Skip to main content
Tulip uses separate authorization layers for API access, on-chain credit spending, provider onboarding, and settlement operations.

API key

Every /v1/* request requires a Tulip API key:
The health route is public. The settlement flush route uses a different operator credential.

Inference permit

Chat requests also require a 32-byte on-chain permit ID:
The Gateway reads the permit from Robinhood Chain and rejects it when it is missing, expired, closing, closed, bound to another model, or pinned to another provider offer.

Quote

You may supply a previously created quote:
Quotes expire after 60 seconds. A quote is bound to the exact model, messages, output limit, tools, tool choice, and response format. Changing the request invalidates it.

Provider signature

Provider Gateway registration requires an EIP-712 signature from the offer’s on-chain operator. The challenge binds:
  • Offer ID.
  • Hash of the endpoint URL.
  • Single-use nonce.
  • Expiration no more than 15 minutes in the future.
This signature authorizes private endpoint registration. It does not grant custody over the operator’s assets.

Settlement operator

POST /settlements/flush requires the separate settlement operator bearer token. It is intended for an internal worker, not frontend clients or providers.
Never embed Gateway API keys, provider endpoint tokens, settlement credentials, or private keys in public frontend code.