API Reference

The QECNet API provides programmatic access to the command interface, event stream, and autonomous response controls. All endpoints require authenticated sessions and are subject to rate limiting.

CONTENTS

--Authentication --Session Management --Event Stream --Command Endpoints --Error Handling --Rate Limits

BASE URL

https://command.qecnet.com/api

All requests must be made over HTTPS. HTTP connections are rejected at the edge.

Authentication

Authentication is performed via authorization code exchange. Upon successful authentication, the server issues an HTTP-only session cookie with strict security parameters.

POST/api/auth

REQUEST BODY

{
  "code": "string"  // Authorization code
}

RESPONSE — 200

{
  "authorized": true
}

// Sets HTTP-only cookie: qecnet_session
// Cookie attributes: httpOnly, secure, sameSite=strict
// Expiry: 86400 seconds (24 hours)

RESPONSE — 401

{
  "authorized": false,
  "error": "Invalid authorization code"
}

GET/api/auth

Check current session validity.

RESPONSE — 200

{
  "authorized": true | false
}

Session Management

Sessions are managed server-side using cryptographically signed cookies. Session state is not stored on the client. The session cookie is transmitted automatically with all subsequent requests.

SESSION PARAMETERS

Cookie nameqecnet_session

Duration86400 seconds (24 hours)

HttpOnlytrue — not accessible to client-side scripts

Securetrue — transmitted only over HTTPS

SameSitestrict — not sent with cross-origin requests

RenewalNo automatic renewal. Re-authentication required on expiry.

Event Stream

GET/api/events

Health check and event stream status endpoint.

RESPONSE — 200

{
  "status": "operational",
  "mode": "live" | "simulation",
  "message": "QECNet Sentinel operational"
}

EVENT OBJECT SCHEMA

interface ThreatEvent {
  id: string;              // Unique event identifier
  timestamp: number;       // Unix timestamp (ms)
  country: string;         // Origin country name
  countryCode: string;     // ISO 3166-1 alpha-2
  system: string;          // Affected system label
  systemType: SystemType;  // "grid" | "lng" | "access" | "comms" | "defense"
  severity: Severity;      // "critical" | "high" | "medium" | "low"
  description: string;     // Human-readable event description
}

Command Endpoints

Command endpoints execute operational actions on the network. All commands are authenticated, logged, and subject to policy evaluation before execution.

POST/api/rotate-keys

Initiate sovereign key rotation across the mesh.

RESPONSE — 200

{
  "success": true,
  "newKeyFingerprint": "string",
  "rotatedAt": "ISO-8601 timestamp",
  "nodesUpdated": number
}

POST/api/isolate-node

Isolate a compromised or suspect node from the mesh.

REQUEST BODY

{
  "nodeId": "string"  // Target node identifier
}

RESPONSE — 200

{
  "success": true,
  "nodeId": "string",
  "isolatedAt": "ISO-8601 timestamp",
  "severedConnections": number
}

POST/api/reroute

Reroute traffic around compromised network segments.

REQUEST BODY

{
  "sourceId": "string",  // Origin node
  "targetId": "string"   // Destination node
}

RESPONSE — 200

{
  "success": true,
  "sourceId": "string",
  "targetId": "string",
  "newRoute": "string[]",
  "reroutedAt": "ISO-8601 timestamp"
}

POST/api/correlate

Submit events for temporal correlation analysis.

REQUEST BODY

{
  "eventIds": "string[]"  // Event identifiers to correlate
}

RESPONSE — 200

{
  "id": "string",
  "timestamp": number,
  "eventIds": "string[]",
  "threatVector": "string",
  "certainty": number,       // 0-100
  "recommendation": "string"
}

Error Handling

STATUS

MEANING

ACTION

200

Success

Process response body

401

Unauthorized

Re-authenticate via /api/auth

403

Forbidden

Insufficient permissions for requested action

404

Not Found

Requested resource does not exist

429

Rate Limited

Back off and retry after Retry-After header

500

Internal Error

Log error, retry with exponential backoff

503

Service Unavailable

System under maintenance or overloaded

Rate Limits

/api/auth5 requests / minuteSliding window

/api/events60 requests / minuteFixed window

/api/rotate-keys10 requests / minuteSliding window

/api/isolate-node20 requests / minuteSliding window

/api/reroute20 requests / minuteSliding window

/api/correlate30 requests / minuteFixed window

Rate limit headers are included in all responses: X-RateLimit-Remaining, X-RateLimit-Reset. When rate limited, a Retry-After header indicates when to retry.