Worldcoin

API

Internal Endpoints

These endpoints are intended only for internal use, and should generally not be used by developers. They are documented here to assist with development.

App endpoints

The following endpoints are intended to be used only by the app's frontend. If you're looking to connect to the API, check out the Authentication page.

Login

POST/v1/login

This endpoint is used to authenticate a user and obtain a JWT token. The token is used to authenticate all other requests.

Required attributes

  • Name
    email
    Type
    string
    Description

    The user's email address.

  • Name
    password
    Type
    string
    Description

    The user's password.

curl -X POST '/api/v1/login' \
    -H 'Content-Type: application/json' \
    -d '{
        "email": "alice@worldidbot.com",
        "password": "12345678"
    }'
{
	"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFsaWNlIiwiaWF0IjoxNTE2MjM5MDIyfQ.HThTAuYC6RyvZgF5h2cJCVEUQZ9g8Y18Tf-IU2gaYBc"
}

Register

POST/v1/signup

This endpoint is used to register a new user. The user will receive an email with a verification link. The user must click the link to verify their email address.

Required attributes

  • Name
    email
    Type
    string
    Description

    The user's email address.

  • Name
    password
    Type
    string
    Description

    The user's password. Must be at least 8 characters long.

  • Name
    name
    Type
    string
    Description

    The user's name.

  • Name
    team_name
    Type
    string
    Description

    The name of the team the user is registering for.

Request

POST
/api/v1/signup
curl -X POST "/api/v1/signup" \
     -H "Content-Type: application/json" \
     -d '{
         "email": "bob@worldidbot.com",
         "password": "987654321",
         "name": "Bob",
         "team_name": "The Bob Project"
     }'

Response

{
	"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFsaWNlIiwiaWF0IjoxNTE2MjM5MDIyfQ.HThTAuYC6RyvZgF5h2cJCVEUQZ9g8Y18Tf-IU2gaYBc"
}

Management endpoints

These endpoints can only be called from the Hasura backend and they require a special token which is only shared between the two.

ENS Lookup

POST/_ens

Fetches the Semaphore contract addresses from an ENS lookup and caches them locally.

Request

POST
/api/_ens
curl -X POST "/api/_ens" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer <secret>"

Response

{
	"success": true
}

JWK Generation

POST/_jwk-gen

Generates a new JWK to use for signing verification JWTs. Old keys are not rotated automatically, they can still be used until they reach their expiration date. Expiration date may be updated directly through Hasura's portal.

Request

POST
/api/_jwk-gen
curl -X POST "/api/_jwk-gen" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer <secret>"
{
	"success": true,
	"jwk": {
		"id": "jwk_4bce24487b429dff79c8cfee38483308",
		"expires_at": "2023-06-14T06:29:35.794+00:00",
		"__typename": "jwks"
	}
}