Hosted HTTP API
The same verified-data capabilities as the CLI, callable over HTTP — so an app, an agent, a serverless function, or any language can drive them without installing the engine. Each endpoint is a thin proxy to a gateway where the licensed, compiled engine runs server-side; you send JSON (artifacts as base64) and get JSON back. The browser never receives engine source. These are the same endpoints the /dashboard consoles call.
Auth, metering & conventions
- Authenticate with your dashboard session or a personal API key (
Authorization: Bearer …). - Verification is free and needs no account context beyond sign-in — the whole point is a third party checking a certificate with only the artifact. Issuing / reporting ops (e.g.
intel) meter exactly as the CLI does. - File artifacts (proofs, sealed columns, ledgers, files to analyze) are base64 in the request body (≤ 64 MB each).
- A
GETon any endpoint returns{ configured, capabilities }. Until the operator wires the gateway (AT1_API_URL), routes return{ configured: false }and the consoles run in demo mode. - A delinquent account is gated with
402 payment_requiredon metered ops (mirrors the control-plane STOP-USAGE rule).
Authenticated request
# Session cookie (from the dashboard) or a personal API key.
curl https://tinyfiles.io/api/at1/prove \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $AT1_KEY" \
-d '{ "op": "verify", "proof": "'"$(base64 -w0 proof.at1proof)"'" }'Proofs — /api/at1/prove
Verify the three portable proof types. All three are free; a tampered answer fails, every time.
POST /api/at1/prove
{ "op": "verify", "proof": "<base64 .at1proof>" } # proof-of-exactness
{ "op": "range", "sealed": "<base64 .at1>", "proof": "<base64>", # O(log N) SUM/COUNT/AVG proof
"answer": "12345.67" }
{ "op": "infer", "proof": "<base64 .npz>", "root": "<hex?>" } # proof-of-inference
-> { "verified": true, "detail": "VERIFIED: decompresses to exactly the committed data" }Regulated Archive — /api/at1/regulated
Verify an append-only WORM journal is untampered (pinpoints a broken frame), or that a redacted selective-disclosure export still matches the original seal.
POST /api/at1/regulated
{ "op": "worm", "ledger": "<base64 .at1>" } # WORM journal append-only + untampered
{ "op": "disclose", "export": "<base64 .at1>" } # redacted export still matches the ORIGINAL seal
-> { "verified": true, "detail": "..." }Intelligence & Registry — /api/at1/intel
tell_me_about(file) returns a structural report (entropy, estimated compressibility, kind, schema, discovered derived columns); dataset verify resolves a content-address and refuses on any mismatch.
POST /api/at1/intel
{ "op": "intel", "file": "<base64>", "name": "data.csv" } # tell_me_about(file) [METERED]
{ "op": "dataset", "ref": "sales-2024@v3" } # content-address resolve+verify [FREE]
-> intel: { "kind": "...", "entropy_bpb": 4.53, "est_ratio": 3.1, "schema": [...], "derived": [...] }
dataset: { "verified": true, "detail": "resolves to declared hash" }AT-1DB query — /api/at1/query
Predicate + projection over a queryable .at1. The response stats.bytes_read vs total_block_bytesis the “look how little we read” proof.
POST /api/at1/query
{ "file": "trades", "where": { "price": [42000, 43000] },
"select": ["aggId", "price", "ts"], "limit": 100 }
-> { "rows": [...], "row_count": 100, "truncated": false,
"stats": { "bytes_read": 3980, "total_block_bytes": 512344 } } # look how little we readDeploying these (operator): see docs/DEPLOY_HOSTED_SERVICES.md — set AT1_QUERY_URL and AT1_API_URL and run the two gateways. Agents: the machine-readable summary lives in /llms-full.txt.