}Get channel info
POST/api/wire/channels/{id}/handshakeExchange peer public key
POST/api/wire/channels/{id}/messagesSend encrypted message
GET/api/wire/channels/{id}/messagesList messages (decrypted)
GET/api/wire/channels/{id}/messages/{msg_id}Get single message

Channel Lifecycle

  1. Create: Generates X25519 keypair, returns public key (hex)
  2. Handshake: Accept peer’s public key → derive shared secret
  3. Send: Encrypt payload with XChaCha20-Poly1305 (192-bit random nonce) using a per-direction key derived via HKDF-SHA256 from the shared secret
  4. Receive: Decrypt messages using shared secret

Workflow

Compliance state machine engine.

MethodPathDescription
POST/api/workflow/workflowsCreate workflow definition
GET/api/workflow/workflowsList definitions
GET/api/workflow/workflows/{id}Get definition
DELETE/api/workflow/workflows/{id}Delete definition
POST/api/workflow/workflows/{id}/instancesCreate instance from definition
GET/api/workflow/instances/{id}Get instance
POST/api/workflow/instances/{id}/transitionApply state transition
GET/api/workflow/instances/{id}/transitionsAvailable transitions
GET/api/workflow/instances/{id}/historyTransition history
POST/api/workflow/instances/{id}/suspendSuspend instance
POST/api/workflow/instances/{id}/resumeResume instance

Webhook

HMAC-SHA256 signed outbound event delivery.

MethodPathDescription
POST/api/webhook/webhooksCreate subscription
GET/api/webhook/webhooksList subscriptions
GET/api/webhook/webhooks/{id}Get subscription
PUT/api/webhook/webhooks/{id}Update subscription
DELETE/api/webhook/webhooks/{id}Delete subscription
POST/api/webhook/webhooks/{id}/testSend test delivery
GET/api/webhook/webhooks/{id}/deliveriesDelivery history
GET/api/webhook/webhooks/{id}/statsDelivery statistics
POST/api/webhook/webhooks/triggerTrigger event for all matching subscriptions

Event Types (14)

DppCreated, DppUpdated, DppAnchored, LifecycleStageAdded, WalletCreated, TransactionSubmitted, AlertGenerated, AlertAcknowledged, FeedbackSubmitted, ComplianceCheckFailed, GeofenceCrossing, WorkflowTransitioned, ApiKeyCreated, ApiKeyRevoked


Logging

Structured audit log.

MethodPathDescription
POST/api/logging/logsWrite a log entry
GET/api/logging/logsQuery log entries

Trust

Gaia-X trust framework and artefact verification.

Routes include trust credential management, compliance checking, and artefact verification.


Rights Management

ODRL-based digital rights and policy management.

Routes include policy CRUD, agreement creation, and policy evaluation.


Attestation

Credential attestation management.

Routes include attestation creation, verification, and status management.


Dataspace

IDSA Dataspace Protocol implementation.

Control Plane

Contract negotiation and transfer process management.

Data Plane

Catalogue queries and data asset access.


Federated Catalogue

Cross-organisation asset discovery and registration.


Data Space Connector

Organisation-to-organisation data exchange management.


Data Processing

ETL pipeline definition and execution.


Auditable Item Graph

DAG of auditable items with provenance tracking.


Auditable Item Stream

Append-only auditable event stream.


Common Response Patterns

Success

// 200 OK
{"id": "uuid", "name": "item", ...}

// 201 Created
{"id": "uuid", "name": "item", ...}

// 204 No Content (for deletes)

Errors

// 400 Bad Request
{"error": "invalid field: name is required"}

// 404 Not Found
{"error": "not found"}

// 409 Conflict
{"error": "already exists"}

// 429 Too Many Requests
{"error": "rate limit exceeded"}

Pagination

Services that support pagination accept limit and offset query parameters:

GET /api/entity-storage/products?limit=20&offset=40

Filtering

Many list endpoints accept query parameters for filtering:

GET /api/sentinel/sentinel/alerts?severity=high&acknowledged=false&since=2026-03-01T00:00:00Z