Docs / Reference / REST API

API Reference

npmvc.com REST API for publishers and consumers.

Authentication

Write operations require a Bearer token issued during registration. Read operations are public.

Authorization: Bearer <token>

POST /api/register-issuer

Register as a publisher. No auth required.

curl -X POST https://npmvc.com/api/register-issuer \
  -H 'content-type: application/json' \
  -d '{"name":"my-company","publicKey":"z6Mk...","didLog":"{...}"}'

→ { "did": "did:webvh:...", "token": "eyJ..." }

GET /api/issuers/[name]/did.jsonl

Fetch an issuer's DID log (JSON Lines, hash-chained).

PUT /api/issuers/[name]/resources/[id]

Upload an Attested Resource. Auth required.

GET /api/issuers/[name]/resources/[id]

Fetch an Attested Resource by content-addressable ID.

POST /api/vcs/[purl]

Upload an attestation envelope. Auth required.

GET /api/vcs/[purl]

Fetch attestation envelopes for a package version. Returns an array.

GET /api/resolve/[did]

Resolve a did:webvh identifier. Returns the latest DID document.

GET /api/trust-root

Community trust root (list of trusted issuer DIDs).

GET /api/badge/[package]

SVG badge for README embedding.

![npmvc](https://npmvc.com/api/badge/my-lib)

GET /api/stats

Registry-wide counts (issuers, packages, attestations).

GET /api/health

{ "status": "ok", "version": "0.1.0" }
← previousPolicy configurationnext →CI/CD integration