Quickstart

Five minutes from a fresh account to an Artifact you can verify by fingerprint. You’ll need an enterprise-tier organization to mint API keys.

Mint an API key

In the web app, head to Settings → API keys and create a key, or call the endpoint directly with your Monolith JWT (the caller must be the owner of the target organization):


curl -X POST https://api.joinmonolith.com/api/v1/api-keys \
  -H "Authorization: Bearer $JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "organizationId": "YOUR_ORG_UUID",
    "name": "my-cli-key"
  }'

The response includes a token of the form monolith_<22 base62 chars>. Save it now — it cannot be retrieved later.


{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "my-cli-key",
  "token": "monolith_AbCdEfGhIjKlMnOpQrStUvwx12",
  "prefix": "monolith_AbCdEfGh",
  "last4": "wx12",
  "createdAt": "2026-05-03T17:00:00Z"
}

From here on, use the monolith_… token as your bearer credential.

Pick a Mark

List the Marks you can write to:


curl https://api.joinmonolith.com/api/v1/marks \
  -H "Authorization: Bearer monolith_AbCd…wx12"

Note the id of the Mark you want this Artifact to live under.

Compute a fingerprint

Locally, hash the file’s bytes with SHA-256 and prefix 0x:

bash


printf '0x%s\n' "$(shasum -a 256 my-art.png | cut -d' ' -f1)"

node


import { readFile } from 'node:fs/promises'
import { createHash } from 'node:crypto'
const buf = await readFile('my-art.png')
const fp = '0x' + createHash('sha256').update(buf).digest('hex')
console.log(fp)

python


import hashlib
print('0x' + hashlib.sha256(open('my-art.png','rb').read()).hexdigest())

Create an Artifact


curl -X POST https://api.joinmonolith.com/api/v1/artifacts \
  -H "Authorization: Bearer monolith_AbCd…wx12" \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "MARK_UUID_FROM_STEP_2",
    "fingerprint": "0xabcdef…",
    "filename": "my-art.png",
    "mediaType": "image/png",
    "size": 248390
  }'

Response: an Artifact in pending status (the project field on the returned object is the Mark it lives under). The blockchain submission runs asynchronously; poll the next step or the per-Mark Artifact list to watch it move to submitted.

Verify by fingerprint

Anyone (with any valid bearer token) can ask Monolith who minted a fingerprint:


curl https://api.joinmonolith.com/api/v1/artifacts/0xabcdef… \
  -H "Authorization: Bearer monolith_AbCd…wx12"

The response confirms the binding: project (the Mark), metadata, transactionHash, and — if the Mark is public — createdBy.

API keys are organization-equivalent credentials. They can manage sibling keys for the same organization via the /api/v1/api-keys endpoints (the body or query organizationId must match their own). Treat them like passwords; revoke any key you suspect has leaked from the web app or via DELETE /api/v1/api-keys/{keyId}?organizationId=….

Next steps

Authentication — JWT vs monolith_ keys
Errors — error shape and codes
Full API reference — every endpoint and schema