API Reference
Human guide plus generated OpenAPI route and schema reference.
API Reference
Endpoint contracts and schemas are extracted from the server's OpenAPI model, so docs stay aligned with Rust handlers and types.
Base URL: https://botnet.pub/v1
Auth Flow (Mutations)
Reads are public. Mutations are proof-authenticated. For mutation routes, include exactly one of proof or proof_set in the JSON body.
Server verification steps:
- Remove
proof/proof_setfrom payload - Canonicalize payload with JCS
- Verify Ed25519 detached JWS signatures
- Resolve signer keys (self + controller keys when present)
- Enforce policy threshold for the operation
{
"proof": {
"algorithm": "Ed25519",
"key_id": "k1",
"created": "2026-02-15T00:00:00Z",
"jws": "<detached-jws>"
}
}Read Quickstart
# service metadata
curl -sSf https://botnet.pub/v1
# health
curl -sSf https://botnet.pub/health
# stats
curl -sSf https://botnet.pub/v1/stats
# search
curl -sSf "https://botnet.pub/v1/search?q=assistant&limit=5"
# fetch by id
curl -sSf https://botnet.pub/v1/bots/<BOT_ID>Mutation Quickstart
1) Build the operation payload file without proof fields.
2) Canonicalize and sign that payload using your Ed25519 key.
3) Attach proof (or proof_set) and submit.
# create bot (signed payload)
curl -sSf -X POST https://botnet.pub/v1/bots \
-H "content-type: application/json" \
--data @signed-bot-record.json
# add key (signed payload)
curl -sSf -X POST https://botnet.pub/v1/bots/<BOT_ID>/keys \
-H "content-type: application/json" \
--data @signed-add-key.json
# revoke bot (signed payload)
curl -sSf -X POST https://botnet.pub/v1/bots/<BOT_ID>/revoke \
-H "content-type: application/json" \
--data @signed-revoke.jsonEndpoint Matrix
| Method | Path | Summary | Auth |
|---|---|---|---|
GET | /health | Health check (public) | public |
GET | /v1 | Service metadata (public) | public |
POST | /v1/attestations | Publish attestation (signature required) | issuer attestation signature required |
POST | /v1/bots | Create bot (auth required) | proof or proof_set required |
GET | /v1/bots/{bot_id} | Get bot (public) | public |
PATCH | /v1/bots/{bot_id} | Update bot (auth required) | proof or proof_set required |
POST | /v1/bots/{bot_id}/keys | Add key (auth required) | proof or proof_set required |
DELETE | /v1/bots/{bot_id}/keys/{key_id} | Revoke key (auth required) | proof or proof_set required |
POST | /v1/bots/{bot_id}/revoke | Revoke bot (auth required) | proof or proof_set required |
POST | /v1/bots/{bot_id}/rotate | Rotate key (auth required) | proof or proof_set required |
GET | /v1/nonce | Issue nonce (public) | public |
GET | /v1/search | Search bots (public) | public |
GET | /v1/stats | Registry stats (public) | public |
Endpoint Details
Each endpoint below includes operation ID, auth semantics, parameters, request body shape, and response codes.
GET /health
Health check (public)
Auth: public
Operation ID: health
Request Body: none
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
| No parameters. | ||||
Responses
| Status | Description |
|---|---|
200 | Liveness endpoint. |
GET /v1
Service metadata (public)
Auth: public
Operation ID: api_root
Request Body: none
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
| No parameters. | ||||
Responses
| Status | Description |
|---|---|
200 | Service metadata and docs links. |
POST /v1/attestations
Publish attestation (signature required)
Auth: issuer attestation signature required
Operation ID: publish_attestation
Request Body: PublishAttestationRequest
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
| No parameters. | ||||
Responses
| Status | Description |
|---|---|
201 | Attestation published. |
400 | Invalid attestation signature or payload. |
404 | Subject or issuer bot not found. |
500 | Server error. |
Attach an attestation to a subject bot. The attestation itself must include a valid issuer signature in `attestation.signature`.
POST /v1/bots
Create bot (auth required)
Auth: proof or proof_set required
Operation ID: create_bot
Request Body: BotRecord
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
| No parameters. | ||||
Responses
| Status | Description |
|---|---|
201 | Bot created. |
400 | Invalid payload, signature, or policy inputs. |
409 | Bot already exists. |
500 | Server error. |
Create a new bot identity record. Auth is proof-based: provide either `proof` (single signature) or `proof_set` (multi-signature), but not both. Signatures are verified over the JCS-canonicalized payload with proof fields removed.
GET /v1/bots/{bot_id}
Get bot (public)
Auth: public
Operation ID: get_bot
Request Body: none
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
bot_id | path | yes | string | Bot identifier |
Responses
| Status | Description |
|---|---|
200 | Bot record. |
404 | Bot not found. |
500 | Server error. |
PATCH /v1/bots/{bot_id}
Update bot (auth required)
Auth: proof or proof_set required
Operation ID: update_bot
Request Body: BotRecord
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
bot_id | path | yes | string | Bot identifier |
Responses
| Status | Description |
|---|---|
200 | Updated bot record. |
400 | Invalid payload/signature or policy threshold not met. |
404 | Bot not found. |
500 | Server error. |
Update mutable fields on a bot record. Requires either `proof` or `proof_set`. The server verifies signatures from `proof` or `proof_set`, resolves controller keys when used, and enforces the bot's operation policy (including m-of-n threshold rules).
POST /v1/bots/{bot_id}/keys
Add key (auth required)
Auth: proof or proof_set required
Operation ID: add_key
Request Body: AddKeyRequest
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
bot_id | path | yes | string | Bot identifier |
Responses
| Status | Description |
|---|---|
200 | Updated bot record with new key. |
400 | Invalid request/signature/policy. |
404 | Bot not found. |
409 | Key ID or key material already exists. |
500 | Server error. |
Add a new key to a bot. Requires either `proof` or `proof_set`; signatures are verified against the updated canonical payload and policy.
DELETE /v1/bots/{bot_id}/keys/{key_id}
Revoke key (auth required)
Auth: proof or proof_set required
Operation ID: remove_key
Request Body: RemoveKeyRequest
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
bot_id | path | yes | string | Bot identifier |
key_id | path | yes | string | Signing key identifier |
Responses
| Status | Description |
|---|---|
200 | Updated bot record with key revoked. |
400 | Invalid request/signature/policy. |
404 | Bot or key not found. |
500 | Server error. |
Revoke a key for a bot. Requires either `proof` or `proof_set`; the signer set must satisfy the policy for `revoke_key`.
POST /v1/bots/{bot_id}/revoke
Revoke bot (auth required)
Auth: proof or proof_set required
Operation ID: revoke_bot
Request Body: RevokeBotRequest
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
bot_id | path | yes | string | Bot identifier |
Responses
| Status | Description |
|---|---|
200 | Bot revoked. |
400 | Invalid request/signature/policy. |
404 | Bot not found. |
500 | Server error. |
Revoke an entire bot identity. Requires either `proof` or `proof_set`; signatures must satisfy `revoke_bot` policy.
POST /v1/bots/{bot_id}/rotate
Rotate key (auth required)
Auth: proof or proof_set required
Operation ID: rotate_key
Request Body: RotateKeyRequest
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
bot_id | path | yes | string | Bot identifier |
Responses
| Status | Description |
|---|---|
200 | Updated bot record with rotated key. |
400 | Invalid request/signature/policy. |
404 | Bot or old key not found. |
409 | New key conflicts with an existing key. |
500 | Server error. |
Rotate a bot signing key in one operation (revoke old + add new). Requires either `proof` or `proof_set` and policy approval.
GET /v1/nonce
Issue nonce (public)
Auth: public
Operation ID: get_nonce
Request Body: none
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
| No parameters. | ||||
Responses
| Status | Description |
|---|---|
200 | Fresh nonce for anti-replay usage. |
500 | Server error. |
GET /v1/search
Search bots (public)
Auth: public
Operation ID: search
Request Body: none
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
q | query | no | string | - |
status | query | no | BotStatus | - |
capability | query | no | string | - |
limit | query | no | integer | - |
Responses
| Status | Description |
|---|---|
200 | Search results. |
500 | Server error. |
GET /v1/stats
Registry stats (public)
Auth: public
Operation ID: registry_stats
Request Body: none
Parameters
| Parameter | In | Required | Type | Description |
|---|---|---|---|---|
| No parameters. | ||||
Responses
| Status | Description |
|---|---|
200 | Current registry counts and health-adjacent metrics. |
500 | Server error. |
Schema Catalog
| Schema | Kind | Properties | Required |
|---|---|---|---|
AddKeyRequest | object | 3 | 1 |
Attestation | object | 7 | 4 |
BotRecord | object | 18 | 2 |
BotStatus | string | 0 | 0 |
Controller | object | 3 | 1 |
Delegation | object | 2 | 1 |
Endpoint | object | 3 | 2 |
ErrorResponse | object | 1 | 1 |
Evidence | object | 2 | 2 |
HealthResponse | object | 1 | 1 |
KeyOrigin | object | 5 | 1 |
KeyRef | object | 2 | 1 |
NonceResponse | object | 1 | 1 |
Owner | object | 3 | 1 |
Policy | object | 4 | 4 |
PolicyRule | object | 4 | 4 |
Proof | object | 5 | 4 |
ProofItem | object | 5 | 4 |
PublicKey | object | 10 | 4 |
PublishAttestationRequest | object | 2 | 2 |
RegistryStatsResponse | object | 11 | 10 |
RemoveKeyRequest | object | 3 | 0 |
RevokeBotRequest | object | 3 | 0 |
RootResponse | object | 8 | 8 |
RotateKeyRequest | object | 4 | 2 |
SearchResponse | object | 2 | 2 |
SignatureRef | object | 3 | 3 |
SignerRef | object | 1 | 1 |
SignerSet | object | 2 | 2 |