Skip to main content

API Overview

All consumer traffic goes through the API Gateway at api.timepointai.com, which authenticates requests, manages credits, enforces rate limits, and proxies to backend services. Each service also has a direct subdomain for service-to-service calls.

Architecture

Client (iPhone, Web App, MCP, etc.)


api.timepointai.com  ──>  API Gateway (auth authority, credits, rate limiting, proxy)

  ├── /api/v1/auth/*          ──>  gateway-native (JWT, OAuth, API keys)
  ├── /api/v1/users/*         ──>  gateway-native (user management)
  ├── /api/v1/credits/*       ──>  gateway-native (credit balance, usage)
  ├── /api/v1/clockchain/*    ──>  clockchain.timepointai.com
  ├── /api/v1/billing/*       ──>  billing.timepointai.com
  ├── /api/v1/timepoints/*    ──>  flash.timepointai.com
  ├── /api/v1/* (all else)    ──>  flash.timepointai.com
  └── /health                 ──>  gateway health (native)

Domain Map

DomainServiceAuthNotes
api.timepointai.comAPI GatewayBearer JWT, API keysAuth authority — validates auth, manages credits, proxies to backends
flash.timepointai.comFlashInternal only, accessed via GatewayGeneration engine
clockchain.timepointai.comClockchainNone (public reads) / authenticated writesTemporal causal graph
clockchain.timepointai.com/mcp/Clockchain MCPMCP tools (public reads)Streamable HTTP MCP interface (v1.26.0)
pro.timepointai.comPro CloudGateway JWT or API keySNAG social simulations
billing.timepointai.comBillingInternal onlyCredit packs, subscriptions, payment verification
Consumer apps (iPhone, web app, external clients) should use api.timepointai.com — the gateway authenticates and routes transparently. Service-to-service calls should use direct subdomains (e.g. clockchain.timepointai.com) with appropriate service keys to skip the gateway hop.

Quick Examples

Clockchain — No Auth Needed

# Get graph stats
curl https://clockchain.timepointai.com/api/v1/stats

# Search moments
curl "https://clockchain.timepointai.com/api/v1/moments?q=rome&limit=5"

Flash — Render a Moment (via Gateway)

curl -X POST https://api.timepointai.com/api/v1/timepoints/generate/sync \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT" \
  -d '{"query": "Moon landing, July 20 1969", "generate_image": true}'

Response Format

All APIs return JSON. Clockchain public endpoints return paginated results: 
{
  "items": [...],
  "total": 1900,
  "limit": 10,
  "offset": 0
}

Rate Limits

TierLimitApplies To
Public60/minClockchain unauthenticated reads
Auth reads300/minAuthenticated GET requests
Auth writes30/minPOST/PUT/DELETE with auth
Rate limit headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

CORS

All services allow cross-origin requests from *.timepointai.com subdomains.