{ "info": { "name": "KeyClaim API", "description": "KeyClaim Challenge Validation API - Challenge endpoints only", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "keyclaim-api" }, "variable": [ { "key": "base_url", "value": "https://keyclaim.org", "type": "string" }, { "key": "api_key", "value": "kc_your_api_key_here", "type": "string" } ], "item": [ { "name": "Challenge", "item": [ { "name": "Create Challenge", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "type": "text" }, { "key": "Authorization", "value": "Bearer {{api_key}}", "type": "text", "description": "API key in Authorization header. Format: Bearer kc_your_api_key_here" }, { "key": "Origin", "value": "https://yourdomain.com", "type": "text", "description": "Optional: Required only if your API key has allowedOrigins configured for origin validation (MITM protection)." } ], "body": { "mode": "raw", "raw": "{\n \"ttl\": 30\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{base_url}}/api/challenge/create", "host": ["{{base_url}}"], "path": ["api", "challenge", "create"] }, "description": "Generate a new challenge token for validation. Each challenge is unique and expires after the specified TTL. If your API key has a key pair assigned, the challenge will be automatically encrypted. If your API key has allowedOrigins configured, include the Origin header matching one of the allowed origins." }, "response": [] }, { "name": "Validate Challenge", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "type": "text" }, { "key": "Authorization", "value": "Bearer {{api_key}}", "type": "text", "description": "API key in Authorization header. Format: Bearer kc_your_api_key_here" }, { "key": "Origin", "value": "https://yourdomain.com", "type": "text", "description": "Optional: Required only if your API key has allowedOrigins configured for origin validation (MITM protection)." } ], "body": { "mode": "raw", "raw": "{\n \"key\": \"{{api_key}}\",\n \"challenge\": \"challenge_from_create\",\n \"response\": \"hmac_sha256_response_here\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{base_url}}/api/challenge/validate", "host": ["{{base_url}}"], "path": ["api", "challenge", "validate"] }, "description": "Validate a challenge-response pair. Returns validation result and optional signature for Pro/Business plans. If your API key has allowedOrigins configured, include the Origin header matching one of the allowed origins." }, "response": [] }, { "name": "Validate Challenge (RSA Decrypted)", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "type": "text" }, { "key": "Authorization", "value": "Bearer {{api_key}}", "type": "text", "description": "API key in Authorization header. Format: Bearer kc_your_api_key_here" } ], "body": { "mode": "raw", "raw": "{\n \"key\": \"{{api_key}}\",\n \"challenge\": \"encrypted_challenge_from_create\",\n \"response\": \"decrypted_challenge_value\",\n \"decryptedChallenge\": \"decrypted_challenge_value\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{base_url}}/api/challenge/validate", "host": ["{{base_url}}"], "path": ["api", "challenge", "validate"] }, "description": "Validate a challenge. If your API key has a key pair assigned, the challenge may be encrypted and you'll need to decrypt it with your private key before generating the HMAC response." }, "response": [] } ], "description": "Challenge creation and validation endpoints" } ] }