Introduction
The Cajas API provides endpoints for managing case openings and provably fair seed management. All API endpoints are built using Next.js API routes and require authentication.Base URL
Authentication
All API endpoints require authentication using Supabase authentication. Requests must include a valid session cookie or authorization header.Unauthenticated requests will receive a
401 Unauthorized response.Authentication Headers
When making API requests, ensure you include the Supabase authentication token:Response Format
All API responses are returned in JSON format.Success Response
Error Response
Error responses follow a consistent format:Common Status Codes
Request was successful
Missing or invalid authentication credentials
The requested resource was not found (e.g., case doesn’t exist)
Invalid request parameters or case is empty
An error occurred on the server
Rate Limiting
Available Endpoints
Case Management
- POST /api/cases/open - Open a case and receive a random item
Provably Fair
- GET /api/provably-fair/seed - Get current seed information
- POST /api/provably-fair/seed - Rotate seeds for provably fair gaming
Data Models
User Seeds
The system uses a provably fair system with server seeds, client seeds, and nonces:- Server Seed: Generated server-side, kept secret until revealed
- Client Seed: User-provided or generated, known to the user
- Nonce: Incrementing counter for each game round
- Server Seed Hash: SHA-256 hash of the server seed (publicly visible)
Case Items
Case items include:- Item ID and metadata
- Value (price)
- Probability (drop chance percentage)
- Rarity tier (legendary < 1%, epic < 5%, rare < 20%, common >= 20%)
Getting Started
- Authenticate with Supabase
- Retrieve your current seeds using GET /api/provably-fair/seed
- Open a case using POST /api/cases/open
- Verify fairness using the returned seed information