Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 179 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
An application programming interface (API) is a standardized mechanism enabling two or more computer programs to communicate by defining a set of protocols, data formats, and interaction patterns. In the KERI ecosystem, APIs preserve the protocol's unique security properties while enabling component interoperability.
An Application Programming Interface (API) is a software interface that enables communication between different computer programs through defined protocols and data structures. The term encompasses both the specification (documentation describing how to build or use the interface) and the implementation (the actual system that exposes the interface).
In the KERI/ACDC ecosystem, APIs serve a specialized role: they must enable component communication while preserving KERI's end-verifiable security properties. This distinguishes KERI APIs from traditional web APIs that often rely on centralized trust models.
The KERI Application Programming Interface (KAPI) represents the comprehensive set of APIs designed specifically for KERI ecosystem components. KAPI provides standardized interfaces for:
The critical design principle is that KAPI must preserve KERI's unique properties including:
Preserve End-Verifiability: KERI APIs must never introduce trust dependencies. All operations should be cryptographically verifiable to the root-of-trust without relying on the API provider's honesty.
Signature Requirements: Unlike traditional APIs using API keys or OAuth tokens, KERI APIs require cryptographic signatures from controlling AIDs on all state-changing operations. This ensures non-repudiable attribution.
CESR Encoding: KERI APIs should use CESR for encoding cryptographic primitives, enabling efficient text/binary conversion while maintaining composability.
Separation of Concerns: Follow KERIA's pattern of separating interfaces by security boundary (Boot, Admin, Protocol) rather than mixing concerns in a single API surface.
Stateless Where Possible: APIs should be designed to be stateless, with state maintained in verifiable data structures (KELs, TELs) rather than server-side sessions.
The KERIA (KERI Agent in the cloud) service exemplifies KERI API design through its three-interface architecture:
This separation enables different security boundaries while maintaining protocol integrity.
Signify implements a client-side API pattern where:
This "signing at the edge" architecture demonstrates how KERI APIs can provide convenience without compromising security.