Skip to main content
The HTTP API is a thin proxy. Every handler calls the canonical runtime RPC client to query state or broadcast transactions; no business state is kept in the server process.

Base URL

Each deployment exposes the API at its own base URL:
DeploymentBase URL
shyvoting civic deploymentdeployment-owned base URL
shyvoting sovereign deploymentdeployment-owned base URL
shyshares governance deploymentdeployment-owned base URL

Authentication

No authentication is required for read endpoints. POST /ballots accepts a tx.BallotCastData payload; authentication is performed inside the canonical state machine (IDV signature verification and, if enabled, ZK proof verification).

Privacy contract

GET /polls/{id}/voters returns only a count field — never individual identity_hash values. GET /polls/{id}/votes returns ballot IDs and choices (List 1) but no voter identity. The List 1 / List 2 separation is enforced at the API boundary.

CORS

All endpoints include permissive Access-Control-Allow-Origin: * headers. Place a reverse proxy in front of the server to restrict origins in production.

Response format

All responses are JSON. Error responses include a code field matching the runtime validation code and a log field with a human-readable message. 
{
  "code": 3,
  "log": "tx validation failed: duplicate vote: identity abc123... already voted in poll poll-1"
}