Returns an x402 v2 payment-required response with supported Solana and Monad payment legs.
Docs · HTTP
HTTP API
any language
HTTP Endpoints
HTTP API
Nukez Gateway
Use the HTTP API when you want direct gateway control from any language or runtime. The canonical flow is: request a storage quote, execute the selected payment externally, confirm the payment, sign the provision envelope, then create, upload, confirm, list, read, download, attest, and verify files through locker endpoints.
Activates the deterministic locker after payment confirmation using a signed locker:provision envelope.
Create signed upload URLs, PUT bytes directly to storage, confirm hashes, list files, and read records.
POST /v1/lockers/{locker_id}/filesContent-Type: application/jsonX-Nukez-Envelope: "<base64url(canonical_json(envelope))>"X-Nukez-Signature: "<base58(ed25519_sign(envelope_bytes))>" { "filename": "Anza.pdf", "content_type": "application/pdf", "ttl_min": 30} # Response:HTTP/1.1 200 OK{ "locker_id": "locker_527830025389", "filename": "Anza.pdf", "upload_url": "https://api.nukez.xyz/f/...", "download_url": "https://api.nukez.xyz/f/...", "confirm_url": "https://api.nukez.xyz/v1/files/confirm?..."}
Code notes
An authenticated HTTP request binds the method, path, request body hash, operation scope, nonce, and expiry into a canonical envelope. The gateway verifies those bytes before it returns upload and confirmation URLs.
Authenticated GET requests sign an empty-body hash. POST, PUT, and PATCH requests sign the exact byte sequence that the client sends.
Envelope construction
Every authenticated locker/file call carries two headers built from a canonical-JSON envelope: X-Nukez-Envelope (base64url of the canonical envelope bytes) and X-Nukez-Signature (base58 of the Ed25519 signature over those exact bytes). The envelope binds method, path,body_sha256, receipt_id, locker_id,nonce, iat/exp, and the required ops array (e.g. ["locker:provision"], ["locker:write"], ["locker:list"], ["locker:read"]). POST bodies hash the exact bytes sent on the wire; authenticated GETs sign an empty-body hash.