Seven Layer
Vault API

Overview

The Vault API — conditional seal-and-release over REST.

The Vault API seals data so it opens only when a condition is met: a time-lock matures, or a t-of-n quorum approves. Sealing fragments and encrypts the payload, commits it under a Merkle root, and records every access in a hash-chained, tamper-evident audit trail.

Early access. Endpoints and response shapes may change. Run the service behind your own gateway and authentication.

Base URL

The service is self-hostable and listens on port 3300 by default:

http://localhost:3300

Health check:

curl http://localhost:3300/health
# SCSA Vault OK

The flow

  1. Seal a payload with a release conditionPOST /v1/seal. You get back a sealed_id.
  2. Check whether it can open yet — GET /v1/status/:id.
  3. Release it once the condition is satisfied — quorum approvals, a matured time-lock, then POST /v1/unseal/:id.
  4. Audit every step — GET /v1/audit/:id.

Endpoints at a glance

MethodPathPurpose
POST/v1/sealSeal data with a condition
GET/v1/status/:idCurrent status of a seal
POST/v1/unseal/:idRelease data if the condition is met
POST/v1/approve/:idRecord a quorum approval
GET/v1/timelock-challenge/:idFetch the time-lock challenge
POST/v1/timelock-proof/:idSubmit the time-lock proof
GET/v1/audit/:idHash-chained audit trail
GET/v1/listList all seals

Payloads are JSON. Binary data is base64-encoded in the data field.

On this page