Skip to content
Minotaur
+ 05 · API Reference

API Reference

Comprehensive reference for the Minotaur validator HTTP API exposed at api.minotaursubnet.com — base URL, authentication model, and the full /v1 surface organised by router.

The Minotaur validator exposes a versioned HTTP API at https://api.minotaursubnet.com. All product endpoints sit under the /v1 prefix. The OpenAPI schema is not served publicly in production (openapi_url=None on the FastAPI app); this reference is generated directly from the route source in minotaur_subnet/api/routes/*.py so it can’t silently drift.

Base URL & CORS

PropertyValue
Production basehttps://api.minotaursubnet.com
Version prefix/v1
CORS Access-Control-Allow-Originhttps://app.minotaursubnet.com (preflight allows GET, POST, PUT, PATCH, DELETE, OPTIONS)
Health checkGET /health (no prefix)

Authentication

Most endpoints are unauthenticated and rely on EIP-712 signatures for binding operations:

  • Order signing: a wallet signs the IntentOrder typed-data (domain.name = "MinotaurAppIntent", version = "1", verifyingContract = <app>). The server recovers the signer with _signature_verify.py and compares it to submitted_by. The nonce field uses the sentinel value 2^256-1 to skip on-chain nonce verification.
  • Solver-round / champion-consensus: validator-to-validator messages carry an EIP-191 signature over a canonical message payload; only addresses in the on-chain ValidatorRegistry are accepted.
  • Submissions: miner solver submissions require a wallet signature over the submission payload (commit hash + manifest).
  • App management: create / deploy / lifecycle / registry actions use an EIP-712 wallet-signature model that retires the shared admin key. Auth travels in headers (X-App-Auth-Signer, X-App-Auth-Signature, X-App-Auth-Nonce, X-App-Auth-Deadline); allowed signers are the app deployer plus APP_ADMIN_SIGNERS. Deploy can alternatively be authorized by the once-per-app WTAO deploy-fee payment. Create accepts X-Admin-Key or a self-serve owner_signature.

Endpoints that do not require a signature: read-only listings (GET /v1/orders, GET /v1/apps, GET /v1/chains/..., GET /v1/blockloop/status, GET /health).

Routers

Notes

  • OpenAPI is disabled in production for the API surface area. To regenerate this reference, re-run apps/docs/scripts/sync_from_subnet.py against the latest minotaur_subnet/api/routes/.
  • Versioning: the API is at v0.2.0 (per FastAPI(title="Minotaur App Intents API", version="0.2.0")).
  • Errors follow FastAPI’s default shape: {"detail": "..."} for 4xx/5xx, with status codes per RFC 9110.