Walletv1.10.10pilot-root.1kosmos.net/walletapiOpenAPI
1Kosmos · Identity Wallet

Wallet API

Provision and manage user-controlled digital identity wallets.

Authentication → All products

The 1K-Wallet service provisions and manages each user's digital identity wallet — the secure, user-controlled container for their credentials, keys and verified attributes.

19 endpoints

across 8 resource groups.

ECDSA-signed

every request is signed with your key pair.

JSON over HTTPS

predictable REST, conventional status codes.

OpenAPI 3.0

Download the spec →

Reference

Base URL

All Wallet endpoints are relative to your environment host. Examples on this page use the 1Kosmos pilot environment — swap in your production root when you go live.

Pilot https://pilot-root.1kosmos.net/walletapi

Content type

Requests and responses use application/json.

GEThttps://pilot-root.1kosmos.net/walletapi/healthz
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/healthz' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
Security

Authentication

Wallet uses ECDSA key-pair authentication. Each request carries your credentials as HTTP headers; verification-grade calls additionally sign the request body. Retrieve the system signing key from /publickeys.

Credentials
keyIdECDSA Public Keyheader
keySecretECDSA Private Keyheader
licenseLicense key from License Microserviceheader
authorizationauthorization token for the user sessionheader
GEThttps://pilot-root.1kosmos.net/walletapi/healthz
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/healthz' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
Reference

Errors

Wallet uses conventional HTTP status codes: 2xx success, 4xx a problem with the request, 5xx a service-side error.

StatusMeaningDescription
200 / 204OKThe request succeeded.
400Bad RequestValidation failed.
401UnauthorizedMissing or invalid credentials.
403ForbiddenAuthenticated, but not permitted.
404Not FoundThe resource does not exist.
500Server ErrorSomething went wrong on our side.
4XXerror response
{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Validation error"
}
Wallet

Wallet

Provision and manage identity wallets.

GET/authenticate

[DEPRECATED] Fetch sessionInfo and store into DB, then redirect to authentication page

DEPRECATED: This endpoint is deprecated and has been removed. Use /v2/authenticate instead.

Sunset date: 2026-02-02

Query parameters
NameTypeDescription
sessionrequiredstringBase64 encoded session URL
GEThttps://pilot-root.1kosmos.net/walletapi/authenticate
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/authenticate?session=<session>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
RESPONSE
410
Gone - This endpoint has been deprecated
{
  "error": "string",
  "message": "string",
  "sunset": "string"
}
GET/v2/authenticate

Fetch sessionInfo and store into DB, then redirect to v2 authentication page

Fetches sessionInfo, stores it in the DB, extracts dvcID from privateInfo, retrieves verification config including selfieCaptureMode, and redirects the user to the v2 authentication page with session data.

Query parameters
NameTypeDescription
sessionrequiredstringBase64 encoded session URL
GEThttps://pilot-root.1kosmos.net/walletapi/v2/authenticate
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/v2/authenticate?session=<session>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
RESPONSE
302
400
401
404
Redirects to the authentication page https://${dns}/wallet/v2/authenticate with base64 encoded session data containing sessionId and selfieCaptureMode
// no response body
POST/authenticate_with_liveid

[DEPRECATED] Authenticate with LiveID[V2 CP]

DEPRECATED: This endpoint is deprecated and has been removed. Use /v2/authenticate_with_liveid instead.

Sunset date: 2026-02-02

POSThttps://pilot-root.1kosmos.net/walletapi/authenticate_with_liveid
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/authenticate_with_liveid' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'Content-Type: application/json' \
  -d '{}'
RESPONSE
410
Gone - This endpoint has been deprecated
{
  "error": "string",
  "message": "string",
  "sunset": "string"
}
POST/check_enrollment

Check user enrollment of wallet

Check user enrollment of wallet

  • any valid license key
  • Atleast 1 entry in list is required
  • Either DID or PublicKey or BOTH can be provided.
  • Any time both are provided, that a single record in DB must match both did and publicKey in order to call it a "MATCH"

Headers

licensekey (required)

License key encrypted with ECDSA

requestid (required)

JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now

publickey (required)

Public key

Request Body

list (required)

list of user's did and publicKey

Returns

Headers
NameTypeDescription
licensekeyrequiredstringLicense key encrypted with ECDSA / Try Authorize &#128274;
requestidrequiredstringJSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;
publickeyrequiredstringPublic Key / Try Authorize &#128274;
Request body
{
    "list": [{"did": string}, {"publicKey": string}, {"did": string, "publicKey": string}]
}
FieldTypeDescription
listarray<object>
POSThttps://pilot-root.1kosmos.net/walletapi/check_enrollment
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/check_enrollment' \
  -H 'licensekey: YOUR_LICENSE_KEY' \
  -H 'requestid: <ecdsa-requestid>' \
  -H 'publickey: <public-key>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'Content-Type: application/json' \
  -d '{"list": [{"did": "xxxx", "publicKey": "xxxx"}]}'
RESPONSE
200
400
401
404
500
successful operation
{
  "list": [
    {
      "did": "xxxxxxxxxxx",
      "publicKey": "xxxxxxxxxxx",
      "createdTS": "xxxxxxxxxxx"
    }
  ]
}
POST/identify_selfie

Identify selfie using dvcId to get a faceKey

Accepts a selfie image, dvcId, communityId and tenantId. Fetches the verification config and verifier from docuverify, performs face search.

Headers

licensekey (required)

License key encrypted with ECDSA

requestid (required)

JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds

publickey (required)

Public key

Request Body

data (required)

ECDSA encrypted payload containing selfie, dvcId, communityId and tenantId

Returns

Returns faceKey (sha512 hash of the matched faceId) in encrypted response.

Headers
NameTypeDescription
licensekeyrequiredstringLicense key encrypted with ECDSA / Try Authorize &#128274;
requestidrequiredstringJSON string encrypted with ECDSA / Try Authorize &#128274;
publickeyrequiredstringPublic Key / Try Authorize &#128274;
Request body

Request body contains selfie, dvcId, communityId, tenantId and optionally dns.

{
  "data": {
    "selfie": "base64_encoded_selfie_image",
    "dvcId": "device_verification_config_id_or_tag",
    "communityId": "community_id",
    "tenantId": "tenant_id",
    "dns": "optional_community_dns_url"
  }
}
FieldTypeDescription
dataobject
POSThttps://pilot-root.1kosmos.net/walletapi/identify_selfie
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/identify_selfie' \
  -H 'licensekey: YOUR_LICENSE_KEY' \
  -H 'requestid: <ecdsa-requestid>' \
  -H 'publickey: <public-key>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'Content-Type: application/json' \
  -d '{"data": {"selfie": "string", "dvcId": "string", "communityId": "string", "tenantId": "string", "dns": "string"}}'
RESPONSE
200
400
401
404
500
Success
{
  "data": "string",
  "publicKey": "string"
}
POST/session_result

Get session result by UWL session ID

Fetches session_info using uwl_session_id and returns success, failure, or pending status. Allows deviceId in request body.

Query parameters
NameTypeDescription
sessionrequiredstringUWL session ID
Headers
NameTypeDescription
publickeyrequiredstringPublic Key / Try Authorize &#128274;
Request body
FieldTypeDescription
deviceIdstringDevice ID to check device trust
POSThttps://pilot-root.1kosmos.net/walletapi/session_result
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/session_result?session=<session>' \
  -H 'publickey: <public-key>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'Content-Type: application/json' \
  -d '{"deviceId": "string"}'
RESPONSE
200
400
404
Session result
{
  "status": "success",
  "message": "string"
}
POST/userDeviceInfo

Add User-Device Info into Login Attemp DB

Add User-Device Info into Login Attemp DB

Request Body

sessionId (required)

sessionId

deviceInfo (optional)

deviceInfo

userInfo (optional)

userInfo

Returns

Request body
"data": {
    "sessionId": "",
    "deviceInfo": "",
    "userInfo": ""
},
"publicKey": ""
FieldTypeDescription
sessionIdstring
deviceInfoobject
userInfoobject
POSThttps://pilot-root.1kosmos.net/walletapi/userDeviceInfo
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/userDeviceInfo' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'Content-Type: application/json' \
  -d '{"sessionId": "xxxx", "deviceInfo": {}, "userInfo": {}}'
RESPONSE
200
400
404
500
successful operation
{
  "message": "string"
}
POST/v2/authenticate_with_liveid

Authenticate with LiveID [V2 CP].

Authenticate with LiveID [V2 CP].

Request body
FieldTypeDescription
dataobject
POSThttps://pilot-root.1kosmos.net/walletapi/v2/authenticate_with_liveid
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/v2/authenticate_with_liveid' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'Content-Type: application/json' \
  -d '{"data": {"tenantId": "string", "communityId": "string", "dns": "string", "dvcID": "string", "context": "string", "userAgent": "string", "purpose": "string", "scopes": "string", "authType": "string", "deviceInfo": {}, "userInfo": {}, "selfie": "string", "pin": "string", "user_token": "string", "isTrustedDevice": true, "skip_liveid": true}}'
RESPONSE
200
Successful operation
{
  "status": "success",
  "message": "Authentication successful",
  "data": {}
}
POST/v2/submit_face

Submit face for verification and enrolling

Submits a selfie for face verification and enrolling.

Headers

requestid (required)

JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now

publickey (required)

Public key

Request Body

sessionId (required)

Session ID

selfie (required)

Base64 encoded selfie image

deviceId (required)

Device ID

cameraIndicator (optional)

Camera indicator object containing various metrics related to the camera and environment

Returns

Returns session status, pin requirement, and message.

This API throws an error if something goes wrong.

Headers
NameTypeDescription
requestidrequiredstringJSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;
publickeyrequiredstringPublic Key / Try Authorize &#128274;
Request body

Request body contains below fields to submit face.

{
  "data": {
    "sessionId": "session-123",
    "selfie": "base64string...",
    "deviceId": "device-456",
    "cameraIndicator": {
      "overallConfidence": 0.09,
      "riskLevel": "LOW",
      "label": "facetime hd camera (c4e1:9bfb)",
      "detectionTiers": {},
      "recommendations": [],
      "browserCompatibility": {}
  }
}
FieldTypeDescription
dataobject
POSThttps://pilot-root.1kosmos.net/walletapi/v2/submit_face
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/v2/submit_face' \
  -H 'requestid: <ecdsa-requestid>' \
  -H 'publickey: <public-key>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'Content-Type: application/json' \
  -d '{"data": {"sessionId": "string", "selfie": "string", "deviceId": "string", "cameraIndicator": {}}}'
RESPONSE
200
400
401
404
500
Success
{
  "data": {
    "success": true,
    "sessionId": "string",
    "status": "string",
    "pinRequired": true,
    "message": "string"
  }
}
POST/verify_pin

Verify user PIN for authentication

Verifies the user PIN and device trust, returns isAuthenticated in encrypted response.

Headers

authorization (required)

Authorization token

requestid (required)

JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now

publickey (required)

Public key

Request Body

data (required)

ECDSA encrypted payload with pin and isTrustedDevice

Returns

Returns isAuthenticated in encrypted response. This API throws an error if something goes wrong.

Headers
NameTypeDescription
authorizationrequiredstringAuthorization token
requestidrequiredstringJSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;
publickeyrequiredstringPublic Key / Try Authorize &#128274;
Request body

Request body contains below fields to verify PIN.

{
  "data": {
    "pin": "1234",
    "isTrustedDevice": true
  }
}
FieldTypeDescription
dataobject
POSThttps://pilot-root.1kosmos.net/walletapi/verify_pin
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/verify_pin' \
  -H 'authorization: Bearer YOUR_TOKEN' \
  -H 'requestid: <ecdsa-requestid>' \
  -H 'publickey: <public-key>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'Content-Type: application/json' \
  -d '{"data": {"pin": "string", "isTrustedDevice": true}}'
RESPONSE
200
400
401
404
500
Success
{
  "data": "string"
}
POST/webhooks/{uwl_session_id}

[DEPRECATED] PID webhook callback for UWL session

DEPRECATED: This endpoint is deprecated and has been removed. Use /v2/submit_face instead.

Sunset date: 2026-02-02

Path parameters
NameTypeDescription
uwl_session_idrequiredstringUWL session ID
Request body
FieldTypeDescription
sessionIdstringPID session ID
transactionIDstringTransaction ID
statusstringStatus of the PID session One of: SUCCESS
puidstring
guidstring
selfiestringBase64 encoded selfie image (if required)
messagestringMessage for the PID session
POSThttps://pilot-root.1kosmos.net/walletapi/webhooks/{uwl_session_id}
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/webhooks/<uwl_session_id>' \
  -H 'authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"sessionId": "string", "transactionID": "string", "status": "SUCCESS", "puid": "string", "guid": "string", "selfie": "string", "message": "string"}'
RESPONSE
410
Gone - This endpoint has been deprecated
{
  "error": "string",
  "message": "string",
  "sunset": "string"
}
Wallet

Service Key

Service Key endpoints.

GET/servicekeys

Get service keys

This endpoint returns available service keys. The license you are using must be of authLevel 'system'

Headers

licensekey (required)

License key encrypted with ECDSA

requestid (required)

JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now

publickey (required)

Public key

Returns

Returns array with service keys

Headers
NameTypeDescription
requestidrequiredstringJSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;
publickeyrequiredstringPublic Key / Try Authorize &#128274;
licensekeyrequiredstringLicense key encrypted with ECDSA / Try Authorize &#128274;
GEThttps://pilot-root.1kosmos.net/walletapi/servicekeys
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/servicekeys' \
  -H 'requestid: <ecdsa-requestid>' \
  -H 'publickey: <public-key>' \
  -H 'licensekey: YOUR_LICENSE_KEY' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY'
RESPONSE
200
400
401
403
500
Success
[
  {
    "tag": "xxxxx",
    "keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
    "keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
    "type": "xxxxx",
    "debug": false
  }
]
DELETE/servicekey/{keyId}

Reset Service Key

This endpoint resets service key for given keyId. Deletes current one and recreates a new one. The license you are using must be of authLevel 'system'

Parameters

keyId (required)

The keyId of service key to reset

Headers

licensekey (required)

License key encrypted with ECDSA

requestid (required)

JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now

publickey (required)

Public key

Returns

Returns re-created service key

Path parameters
NameTypeDescription
keyIdrequiredstringkeyId of service key to reset
Headers
NameTypeDescription
requestidrequiredstringJSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;
publickeyrequiredstringPublic Key / Try Authorize &#128274;
licensekeyrequiredstringLicense key encrypted with ECDSA / Try Authorize &#128274;
DELETEhttps://pilot-root.1kosmos.net/walletapi/servicekey/{keyId}
cURL
Node.js
Python
curl -X DELETE 'https://pilot-root.1kosmos.net/walletapi/servicekey/<keyId>' \
  -H 'requestid: <ecdsa-requestid>' \
  -H 'publickey: <public-key>' \
  -H 'licensekey: YOUR_LICENSE_KEY' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY'
RESPONSE
200
400
401
500
Success
[
  {
    "tag": "xxxxx",
    "keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
    "keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
    "type": "xxxxx",
    "debug": false
  }
]
Wallet

ECDSA Helper

ECDSA Helper endpoints.

POST/ecdsa_helper/{method}

Encrypt and decrypt the data string by public key and private key.

Encrypt and decrypt the data string by public key and private key.

Parameters

method (optional)

The method parameter is type of enum. Default value is encrypt.

This parameter only accepts following values

encrypt, decrypt

Request Body

data (optional)

The data key is type of String.

publicKey (required)

The publicKey is type of string.

privateKey (required)

The privateKey is type of string.

Returns

Returns the encrypted/decrypted string.

This API throw an error if something goes wrong. A common source of error is public or private key is not valid.

Path parameters
NameTypeDescription
methodstring
Request body
FieldTypeDescription
datastring
publicKeystring
privateKeystring
POSThttps://pilot-root.1kosmos.net/walletapi/ecdsa_helper/{method}
cURL
Node.js
Python
curl -X POST 'https://pilot-root.1kosmos.net/walletapi/ecdsa_helper/<method>' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{"data": "Hey, This is example data string.", "publicKey": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx=", "privateKey": "xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="}'
RESPONSE
200
successful operation
"xxxxxxxxxxxxxxxxxxxxxx"
Wallet

Environment

Environment endpoints.

GET/environment

/environment

Provide details regarding the environments.

Returns

Returns an environment object

GEThttps://pilot-root.1kosmos.net/walletapi/environment
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/environment' \
  -H 'license: YOUR_LICENSE_KEY'
RESPONSE
200
Success
// no response body
Wallet

Healthz

Healthz endpoints.

GET/healthz

Get healthz.

Get healthz

Returns

Returns a healthz object

  • ``version = <git-tag>.<commit-id>.<dob>``
  • ``git-tag``: When code is compiled from a git-tag, this must carry the tag name. This should match one of the git tags.
  • ``commit-id``: This is the git-commit-id. eg: When code is built from this, the hex code, in the end, is the commit it.
  • ``dob``: Date Of Build. This is epoc-time-in-se conds that tell the time when the build was created.
  • ​if the code is not built from a git-tag, then the ``version =<commit-id>.<dob>``
GEThttps://pilot-root.1kosmos.net/walletapi/healthz
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/healthz' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
RESPONSE
200
Success ``` { "status": "all services operational", "publicKey": "string" //same as <service>/publickeys endpoint, "code": "200", "version": "<version>" //as defined above } ```
{
  "status": "all services operational",
  "publicKey": "//same as <service>/publickeys endpoint",
  "code": "200",
  "version": "xxxx.xxxx.xxxx"
}
Wallet

Public Key

Public Key endpoints.

GET/publickeys

Get system's public key.

Get system's public key.

Returns

Returns a public key object

GEThttps://pilot-root.1kosmos.net/walletapi/publickeys
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/publickeys' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
RESPONSE
200
401
{
  "publicKey": ""
}
Wallet

Service Directory

Service Directory endpoints.

GET/sd

Get all service directories.

Get all service directories.

Returns

Returns all service directories.

GEThttps://pilot-root.1kosmos.net/walletapi/sd
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/sd' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
RESPONSE
200
{
  "name1": "https://xxx.xxxxxx.xxx/xxxxx",
  "name2": "https://xxx.xxxxxx.xxx/xxxxx",
  "name3": "https://xxx.xxxxxx.xxx/xxxxx"
}
Wallet

Well Known config

Well Known config endpoints.

GET/.well-known

Get well known config.

Get well known config

Returns

Returns an object

GEThttps://pilot-root.1kosmos.net/walletapi/.well-known
cURL
Node.js
Python
curl -X GET 'https://pilot-root.1kosmos.net/walletapi/.well-known' \
  -H 'keyId: YOUR_KEY_ID' \
  -H 'keySecret: YOUR_KEY_SECRET' \
  -H 'license: YOUR_LICENSE_KEY' \
  -H 'authorization: Bearer YOUR_TOKEN'
RESPONSE
200
Success ``` { "auth_endpoint": "https://$dns/walletapi/authenticate", "enrollment_check_endpoint": "https://$dns/walletapi/check_enrollment", "public_key": "string" //same as <service>/publickeys endpoint, "purpose_supported": ["authenticate", "enroll"], "scopes_supported": ["wallet", "liveness_score", "selfie", "face_compare_score"] } ```
{
  "auth_endpoint": "https://$dns/walletapi/authenticate",
  "enrollment_check_endpoint": "https://$dns/walletapi/check_enrollment",
  "public_key": "//same as <service>/publickeys endpoint",
  "purpose_supported": [
    "authenticate",
    "enroll"
  ],
  "scopes_supported": [
    "wallet",
    "liveness_score",
    "selfie",
    "face_compare_score"
  ]
}
© 2026 1Kosmos · 1K-Wallet Service v1.10.10Generated from the OpenAPI spec · walletapi.json