Nukez

Docs · HTTP

HTTP helpers

optionalchoose one helper

Helpers

Signing helpers.

OverviewExamplesHelpersReference

Signed envelope helper implementations

The helpers differ only in runtime ergonomics. Shell, JavaScript, and Python all produce the same canonical envelope bytes and the same two HTTP headers: X-Nukez-Envelope and X-Nukez-Signature.

01Canonical envelope

Bind method, path, body hash, receipt, locker, nonce, expiry, and ops.

02Keypair binding

The signer must match the owner or payer recorded by the receipt.

03Ops are explicit

Every protected endpoint checks the operation named in the envelope.

Browser warning. These helpers are command-line tools. Do not expose a private Solana keypair JSON in a browser. Browser apps should use a wallet adapter or a server-side signer.

Choose implementation

Select a helper implementation

Each option below has its own install path and code sample. The shared envelope rules above and the ops table below apply to all four.

Best forLocal curl workflows and terminal smoke tests.
Runtimebash/zsh + curl + jq
DependenciesOne signer file: Node/Bun or Python.
shell
mkdir -p nukez-http-helpers && cd nukez-http-helperscurl -fsSLO https://nukez.xyz/helpers/nukez_helpers.shcurl -fsSLO https://nukez.xyz/helpers/nukez_sign.mjschmod +x nukez_helpers.sh nukez_sign.mjs export BASE=https://api.nukez.xyzexport SOL_KEYPAIR=/path/to/solana-keypair.jsonsource ./nukez_helpers.sh BODY='{"receipt_id":"a107ea1ad3de433d","tags":[]}'signed_call POST /v1/storage/signed_provision '["locker:provision"]' "$BODY" | jq . signed_call GET "/v1/lockers/$LOCKER_ID/files" '["locker:list"]' | jq .

Code notes

The shell helper is the cleanest choice when the rest of your flow is already curl. It wraps signer output into request headers and leaves the payment, upload, and verification steps visible.

Use this path when you want a human-readable terminal flow. The shell helper delegates actual Ed25519 signing to the signer file next to it.

Shared reference

Operations cheat sheet

Every authenticated endpoint requires a specific ops array. Mismatched ops return 403 missing ops.

EndpointMethodHelper callRequired op
/v1/storage/signed_provisionPOSTsigned_call POSTlocker:provision
/v1/lockers/{locker_id}/filesPOSTsigned_call POSTlocker:write
/v1/lockers/{locker_id}/files/batchPOSTsigned_call POSTlocker:write
/v1/lockers/{locker_id}/filesGETsigned_call GETlocker:list
/v1/lockers/{locker_id}/files/{filename}GETsigned_call GETlocker:read
/v1/lockers/{locker_id}/files/{filename}DELETEsigned_call DELETElocker:write
/v1/lockers/{locker_id}/recordGETsigned_call GETlocker:read
/v1/storage/metadata/{locker_id}GETsigned_call GETlocker:read
/v1/storage/refreshPOSTsigned_call POSTlocker:refresh

Shared fixes

Troubleshooting

SymptomLikely causeFix
422 missing headersRequest did not send both signed-envelope headers.Use a helper path, or attach both headers from signer output.
401 path mismatchSigned a full URL instead of only the request path.Use /v1/lockers/{locker_id}/files, not the full origin.
401 body hash mismatchSigned body bytes differ from the bytes sent by curl.Pipe the same $BODY into the signer and curl -d.
403 missing opsThe envelope has the wrong operation for the endpoint.Use the ops cheat sheet above.

§ next

Examples

End-to-end curl flow

Where these helpers fit into the canonical gateway walkthrough.

Reference

Endpoint reference

Every endpoint, every parameter, every response shape.

Verify

Recompute a receipt

The verification recipe that closes the storage loop.