AEVIONTrust · IP · Globus
DemoAuthQRightQSignBureauPlanetAwardsBankChessPricingAPI

Build on AEVION

REST + SDK + webhooks.

Six APIs, two TypeScript SDKs, HMAC-signed webhooks with retry, sandbox keys, full OpenAPI 3.0 spec. Authenticate once, ship across the whole Trust OS.

Auth
JWT Bearer
Short-lived + refresh, passkey-ready stack
Idempotency
Idempotency-Key
Header-based, 24h replay window
Rate limit
Per-key + per-IP
X-RateLimit-* headers, 429 with Retry-After
Webhooks
HMAC-SHA256
Delivery log + retry + replay-safe
OpenAPI
/api/openapi.json
Single source of truth, 3.0 spec
Metrics
/metrics (Prometheus)
Latency, error rates, request-id propagation
Module of the day

APIs

QRight
Authorship registration. SHA-256 + HMAC + Quantum Shield key derivation. Returns timestamped certificate ID.
Open module →
POST /api/qright/register
GET /api/qright/certificates/:id
POST /api/qright/verify
QSign
Cryptographic signatures. Ed25519 + Dilithium preview. Idempotency keys, request-id middleware, OpenAPI 3.0 + Prometheus /metrics.
Open module →
POST /api/qsign/sign
POST /api/qsign/verify
POST /api/qsign/batch
POST /api/qsign/file
Bureau
Court-grade certificates. Cites Berne/WIPO/TRIPS/eIDAS on issuance. ETag/304, batch protect, enriched /health.
Open module →
POST /api/bureau/protect
POST /api/bureau/protect-batch
GET /api/bureau/certificates/:id
Planet
Validator quorum. Submit artifacts (music/film/code/web), retrieve verdicts, public artifact pages.
Open module →
GET /api/planet/stats
GET /api/planet/artifacts/recent
GET /api/planet/artifacts/:id/public
POST /api/planet/submit
QTrade
Wallet, transfers, royalties. Per-account ledger with CSV export, summary, top-up, transfer. AEC native.
Open module →
GET /api/qtrade/accounts[.csv]
GET /api/qtrade/transfers[.csv]
POST /api/qtrade/topup
POST /api/qtrade/transfer
Quantum Shield
Threshold key management. Shamir's Secret Sharing (k of n). Shard rotation, recovery, post-quantum-ready KDF.
Open module →
POST /api/quantum-shield/derive
POST /api/quantum-shield/recover
POST /api/quantum-shield/rotate
QCoreAI
5 LLM providers (Claude/GPT/Gemini/DeepSeek/Grok) behind one rate-limited endpoint. Per-user 30/min, per-conversation history, normalised token usage.
Open module →
POST /api/qcoreai/chat
GET /api/qcoreai/history
GET /api/qcoreai/providers
GET /api/qcoreai/health
Multichat
Fan one prompt out to up to 8 agents in parallel, each with its own provider/model/role. Conversations + per-agent history persist server-side.
Open module →
POST /api/multichat/conversations
GET /api/multichat/conversations
GET /api/multichat/conversations/:id
POST /api/multichat/conversations/:id/dispatch
Auth (OAuth + revocation)
JWT bearer issued by email login OR Google/GitHub OAuth. Revocable: bump tokenVersion via /sign-out-everywhere to invalidate every live session for the caller.
Open module →
POST /api/auth/login
POST /api/auth/register
GET /api/auth/oauth/providers
GET /api/auth/oauth/{google|github}/start
POST /api/auth/sign-out-everywhere
QPayNet
Embedded payments — KZT wallets, P2P transfers (0.1% fee), Stripe Checkout deposits, manual payout queue, tracked payment requests with HMAC webhooks (5-attempt retry queue), merchant API key, set-once webhook subscriptions, KYC stub for РК compliance, in-app notifications, embeddable pay widget, CSV exports.
Open module →
POST /api/qpaynet/wallets
POST /api/qpaynet/transfer
POST /api/qpaynet/deposit/checkout
POST /api/qpaynet/payouts
POST /api/qpaynet/requests
POST /api/qpaynet/webhook-subs
POST /api/qpaynet/kyc/submit
GET /api/qpaynet/notifications
PATCH /api/qpaynet/notifications/preferences
GET /api/qpaynet/admin/payouts
POST /api/qpaynet/merchant/charge
QContract
Self-destruct smart documents. Password protection, max-views or expiry, audit log + CSV export, 5 RU templates (NDA, offer, service, construction, equipment-lease).
Open module →
POST /api/qcontract/documents
POST /api/qcontract/view/:token
PATCH /api/qcontract/documents/:id
GET /api/qcontract/documents/:id/log.csv

Quick-start

JavaScript / TypeScript
// 1. Authenticate (POST /api/auth/login → JWT bearer)
const token = (await fetch("https://aevion.app/api/auth/login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ email, password }),
}).then(r => r.json())).token;

// 2. Register IP in QRight
const cert = await fetch("https://aevion.app/api/qright/register", {
  method: "POST",
  headers: {
    "Authorization": "Bearer " + token,
    "Content-Type": "application/json",
    "Idempotency-Key": crypto.randomUUID(),
  },
  body: JSON.stringify({
    title: "My AI Track",
    description: "Generated 2026-04-28",
    kind: "music",
  }),
}).then(r => r.json());

// 3. Sign the certificate ID with QSign
const signed = await fetch("https://aevion.app/api/qsign/sign", {
  method: "POST",
  headers: { "Authorization": "Bearer " + token, "Content-Type": "application/json" },
  body: JSON.stringify({ payload: cert.id }),
}).then(r => r.json());

// 4. Submit to Planet for validation
await fetch("https://aevion.app/api/planet/submit", {
  method: "POST",
  headers: { "Authorization": "Bearer " + token, "Content-Type": "application/json" },
  body: JSON.stringify({
    artifactType: "music",
    qrightCertId: cert.id,
    qsignReceiptId: signed.id,
  }),
});

// 5. Multichat — fan one prompt out across N agents in parallel
const conv = await fetch("https://aevion.app/api/multichat/conversations", {
  method: "POST",
  headers: { "Authorization": "Bearer " + token, "Content-Type": "application/json" },
  body: JSON.stringify({ title: "Pitch outline" }),
}).then(r => r.json());

const replies = await fetch(
  `https://aevion.app/api/multichat/conversations/${conv.id}/dispatch`,
  {
    method: "POST",
    headers: { "Authorization": "Bearer " + token, "Content-Type": "application/json" },
    body: JSON.stringify({
      prompt: "Summarise this in 50 words for an investor",
      agents: [
        { id: "tech",  role: "Senior engineer",   provider: "anthropic" },
        { id: "biz",   role: "Investor",          provider: "openai" },
        { id: "legal", role: "IP lawyer",         provider: "gemini" },
      ],
    }),
  },
).then(r => r.json());
// → { results: [{ agentId, ok, reply, provider, model, usage }, …] }

// 6. Revoke every live session (sign out everywhere)
await fetch("https://aevion.app/api/auth/sign-out-everywhere", {
  method: "POST",
  headers: { "Authorization": "Bearer " + token },
});
curl / shell
# 1. Authenticate
TOKEN=$(curl -s https://aevion.app/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","password":"…"}' | jq -r .token)

# 2. Register IP in QRight (idempotent; safe to retry)
curl -s https://aevion.app/api/qright/register \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: $(uuidgen)" \
  -d '{"title":"My AI Track","kind":"music"}'

# 3. Issue a court-grade Bureau certificate
curl -s https://aevion.app/api/bureau/protect \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"title":"Whitepaper v3","description":"draft","kind":"text"}'

# 4. Verify a certificate by id (no auth required for verify)
curl -s https://aevion.app/api/bureau/verify/CERT_ID

# 5. Sign out every live session for the caller
curl -s -X POST https://aevion.app/api/auth/sign-out-everywhere \
  -H "Authorization: Bearer $TOKEN"

SDKs

@aevion-io/fintech-sdk
TypeScript
Typed wrappers for all 6 fintech modules (QPayNet, VeilNetX, QMaskCard, QGood, Z-Tide, QChainGov) + HMAC webhook signing utilities.
npm install @aevion-io/fintech-sdk
@aevion-io/catalog-client
TypeScript
AEVION module catalog API + 9 namespaced sub-clients (QStore, QLearn, QEvents, DevHub, Planet, QCoreAI, Multichat, QMedia, Coach).
npm install @aevion-io/catalog-client
@dosymbek/qpaynet-client
TypeScript
QPayNet embedded payment infrastructure — HMAC webhooks, idempotent transfers, merchant keys, shareable payment links.
npm install @dosymbek/qpaynet-client
@dosymbek/qcoreai-client
TypeScript
QCoreAI multi-agent pipeline — sync/streaming chat, agents, prompts, threading, batch runs, export hub.
npm install @dosymbek/qcoreai-client

Unified catalog · GET /api/aevion/catalog

Try live →
Single GET returns every AEVION module enriched with frontend URL, OpenGraph image, health probe, OpenAPI spec, waitlist endpoint, status URL, tags, kind, priority, related modules (auto-derived from tag overlap). Cached 120s.
Filters: ?status=mvp,working · ?tag=ai,privacy · ?kind=product
Projection: ?fields=id,name,frontend (lean response, ~10× smaller)
Format: ?format=csv (RFC 4180, 15 stable columns) · ?format=md (GitHub table)
Single lookup: GET /api/aevion/catalog/<id> → enriched item or 404
{
  "total": 27,
  "items": [
    {
      "id": "qpersona",
      "code": "QPERSONA",
      "name": "AEVION QPersona",
      "kind": "product",
      "status": "idea",
      "tags": ["avatar","persona","ai"],
      "frontend": "https://aevion.app/qpersona",
      "ogImage": "https://aevion.app/qpersona/opengraph-image",
      "health": "https://api.aevion.app/api/qpersona/health",
      "openapi": "https://api.aevion.app/api/qpersona/openapi.json",
      "waitlist": "https://api.aevion.app/api/qpersona/waitlist",
      "status_url": "https://api.aevion.app/api/qpersona/status"
    }
  ],
  "generatedAt": "2026-05-12T..."
}

Interactive playgrounds

Sandbox & support

Sandbox API keys, OpenAPI spec download, integration help — yahiin1978@gmail.com with subject "developer access". Reply within 24h.
Status & changelog: /changelog · Bank API deep-dive: /bank/api.