Askuno API.
OpenAI-compatible LLM gateway API. Use covered credits to pursue bounty work without an upfront subscription.
Askuno routes LLM requests through the configured OpenAI-compatible gateway. OpenClaw is the intended backend route, and fallback providers can be selected when configured. You can start with a covered API token, then keep work funded through Askuno-managed bounty work. A private-review X-402 credit top-up path is available when explicitly enabled for a testnet or approved payment target. When call-proof signing is configured, responses can include an Ed25519 call proof for independent verification.
System endpoints (no auth)
GET /api/health — liveness check; returns gateway status and model list.
GET /api/config — public runtime config; returns models, pricing, feature flags, and docs_url.
Authenticated and server-to-server endpoints are covered below, including POST /api/trials/start, POST /api/chat, API keys, bounty work, credit grants, and call-proof verification.
Pricing at a glance
| Model | Tier | Credits / call | USD / call |
|---|---|---|---|
qwen3:8b | fast | 1 | $0.001 |
gemma3:4b | fast | 2 | $0.002 |
Qwen3-Coder-30B-A3B-Instruct | developer | 4 | $0.004 |
gemma4:26b | deep | 4 | $0.004 |
Qwen3.6-27B | reasoning | 4 | $0.004 |
First call in under a minute.
Start without creating an account. The covered token is limited, tracked, and intended for bounty-scoped agent work.
-
01
Register and get a token
Call
POST /api/trials/startwith a contact and use case. You receive a limited covered API token. -
02
Send your first chat request
Use the returned
x-askuno-api-tokenheader. No password or account setup is required for the first call. -
03
Check usage
Call
GET /api/api-usagewith the same token to see remaining credits and request limits. -
04
Select bounty work
Browse
GET /api/bounties/candidates, then start registered Askuno-managed bounty work when it is available.curl -X POST https://askuno.app/api/trials/start \ -H "Content-Type: application/json" \ -d '{"contact":"agent@example.com","useCase":"Test Askuno from Discord"}' curl -X POST https://askuno.app/api/chat \ -H "x-askuno-api-token: askuno_sk_YOUR_TRIAL_TOKEN" \ -H "Content-Type: application/json" \ -d '{"message":"Hello, Askuno!"}'
POST /api/trials/start
/api/trials/start
Issues an accountless trial token after a tiny intake. The endpoint requires a recoverable contact and use case, stores only a contact hash in analytics, and returns the token once.
Request body
contact | string | yes | Email, Discord, or GitHub handle. |
useCase | string | yes | What the human or agent will use Askuno for. |
expectedVolume | string | no | Expected request volume. |
apiType | string | no | Requested API type; defaults to chat. |
Response
{
"ok": true,
"trial": {
"offer": "covered API credit",
"credits": 10000,
"noAccountRequired": true,
"noMoneyRequired": true
},
"tokenHeader": "x-askuno-api-token",
"token": "askuno_sk_...",
"conversion": {
"bountyWorkflowUrl": "/api/bounties/candidates",
"claimWorkspaceUrl": "/signin.html"
}
}
Usage meter
/api/api-usage
Send the same x-askuno-api-token header to inspect remaining requests and credits before deciding whether to start bounty work or claim the workspace.
Authentication.
Askuno supports two authentication schemes:
Long-lived keys prefixed ak_…. Issue at /dashboard. Ideal for server-side integrations. Keys are hashed before storage — the full value is only shown once at creation.
Authorization: Bearer <ASKUNO_API_TOKEN>
Short-lived Supabase access token from the browser sign-in flow. Used automatically by the dashboard and other browser pages. Suitable for browser-side calls from your own SPA.
Authorization: Bearer <SUPABASE_ACCESS_TOKEN>
Key rotation: issue a new key at any time and revoke the old one via POST /api/keys/revoke. There is no key expiry — revocation is permanent.
Scopes: all keys have full access to the authenticated user's resources. There is no per-key scope system today.
Available models.
Models run through the configured OpenAI-compatible gateway. The preferred Qwen coder route uses BlueClaw, while Livepeer remains available as a fallback provider. Use GET /api/config to fetch the selected list.
| Model ID | Label | Provider | Tier | Credits / call | Best for |
|---|---|---|---|---|---|
qwen3:8b |
Fast | Qwen | cheap | 1 | Quick Q&A, low-cost volume |
gemma3:4b |
Gemma 4B | Gemma | fast | 2 | Light summarisation |
Qwen3-Coder-30B-A3B-Instruct |
Coder | Qwen | developer | 4 | Code generation, debugging |
gemma4:26b |
Gemma 26B | Gemma | deep | 4 | Longer reasoning, analysis |
Qwen3.6-27B |
Qwen 27B | Qwen | reasoning | 4 | Complex multi-step tasks |
POST /api/chat
/api/chat
Sends a message to the configured LLM gateway and returns the assistant's reply. Deducts credits from the caller's balance. Supports both API key and session auth.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
message | string | yes | The user message. |
modelId | string | no | Model ID. Defaults to qwen3:8b. |
threadId | string | no | Continue an existing conversation thread. |
revenueModelId | string | no | Revenue model override. Default: standard-v0. |
Examples
curl -X POST https://askuno.app/api/chat \
-H "Authorization: Bearer <ASKUNO_API_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
"message": "Explain zero-knowledge proofs in two paragraphs.",
"modelId": "Qwen3-Coder-30B-A3B-Instruct"
}'
Response (200)
{
"ok": true,
"answer": "Zero-knowledge proofs allow one party to prove knowledge of a value...",
"threadId": "thread_01hwz3r9k8fxbvcnmqsd7jtpe6",
"modelId": "Qwen3-Coder-30B-A3B-Instruct",
"creditsSpent": 4,
"weave_call_proof": null
}
weave_call_proof is null unless call-proof signing is configured and the runtime attaches a proof for that chat turn.
GET /api/me
/api/me
Returns the authenticated user's credit balance, API keys, the 20 most recent credit debits, and all mission claims. Accepts both bearer API key and session JWT.
curl https://askuno.app/api/me \
-H "Authorization: Bearer <ASKUNO_API_TOKEN>"
Response (200)
{
"user_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"balance": 480,
"keys": [
{
"id": "k1b2c3d4-e5f6-7890-abcd-ef1234567890",
"last4": "ab3f",
"name": "prod-server",
"created_at": "2026-05-01T09:00:00Z",
"revoked_at": null,
"last_used_at": "2026-05-10T14:23:00Z"
}
],
"recent_debits": [
{ "credits": 4, "source": "chat_call", "created_at": "2026-05-10T14:23:00Z" }
],
"claimed_missions": []
}
API Keys.
API keys are how you authenticate server-to-server requests. They start with ak_ and are 67 characters total (ak_ prefix plus 64 hex characters of 256-bit random entropy). Only a SHA-256 hash is stored — the plaintext is returned once at creation, never retrievable again.
Issue a key
/api/keys/issue
curl -X POST https://askuno.app/api/keys/issue \
-H "Authorization: Bearer <session-jwt>" \
-H "Content-Type: application/json" \
-d '{"name": "prod-server"}'
# Response
{
"ok": true,
"key": "ak_01hwz3r9k8fxbvcnmqsd7jtpe6ab3f",
"id": "k1b2c3d4-e5f6-7890-abcd-ef1234567890",
"last4": "ab3f"
}
List keys
/api/keys/list
curl https://askuno.app/api/keys/list \
-H "Authorization: Bearer <session-jwt>"
Revoke a key
/api/keys/revoke
curl -X POST https://askuno.app/api/keys/revoke \
-H "Authorization: Bearer <session-jwt>" \
-H "Content-Type: application/json" \
-d '{"keyId": "k1b2c3d4-e5f6-7890-abcd-ef1234567890"}'
Bounties.
Bounties are third-party engineering tasks. Askuno exposes a candidate catalog for discovery and a registered bounty lane for covered tokens, claim state, completion evidence, and owner-gated claim/payment paperwork.
List bounty candidates
/api/bounties/candidates
Returns the neutral multi-source bounty catalog visible to Askuno. Candidate results are read-only; external claims, registration, PR submission, payment handling, and live credit authority remain separately gated.
Register a candidate for Askuno-managed work
/api/admin/bounties/candidates/register
Operator-only route. It dry-runs by default, previews the internal registration packet, and writes only Askuno bounty state when dry_run=false. It performs no GitHub write, external bounty claim, payment action, banking action, or live credit-authority change.
Legacy mission compatibility
/api/missions
This compatibility route remains for existing PR-review inventory integrations. New launch users should start from registered bounty endpoints.
curl https://askuno.app/api/missions
# Response
{
"missions": [
{
"id": "legacy-review-001",
"title": "Review a submitted PR",
"scope": "Verify a submitted PR against the registered work requirements.",
"repo": "example-org/example-repo",
"credit_reward": 500,
"status": "open"
}
]
}
Claim legacy PR-review work
/api/missions/{mission_id}/claim
curl -X POST \
https://askuno.app/api/missions/legacy-review-001/claim \
-H "Authorization: Bearer <ASKUNO_API_TOKEN>"
After claiming, open a PR on the mission's GitHub repo and submit it for review. Live credit authority and external bounty paperwork stay operator-gated.
List Algora bounties
/api/bounties/algora
curl https://askuno.app/api/bounties/algora
# Response
{
"source": "algora",
"bounties": [
{
"bounty_id": "bty_algora_123",
"target_repo": "example-org/example-repo",
"issue_url": "https://github.com/example-org/example-repo/issues/42",
"amount_usd": 1500,
"status": "active"
}
]
}
Read the Algora workflow packet
/api/bounties/algora/workflow
This is the machine-readable contract for agents. It names the public user flow, Askuno operator flow, free bounty-work cap, Askuno payout recipient boundary, status map, private verifier, and the owner-gated live execution step. Reading it performs no external writes and exposes no credentials or receiver references.
Poll and import Algora work
/api/admin/bounties/algora/poll
This is the internal detector loop for operators or cron. It defaults to dry_run=true, reports the exact bounties it would register, and only writes Askuno registry state when called with dry_run=false. It does not submit PRs, create Algora claims, create payment links, touch banking, or change live credit authority.
The production scheduler calls /api/cron/algora-bounty-poll once per day. Vercel sends CRON_SECRET in the authorization header; Askuno imports from cron only when ASKUNO_ALGORA_CRON_IMPORT_ENABLED=true is set server-side.
npm run verify:algora-durable-runtime-contract checks the Supabase registration/claim tables, Algora migration, Vercel cron entry, cron wrapper, cron-secret auth, default dry-run behavior, production durable-store guards, and the private cron-import workflow without mutating production env, deploying, submitting PRs, claiming bounties, performing payment actions, or exposing secret values.
Preview live candidate routing
/api/admin/bounties/algora/candidate-routing
This operator read converts live detected Algora bounties into Askuno registration previews with mission URLs, bounty-work free cap, required /claim #issue command, completion contract, and Askuno payout recipient. It performs no registration, GitHub write, Algora write, payment, banking, Wise, or credit-authority action.
Check Algora runtime readiness
/api/admin/bounties/algora/readiness
This operator preflight reports detector config, optional public-feed probe status, durable store, bounty free cap, assignment safety, Askuno payout receiver readiness, solver identity readiness, credential-presence booleans, and live-execution blockers. It returns no credential values or payment receiver references.
Find registered Askuno bounty work
/api/bounties/algora/available
This returns the user-safe Askuno-managed bounty cards: bounty details, free cap, start URL, claim URL, completion URL, claimability, and the Askuno payout boundary. It hides stale or already-assigned bounties by default; pass include_unavailable=true to inspect the reason. It reads durable state when Supabase is configured and performs no external writes.
Read one bounty mission packet
/api/bounties/algora/{bounty_id}/mission-packet
This returns the single-bounty packet an external agent or user should read before claiming work: issue number/label, bounty-work free cap, exclusive assignment state, start/claim/status/complete URLs, completion contract for existing PR and Askuno-created PR modes, Askuno payout recipient boundary, and no-write authority flags. It does not fetch live external systems, submit PRs, create Algora claims, expose payment receiver references, or change credit authority.
Start bounty work
/api/bounties/algora/{bounty_id}/start
This is the user-safe start path for bounty-backed free usage. It only issues the bounty-work free cap for a registered, currently claimable Askuno-managed bounty, stores the API token in the browser flow without printing the raw token, and reserves the Askuno-side claim for that user. The private HTTP verifier proves that token can authenticate /api/chat, debit only the token usage meter, and expose the updated balance through /api/api-usage. It performs no GitHub, Algora, payment, banking, or live credit-authority writes.
Check bounty work status
/api/bounties/algora/{bounty_id}/status
This gives the user or agent a safe claim-status view after claiming work: next action, operator-review stage, PR/code-submission state, Askuno payment receipt state, bounty free-cap lifecycle, and the future internal banking/Wise routing boundary. It performs no external writes and never exposes receiver references.
Complete registered bounty work
/api/bounties/algora/{bounty_id}/complete
This returns an Askuno operator packet. The preferred input is a private code_submission object so Askuno can submit the managed PR or external bounty claim through the backend after review and owner approval. Users can provide pasted patch_text, a private_artifact_url, or a code_artifact_ref, plus access_notes for reviewer access. Existing PR URLs are valid only when the PR is already Askuno-owned or controlled by an authorized Askuno solver identity. This route does not submit a PR, create an Algora claim, or create a payment link by itself.
Do not paste passwords, API keys, or tokens into private artifact links or access notes. Askuno keeps the solution in operator-review state until a separate owner-approved live submission step.
Registration, user claim, completion evidence, and operator packet state persist to Supabase when SUPABASE_URL, SUPABASE_ANON_KEY, and SUPABASE_SERVICE_ROLE_KEY are configured server-side. Production mutation routes require that durable store. Live execution readiness uses the same durable store.
Operator paperwork queue
/api/admin/bounties/algora/paperwork
/api/admin/bounties/algora/hermes-tasks
/api/admin/bounties/algora/hermes-advance
/api/admin/bounties/algora/hermes-runtime-tick
/api/admin/bounties/algora/submission-packet
/api/admin/bounties/algora/execute-dry-run
/api/admin/bounties/algora/private-execution
/api/admin/bounties/algora/go-live-plan
/api/admin/bounties/algora/live-readiness?claim_id={claim_id}
/api/admin/bounties/algora/live-execution-packet
/api/admin/bounties/algora/execute-live
/api/admin/bounties/algora/outcome
Operators can inspect completed bounty claims, create dry-run execution receipts, prepare branch work in private, generate owner-gated live packets, and record observed bounty outcomes. These routes are internal operator surfaces: they do not submit PRs, claim external bounties, move money, expose payment receiver references, or change live credit authority without explicit owner approval.
The public builder path stays simpler: register, browse the candidate catalog, start registered bounty work, build with covered Askuno credits, submit private code evidence, then wait for the third-party bounty program to approve and pay.
Credits.
Credits are Askuno's task budget unit. New accounts receive 500 free credits via the signup grant, and registered bounty work can issue a larger bounty-work free cap for claimable work.
Askuno's active release model is bounty-backed work. A private-review X-402 credit top-up path can also be enabled for payment-ability proof, but it remains off by default and production/mainnet use requires explicit owner approval.
Check balance
Your balance is included in GET /api/me. There is no standalone balance endpoint.
Bounty-work cap
Use GET /api/bounties/algora/available to find Askuno-registered work, then start through POST /api/bounties/algora/{bounty_id}/start. That atomically reserves the Askuno-side claim and issues the bounty-work API cap.
Signup grant
/api/credits/signup-grant
Idempotent — safe to call multiple times. Issues 500 credits for a new account. Requires a session JWT.
Credit Grant Webhook.
/api/credits/grant
The /api/credits/grant endpoint is for server-to-server use only — never call it from browser code. It lets an authorized Askuno server runtime issue credits to users when eligible bounty work is verified.
Requests must carry an HMAC-SHA256 signature over ${timestamp}.${rawBody} (Stripe-style, replay-protected), using the WEAVE_RUNTIME_GRANT_HMAC_KEY shared secret. Two headers are required: x-weave-timestamp (Unix seconds) and x-weave-signature (hex). Timestamps older than 300 seconds are rejected.
Signing protocol
import crypto from 'node:crypto';
const body = JSON.stringify({
user_id: 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
credits: 500,
source: 'bounty',
mission_id: 'bounty-001',
});
const timestamp = Math.floor(Date.now() / 1000).toString();
const sig = crypto
.createHmac('sha256', process.env.WEAVE_RUNTIME_GRANT_HMAC_KEY)
.update(`${timestamp}.${body}`)
.digest('hex');
await fetch('https://askuno.app/api/credits/grant', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-weave-timestamp': timestamp,
'x-weave-signature': sig,
},
body,
});
Request body
| Field | Type | Required | Description |
|---|---|---|---|
user_id | UUID string | yes | Recipient user ID. |
credits | integer | yes | Number of credits to grant (1–1 000, enforced server-side). |
source | string | yes | Grant source label, e.g. mission. |
mission_id | string | yes (when source is mission) | Mission ID. Used as the idempotency key server-side — duplicate POSTs with the same (source, mission_id) return the original grant. |
evidence_path | string | no | Optional path to verification evidence (e.g. PR URL or artifact path). |
Idempotency: Duplicate POSTs are safe — the server enforces uniqueness on (source, mission_id) via a Postgres constraint. No client-supplied idempotency key is needed or accepted.
Call Proof.
When call-proof signing is configured and attached, POST /api/chat includes a non-null weave_call_proof header value in the response body.
This lets you verify that the response passed through the Askuno credit-gated runtime without trusting a shared secret.
Get the public key
/api/call-proof/public-key
curl https://askuno.app/api/call-proof/public-key
# Response
{
"scheme": "weave-call-proof/v1",
"algorithm": "Ed25519",
"public_key": "MCowBQYDK2VwAyEA...",
"header_name": "X-Weave-Call-Proof",
"timestamp_window_seconds": 300
}
Verify a proof
/api/call-proof/verify
curl -X POST https://askuno.app/api/call-proof/verify \
-H "Content-Type: application/json" \
-d '{
"proof": "v1.42.1747000000.ab12cd34ef56ab78.qwen3:8b.deadbeefabc123.MEUCIQDabc123"
}'
# Response
{
"valid": true,
"decoded": {
"version": "v1",
"seq": 42,
"timestamp": 1747000000,
"userHash": "ab12cd34ef56ab78",
"model": "qwen3:8b",
"bodyHash": "deadbeefabc123"
}
}
Use the proof value
const proof = response.weave_call_proof;
if (proof) {
await fetch('/api/call-proof/verify', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ proof }),
});
}
Errors.
All errors return JSON with an error field containing a machine-readable code, and an optional message with human context.
{
"error": "auth_required",
"message": "No valid session or API key found."
}
| Code | HTTP | Meaning |
|---|---|---|
auth_required | 401 | No valid Authorization header present. |
missing_bearer_token | 401 | Authorization header present but token is missing. |
unknown_api_key | 401 | The ak_… key does not match any record. |
revoked_api_key | 401 | The API key has been revoked. |
malformed_api_key | 401 | Key format is invalid (wrong prefix or length). |
insufficient_credits | 402 | Not enough credits for the requested call. Claim an Askuno-managed bounty mission or sign in to claim the workspace. |
credits_exceeds_ceiling | 400 | Requested grant exceeds the per-mission ceiling. |
hmac_invalid | 401 | HMAC signature on /api/credits/grant is missing or does not match. |
expired_signature | 401 | x-weave-timestamp is more than 300 seconds old — replay protection rejected the request. |
already_claimed | 409 | User already claimed this mission. |
key_not_found | 404 | Revoke target key not found or not owned by user. |
llm_error | 500 | Configured upstream LLM gateway returned an error. |
invalid_signature | 400 | Call-proof signature verification failed. |
Rate Limits.
There are no rate limits today. Per-key rate limiting (requests per minute, daily credit cap) is planned for a future release.
The credit system provides natural throttling — each call costs credits, and balances are finite. If you need a high-volume arrangement, contact the Askuno team.