XP

Overview

The XP API provides endpoints for managing experience points (XP) within the Ethos network. It allows users to retrieve their XP history and perform various XP-earning actions such as daily check-ins through the browser extension.

Endpoints

Extension Daily Check-in

POST /api/v1/xp/extension-daily-checkin

Description: Allows users to check in daily via the browser extension to earn XP.

Authentication Required: No (Uses cryptographic signature verification)

Parameters

Body Parameters

Name
Type
Required
Description

twitterHandle

string

Yes

The Twitter handle of the user checking in (without the @ symbol)

timestamp

number

Yes

Current timestamp in milliseconds

installationId

string

Yes

Unique identifier for the extension installation

signature

string

Yes

HMAC-SHA256 signature of twitterHandle:timestamp:installationId using installationId as the key

Responses

Success Response

Code: 200 OK

{
  "ok": true,
  "data": {
    "success": true
  }
}

Error Response

Code: 400 Bad Request

{
  "ok": false,
  "error": "Already checked in today",
  "code": "ALREADY_CHECKED_IN"
}

Possible error codes:

  • ALREADY_CHECKED_IN: User has already checked in today

  • TWITTER_USER_NOT_FOUND: The provided Twitter handle does not exist or is not registered with Ethos

Code: 401 Unauthorized

{
  "ok": false,
  "error": "Invalid signature",
  "code": "INVALID_SIGNATURE"
}

Possible error codes:

  • INVALID_SIGNATURE: The provided signature is invalid

  • UNAUTHORIZED: The timestamp is too old (more than 5 minutes)

Example

Request

http POST https://api.ethos.network/api/v1/xp/extension-daily-checkin \
  twitterHandle=ethosuser \
  timestamp=1627318400000 \
  installationId=abcd1234 \
  signature=HMAChdjhdwueGFRkSjdksleiFEIRekjsfndk

Notes

  • Users can only check in once per day (based on UTC date).

  • The XP awarded is typically 100 points, but may be adjusted by a multiplier based on the user's score.

  • The request must include a valid signature generated by the extension to prevent abuse.

  • Timestamp must be within the last 5 minutes to prevent replay attacks.

Last updated