Developers
/api/v1/oris/developers/dashboard/me Get developer profile (JWT auth)
Returns the developer profile for the authenticated dashboard session.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/developers/dashboard/me' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/dashboard/me Update developer profile (JWT auth)
Updates the developer profile fields for the authenticated dashboard session.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: UpdateDashboardProfileRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X PUT 'https://api.useoris.xyz/api/v1/oris/developers/dashboard/me' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/login Developer login with email and password
Authenticates a developer with email and password. Returns JWT access and refresh tokens.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: DeveloperLoginRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/login' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/logout Logout (revoke refresh token)
Revokes the refresh token from cookie or body, then clears all auth cookies.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
204 | Successful Response |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/logout' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/me Get current developer profile
Returns the authenticated developer's profile.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/developers/me' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/me/keys List API keys
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/developers/me/keys' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/me/keys Issue a new API key
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: CreateApiKeyRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/me/keys' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/me/keys/{key_id} Revoke an API key
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
key_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X DELETE 'https://api.useoris.xyz/api/v1/oris/developers/me/keys/{key_id}' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/me/keys/{key_id}/rotate Rotate an API key (24h grace)
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
key_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/me/keys/{key_id}/rotate' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/oauth/github GitHub OAuth callback
Exchanges a GitHub authorization code for an Oris session. Creates account if new.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: GitHubOAuthRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/oauth/github' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/oauth/github/state Generate GitHub OAuth state
Returns a CSRF state token and the GitHub authorization redirect URL.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/oauth/github/state' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/oauth/google Google OAuth callback
Verifies a Google ID token and creates or links an Oris developer account.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: GoogleOAuthRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/oauth/google' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/provider-keys Get provider key status
Returns which providers are configured. Key values are never returned.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/developers/provider-keys' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/provider-keys/{provider} Delete provider API keys
Remove a specific provider's keys from the encrypted store.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
provider | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X DELETE 'https://api.useoris.xyz/api/v1/oris/developers/provider-keys/{provider}' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/provider-keys/{provider} Save provider API keys
Save or update provider API keys (Pimlico, Turnkey, Fireblocks, Circle, Solana). Keys are envelope-encrypted with a per-developer DEK protected by Vault Transit. An immutable audit entry is created for every mutation.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
provider | string | Yes |
Request body
application/json, schema: ProviderKeyRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X PUT 'https://api.useoris.xyz/api/v1/oris/developers/provider-keys/{provider}' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/provider-keys/audit/verify Verify provider key audit chain
Recomputes the SHA-256 hash chain of all provider key audit entries and cross-checks against the Vault KV anchor.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/developers/provider-keys/audit/verify' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/register Register a new developer
Creates a developer account and generates an API key pair. Requires dashboard authentication (JWT).
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: DeveloperRegisterRequest
Responses
| Status | Description |
|---|---|
201 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/register' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/resend-verification Resend verification email
Sends a new verification email. Rate limited to 3 requests per minute per IP.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: ResendVerificationRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/resend-verification' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/rotate-key Rotate API key pair
Generates a new API key pair and immediately invalidates the old one. Requires dashboard authentication (JWT).
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/rotate-key' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/signup Public developer signup
Creates a developer account with Turnstile captcha verification. A verification email is sent. API keys are accessible after email verification via the dashboard.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: SignupRequest
Responses
| Status | Description |
|---|---|
201 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/signup' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/developers/token/refresh Refresh access token
Exchanges a valid refresh token for a new access token.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/token/refresh' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/verify-email Verify email address
Validates a verification token from the email link. Redirects to login on success.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
token | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/developers/verify-email' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/developers/verify-kyb Verify developer KYB status
Mark a developer as KYB-verified. Requires admin dashboard authentication.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: DeveloperKybVerifyRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/developers/verify-kyb' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'