API Overview
REST API for PRIV Protocol services including authentication, rate limits, and response formats.
REST API for PRIV Protocol services.
Base URL
https://api.priv.io/v1For development and testing:
https://api-dev.priv.io/v1Authentication
All requests require an API key or JWT token in the Authorization header.
API Key Authentication
curl -H "Authorization: Bearer pk_live_xxx" \
https://api.priv.io/v1/eventsJWT Authentication
For user-specific endpoints, you can use a JWT token obtained from Supabase Auth:
curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
https://api.priv.io/v1/user/balanceAPI Key Types
| Prefix | Environment | Use Case |
|---|---|---|
pk_live_ | Production | Live application traffic |
pk_test_ | Development | Testing and development |
Get your API key from the PRIV Dashboard.
Keep your API keys secure. Never expose them in client-side code or public repositories.
Rate Limits
| Plan | Requests/sec | Requests/day |
|---|---|---|
| Free | 10 | 10,000 |
| Pro | 100 | 1,000,000 |
| Enterprise | Custom | Custom |
Rate limit headers are included in all responses:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99
X-RateLimit-Reset: 1704067200Response Format
Success Response
All successful responses follow this structure:
{
"success": true,
"data": { ... }
}Error Response
Error responses include a code and message:
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid"
}
}Error Codes
| Code | Status | Description |
|---|---|---|
INVALID_API_KEY | 401 | Invalid or missing API key |
UNAUTHORIZED | 401 | User authentication required |
FORBIDDEN | 403 | Insufficient permissions for this resource |
RATE_LIMITED | 429 | Too many requests |
INVALID_REQUEST | 400 | Malformed request body |
VALIDATION_ERROR | 400 | Request validation failed |
NOT_FOUND | 404 | Resource not found |
SERVER_ERROR | 500 | Internal server error |
API Endpoints
Events (SDK Integration)
POST /events- Track events (supports batch)POST /identify- Identify a userPOST /page- Track a page view
Analytics
GET /analytics- Query analytics data with filtering
User Endpoints
GET /user/balance- Get PRIV token balanceGET /user/consent- Get consent preferencesPOST /user/consent- Update consent preferencesGET /user/reputation- Get reputation detailsGET /user/earnings- Get earnings historyPOST /user/earnings/claim- Claim pending earnings
Data Contributions
POST /contributions/upload- Upload a contributionGET /contributions- List user's contributionsGET /contributions/:id- Get contribution detailsDELETE /contributions/:id- Delete a contribution
Wallet Marketplace
GET /marketplace/wallet/listings- Browse listingsPOST /marketplace/wallet/listings- Create a listingGET /marketplace/wallet/listings/:id- Get listing detailsPUT /marketplace/wallet/listings/:id- Update a listingPOST /marketplace/wallet/listings/:id/purchase- Purchase a listingGET /marketplace/wallet/purchases- List purchasesGET /marketplace/wallet/purchases/:id/download- Download purchased data
Labeling Tasks
GET /tasks- Get available tasksPOST /tasks/:id/submit- Submit task answerGET /tasks/history- Get task submission history
SDKs
Official SDKs handle API communication automatically:
| Language | Package | Status |
|---|---|---|
| JavaScript/TypeScript | @priv/sdk | Available |
| Python | priv-python | Coming soon |
| Go | priv-go | Coming soon |
CORS
Public SDK endpoints (/events, /analytics, /identify) support CORS with Access-Control-Allow-Origin: *.
Authenticated user endpoints (/user/*, /contributions/*, etc.) require specific origin configuration and support credentials.
Versioning
The API is versioned via the URL path (/v1/). Breaking changes will be introduced in new versions while maintaining backward compatibility in existing versions.