Developer Documentation

Vorliq Public API

These endpoints are served through https://vorliq.org/api and the stable developer alias https://vorliq.org/api/v1. They let developers inspect the chain, build wallet tools, monitor nodes, and integrate with Vorliq community features. POST endpoints should be used carefully because many of them create real pending transactions, votes, proposals, or community records.

Developers who want a simpler integration can use the official Vorliq JavaScript SDK instead of calling the API directly. The SDK defaults to v1, creates wallets, checks balances, signs VLQ transactions locally, watches for new blocks, and builds payment URLs.

Read the SDK README API Versioning Developer Examples Operator Dashboard Guide Audit Export Guide Snapshot Verification Chain Bootstrap

Node Sync Comparison

GET /api/nodes/compare Try it

Returns public-safe node comparison metadata: trusted public chain height, trusted latest hash, trusted signed snapshot hash, signature verification status, active node count, summary counts, and node rows with synced, behind, ahead, forked, stale, unreachable, or unknown. Ahead nodes are not automatically trusted; signed snapshots and audit exports are the verification path.

GET /api/admin/nodes/compare

Protected admin route requiring ADMIN_TOKEN. It returns the same public-safe comparison plus safe diagnostic metadata and never returns private keys, admin tokens, raw logs, server paths, raw IPs, or raw user agents.

GET /api/nodes/monitor Try it

Returns public-safe network monitor status: ok, warning, or critical, trusted public node status, sync counts, alert counts, recommended actions, and safe alert rows. Stale old community nodes are warning-only by default; active forks are critical.

GET /api/admin/nodes/monitor

Protected admin route requiring ADMIN_TOKEN. It returns the same public-safe monitor summary plus safe diagnostic context. It never returns private keys, admin tokens, raw logs, server paths, raw IPs, raw user agents, or environment values.

GET /api/peers/propagation/status Try it

Returns safe peer propagation controls and counters, including broadcast and receive enabled state, active and eligible peer counts, accepted transaction and block counts, duplicates, rejected payloads, quarantined blocks, failures, and last event time.

GET /api/peers/propagation/events Try it

Returns paginated safe peer propagation events. Use limit, offset, status, and type filters. Events never include raw payloads, private keys, admin tokens, raw signatures, raw IPs, raw user agents, or server paths.

GET /api/admin/peers/propagation

Protected admin route requiring ADMIN_TOKEN. It includes safe diagnostics such as retention limit, broadcast timeout, and broadcast peer cap without exposing secrets.

Bootstrap Package

GET /api/bootstrap/package Try it

Returns safe read-only metadata for verified chain bootstrap: package version, source node, deployment commit, signed snapshot status, chain height, latest block hash, audit manifest hash, audit chain hash, and URLs for snapshot verification, audit manifest, and chain export. It does not return the full chain body or any secrets.

GET /api/bootstrap/status Try it

Returns safe local bootstrap metadata: chain height, latest hash, chain validity, availability of snapshot verification, audit export and bootstrap package, storage backend, index status, recommended trusted node, and a safe bootstrap marker if one exists.

Snapshot Verification

GET /api/snapshot/latest Try it

Returns the latest cached public chain integrity snapshot. The snapshot includes chain height, latest block hash, transaction counts, treasury balance, active node count, deployment commit, storage/index/readiness status, deterministic SHA-256 hashes for public summaries, audit manifest, network manifest, and safe Ed25519 signature metadata. The private signing key is never returned.

GET /api/snapshot/verify Try it

Regenerates the public snapshot, verifies chain validity, latest hash consistency, audit manifest hash, network manifest hash, storage/index/readiness availability, secret-scan status, snapshot hash consistency, and Ed25519 signature status when configured. It returns verified, signature_verified, signature_enabled, signature_status, checks, warnings, and errors.

GET /api/snapshot/public-key Try it

Returns safe public signing metadata only: success, algorithm, public_key_id, public_key, signature_required, and signature_enabled. It never returns the private signing key, server paths, or environment dumps.

GET /api/snapshot/archive Try it

Returns paginated metadata for recent signed snapshot archives, newest first. The list is metadata-only and does not include the embedded snapshot payload.

GET /api/snapshot/archive/latest Try it

Returns the latest archived signed public snapshot and archive verification metadata. If no archive exists yet, the endpoint returns success:true with archive:null.

GET /api/snapshot/archive/:snapshot_hash

Returns one archived signed public snapshot by its snapshot hash. Public archive routes are read-only.

POST /api/admin/snapshot/archive

Protected admin route that creates one archive snapshot. It requires the admin token and never returns private signing keys or environment dumps.

Snapshots and signatures are public integrity and provenance aids only. They are not legal, financial, banking, or investment guarantees, and production data remains JSON-backed in this release.

Versioning

The current stable version is v1. Unversioned /api routes remain backward compatible for existing clients; new developer integrations should use /api/v1.

Request IDs

Clients may send X-Request-ID. Vorliq returns X-Request-ID, X-Vorliq-API-Version: 1, and X-Vorliq-API-Stability: stable on backend responses.

Error Format

Standardized errors include success:false, a compatibility message, structured error.code and error.message, and request_id.

Example

{
  "success": false,
  "message": "description is required.",
  "error": { "code": "VALIDATION_ERROR", "message": "description is required.", "details": {} },
  "request_id": "request-123"
}