API Reference

Everything you need to integrate Slopshop into your application. 82 categories of tools, one unified interface. All endpoints use the same authentication, request format, and response envelope.

Authentication

All API requests require a Bearer token in the Authorization header. Slopshop supports three types of keys:

Key Types

Key Type	Prefix	Use Case
Demo Key	`sk-slop-demo-key-12345678`	Testing and evaluation. Ships with 200 credits. Shared across all users.
Personal Key	`sk-slop-...`	Your own account. Sign up via `POST /v1/auth/signup` to get 500 free credits.
Scoped Team Key	`sk-slop-team-...`	Enterprise team keys with configurable rate limits, permissions, and audit trails.

curl Example

curl

# Using the demo key
curl -X POST https://slopshop.gg/v1/text-reverse \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{"text": "hello world"}'

Node.js Example

javascript

const response = await fetch('https://slopshop.gg/v1/text-reverse', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk-slop-demo-key-12345678',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ text: 'hello world' }),
});
const data = await response.json();
console.log(data);

Sign Up for Your Own Key

curl

# Sign up and get 500 free credits
curl -X POST https://slopshop.gg/v1/auth/signup \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "name": "My Agent"}'

Tip: The demo key (sk-slop-demo-key-12345678) is shared and has a 200-credit balance. For production use, sign up for your own key to get 500 free credits and higher rate limits.

Base URL

All API requests are made to:

url

https://slopshop.gg/v1

Self-hosted instances use your own domain. The API is also available via Railway at https://slopshop-production.up.railway.app/v1.

Request Format

All tool calls use a single pattern: POST /v1/{slug} with a JSON body.

Structure

http

POST /v1/{slug} HTTP/1.1
Host: slopshop.gg
Authorization: Bearer sk-slop-...
Content-Type: application/json

{
  // Tool-specific input fields
  "text": "hello world",

  // Optional: mode controls
  "mode": "agent",           // Enable agent mode
  "trace": true,             // Enable debug trace
  "session_id": "my-session" // For agent memory persistence
}

curl Example

curl

curl -X POST https://slopshop.gg/v1/hash-sha256 \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{"input": "my important data"}'

Python Example

python

import requests

resp = requests.post(
    "https://slopshop.gg/v1/hash-sha256",
    headers={"Authorization": "Bearer sk-slop-demo-key-12345678"},
    json={"input": "my important data"},
)
print(resp.json())

Response Format

Every successful response follows the same JSON envelope:

json

{
  "ok": true,
  "data": {
    // Tool-specific output
    "hash": "a1b2c3d4...",
    "_engine": "real"
  },
  "meta": {
    "api": "hash-sha256",
    "credits_used": 1,
    "balance": 1999,
    "latency_ms": 3,
    "engine": "real",
    "confidence": 0.99,
    "output_hash": "sha256-of-data..."
  },
  "guarantees": {
    "schema_valid": true,
    "validated": true,
    "fallback_used": false
  }
}

Engine Types

Engine	Confidence	Description
`real`	0.99	Deterministic compute handler. Verifiable output.
`llm`	0.85	AI-generated output via Anthropic or OpenAI.
`needs_key`	0.00	External API key required but not configured.
`error`	0.00	Handler threw an error. Credits are refunded.

curl Example (inspecting response headers)

curl

# Use -i to see response headers
curl -i -X POST https://slopshop.gg/v1/uuid-generate \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{}'

Error Codes

All errors return a consistent JSON envelope with an error object:

json

{
  "error": {
    "code": "insufficient_credits",
    "message": "Need 5 credits, have 2",
    "need": 5,
    "have": 2
  }
}

HTTP Status	Error Code	Description	Action
`400`	`invalid_batch` / `validation_error`	Malformed request body or missing required fields.	Check your JSON body against the input schema.
`401`	`auth_required` / `invalid_key`	Missing or invalid API key.	Add `Authorization: Bearer sk-slop-...` header.
`402`	`insufficient_credits`	Not enough credits for this call.	Buy credits via `POST /v1/credits/buy` or set up auto-reload.
`404`	`api_not_found`	No API with that slug exists.	Use `GET /v1/tools` to browse available APIs.
`429`	`rate_limited`	Too many requests in the current window.	Wait and retry. Default is 60 req/min. Check `Retry-After` header.
`500`	`handler_error`	The handler threw an error during execution.	Credits are automatically refunded. Check the `hint` field for input schema guidance.

curl Example (triggering a 401)

curl

# Missing auth header returns 401 with demo key hint
curl -X POST https://slopshop.gg/v1/text-reverse \
  -H "Content-Type: application/json" \
  -d '{"text": "test"}'

# Response:
# {"error":{"code":"auth_required","message":"Set Authorization: Bearer <key>",
#   "demo_key":"sk-slop-demo-key-12345678","signup":"POST /v1/auth/signup"}}

Node.js Error Handling

javascript

const res = await fetch('https://slopshop.gg/v1/text-reverse', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ text: 'hello' }),
});

if (!res.ok) {
  const err = await res.json();
  if (res.status === 402) {
    console.log(`Need ${err.error.need} credits, have ${err.error.have}`);
  } else if (res.status === 429) {
    const retryAfter = res.headers.get('Retry-After');
    console.log(`Rate limited. Retry in ${retryAfter}s`);
  } else {
    console.error(err.error.code, err.error.message);
  }
}

Rate Limits

Default rate limits protect the platform and ensure fair usage:

Tier	Limit	Window	Notes
Default	60 requests	1 minute	Applies to all authenticated endpoints.
Public	30 requests	1 minute	Unauthenticated endpoints like `/v1/tools`.
Enterprise	Configurable	Custom	Set per-key via `POST /v1/enterprise/rate-limits`.

When rate limited, the response includes:

Retry-After header with seconds to wait
X-RateLimit-Remaining header with remaining quota

curl Example

curl

# Check current rate limit status in response headers
curl -i -X POST https://slopshop.gg/v1/uuid-generate \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{}'

# Look for: X-RateLimit-Remaining, Retry-After

Python Example (respecting rate limits)

python

import requests, time

def call_api(slug, body):
    resp = requests.post(
        f"https://slopshop.gg/v1/{slug}",
        headers={"Authorization": "Bearer sk-slop-demo-key-12345678"},
        json=body,
    )
    if resp.status_code == 429:
        wait = int(resp.headers.get("Retry-After", 5))
        print(f"Rate limited. Waiting {wait}s...")
        time.sleep(wait)
        return call_api(slug, body)  # retry
    return resp.json()

Response Headers

Every API response includes rich metadata headers for observability and cost tracking:

Header	Type	Description
`X-Request-Id`	UUID	Unique identifier for this request. Use for support tickets and debugging.
`X-Credits-Used`	Integer	Number of credits consumed by this call. `0` on handler errors (refunded).
`X-Credits-Remaining`	Integer	Your remaining credit balance after this call.
`X-Latency-Ms`	Integer	Server-side execution time in milliseconds.
`X-Engine`	String	Which engine handled the request: `real`, `llm`, `needs_key`, or `error`.
`X-Cost-USD`	Float	Estimated dollar cost of this call (credits * $0.005).
`X-Output-Hash`	SHA-256	Hash of the response data for integrity verification and deduplication. Note: This hash is generated by Slopshop's server — it proves the response wasn't modified in transit, but does not cryptographically prove which code executed. See Trust & Verification for honest details on our trust model.
`X-Cache`	String	`HIT` or `MISS`. Compute-tier APIs cache deterministic results.
`X-Low-Balance`	Boolean	Present and `true` when your balance drops below 100 credits.
`Server-Timing`	String	Standard `Server-Timing` header with total duration.

curl Example

curl

# Use -v to see all response headers
curl -v -X POST https://slopshop.gg/v1/text-word-count \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{"text": "The quick brown fox"}'

# Response headers include:
# X-Request-Id: 550e8400-e29b-41d4-a716-446655440000
# X-Credits-Used: 1
# X-Credits-Remaining: 199
# X-Latency-Ms: 2
# X-Engine: real
# X-Cost-USD: 0.0050
# X-Output-Hash: a1b2c3d4e5f6...

Node.js Example (reading headers)

javascript

const res = await fetch('https://slopshop.gg/v1/text-word-count', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk-slop-demo-key-12345678',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ text: 'The quick brown fox' }),
});

console.log('Request ID:', res.headers.get('X-Request-Id'));
console.log('Credits used:', res.headers.get('X-Credits-Used'));
console.log('Remaining:', res.headers.get('X-Credits-Remaining'));
console.log('Latency:', res.headers.get('X-Latency-Ms'), 'ms');
console.log('Engine:', res.headers.get('X-Engine'));
console.log('Cost:', res.headers.get('X-Cost-USD'));
console.log('Output hash:', res.headers.get('X-Output-Hash'));

Trust & Verification

Every response includes _engine: "real" and an X-Output-Hash (SHA-256) header. These provide tamper detection (the response wasn't modified in transit) and an audit trail (hashes are logged and replayable).

Honest Limitations

The trust source is Slopshop's server. Both _engine: "real" and X-Output-Hash are claims made by our server. They prove consistency and detect transit tampering, but they do not cryptographically prove that specific code executed on our infrastructure. If you use our cloud API, you are trusting Slopshop. This is a real limitation and we want to be transparent about it.

Verification Options

Method	Trust Level	How
Cloud API (default)	Trust Slopshop's server	Output hashes detect transit tampering only
Self-hosting	Trust your own hardware	`npm install slopshop && node server-v2.js` — run the same code locally, compare outputs
TEE attestation (roadmap)	Trust hardware vendor	Intel SGX / AWS Nitro Enclaves — hardware attests that specific code ran
ZK proofs (roadmap)	Trustless	For high-value ops; currently ~100x overhead, not practical for general compute

Merkle Proofs for Batch Verification

Army deployments can aggregate result hashes into a Merkle tree via POST /v1/proof/merkle. This lets you verify that a specific result was part of a batch without re-running all tasks. Note: the same trust limitation applies — the individual hashes are server-generated.

For the full trust model discussion, see Trust & Verification in the docs.

Agent Mode

Agent mode enriches every response with AI-agent-friendly metadata: suggested next tools, auto-memory persistence, cache fingerprints, and cost breakdowns. Enable it by adding "mode": "agent" to your request body or setting the X-Agent-Mode header.

What Agent Mode Adds

suggestions — Array of related tool slugs the agent should consider calling next.
cache_fingerprint — Deterministic hash of input for caching and deduplication.
cost_breakdown — Granular cost info including potential cache savings.
memory_persisted — Confirms the result was auto-saved to the agent's session memory (namespace + key).

curl Example

curl

curl -X POST https://slopshop.gg/v1/validate-email \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "mode": "agent",
    "session_id": "research-session-42"
  }'

# Response includes an "agent" block:
# {
#   "ok": true,
#   "data": { ... },
#   "agent": {
#     "suggestions": ["validate-phone", "pii-detect", "text-sanitize"],
#     "cache_fingerprint": "a1b2c3d4...",
#     "cost_breakdown": { "this_call": 1, "memory_cost": 0, "potential_cache_savings": 1 },
#     "memory_persisted": { "namespace": "research-session-42", "key": "validate-email:a1b2c3d4" }
#   }
# }

Node.js Example

javascript

const res = await fetch('https://slopshop.gg/v1/validate-email', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk-slop-demo-key-12345678',
    'Content-Type': 'application/json',
    'X-Agent-Mode': 'true',  // alternative to "mode": "agent"
  },
  body: JSON.stringify({
    email: 'user@example.com',
    session_id: 'research-session-42',
  }),
});

const { data, agent } = await res.json();
console.log('Result:', data);
console.log('Next tools to try:', agent.suggestions);
console.log('Memory saved at:', agent.memory_persisted);

Auto-memory is free. Agent mode automatically persists results to your session's memory namespace at zero additional credit cost. Retrieve stored results later with the memory-get API.

Streaming (SSE)

For long-running API calls or LLM-tier tools, use the streaming endpoint to get real-time Server-Sent Events (SSE). This is especially useful for AI-generated content that benefits from token-by-token delivery.

Endpoint

POST /v1/stream/{slug}

Event Types

Event	Description
`start`	Confirms the stream has begun. Contains slug, credits, and timestamp.
`progress`	Execution progress update with percent (0, 50, 100).
`token`	Individual tokens for LLM-tier text fields (streamed character-by-character).
`result`	Full result data once execution completes.
`error`	Error with details. Credits are refunded.
`done`	Stream complete. Contains final status and latency.

curl Example

curl

# Stream results via SSE
curl -N -X POST https://slopshop.gg/v1/stream/text-reverse \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{"text": "stream this"}'

# Output (Server-Sent Events):
# event: start
# data: {"slug":"text-reverse","credits":1,"ts":"2026-03-27T..."}
#
# event: progress
# data: {"status":"executing","slug":"text-reverse","percent":0}
#
# event: result
# data: {"reversed":"siht maerts","_engine":"real"}
#
# event: done
# data: {"ok":true,"latency_ms":4}

Node.js Example

javascript

const res = await fetch('https://slopshop.gg/v1/stream/text-reverse', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk-slop-demo-key-12345678',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ text: 'stream this' }),
});

const reader = res.body.getReader();
const decoder = new TextDecoder();

while (true) {
  const { done, value } = await reader.read();
  if (done) break;
  const chunk = decoder.decode(value);
  // Parse SSE events
  for (const line of chunk.split('\n')) {
    if (line.startsWith('data: ')) {
      const event = JSON.parse(line.slice(6));
      console.log(event);
    }
  }
}

Real-Time Usage Stream

Monitor all API usage in real time with the usage stream endpoint:

curl

# Subscribe to real-time usage events for your account
curl -N https://slopshop.gg/v1/stream/usage \
  -H "Authorization: Bearer sk-slop-demo-key-12345678"

Batch Calls

Execute up to 50 API calls in a single request. All calls run in parallel using Promise.allSettled, so one failure does not block the others.

Endpoint

POST /v1/batch

curl Example

curl

curl -X POST https://slopshop.gg/v1/batch \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{
    "calls": [
      { "slug": "uuid-generate", "input": {} },
      { "slug": "text-reverse", "input": { "text": "batch test" } },
      { "slug": "hash-sha256", "input": { "input": "important data" } }
    ]
  }'

# Response:
# {
#   "ok": true,
#   "results": [
#     { "slug": "uuid-generate", "data": {...}, "credits": 1, "latency_ms": 1 },
#     { "slug": "text-reverse", "data": {...}, "credits": 1, "latency_ms": 2 },
#     { "slug": "hash-sha256", "data": {...}, "credits": 1, "latency_ms": 1 }
#   ],
#   "total_credits": 3,
#   "balance": 197,
#   "calls_count": 3
# }

Node.js Example

javascript

const res = await fetch('https://slopshop.gg/v1/batch', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk-slop-demo-key-12345678',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    calls: [
      { slug: 'uuid-generate', input: {} },
      { slug: 'text-reverse', input: { text: 'batch test' } },
      { slug: 'hash-sha256', input: { input: 'important data' } },
    ],
  }),
});

const { results, total_credits, balance } = await res.json();
console.log(`Executed ${results.length} calls for ${total_credits} credits`);
results.forEach(r => console.log(r.slug, r.data));

Python Example

python

import requests

resp = requests.post(
    "https://slopshop.gg/v1/batch",
    headers={"Authorization": "Bearer sk-slop-demo-key-12345678"},
    json={
        "calls": [
            {"slug": "uuid-generate", "input": {}},
            {"slug": "text-reverse", "input": {"text": "batch test"}},
            {"slug": "hash-sha256", "input": {"input": "important data"}},
        ]
    },
)

data = resp.json()
print(f"Total credits: {data['total_credits']}, Balance: {data['balance']}")
for r in data["results"]:
    print(r["slug"], r["data"])

Limit: Maximum 50 calls per batch. Total credits for all calls are deducted upfront. If any call fails, its individual credits are noted in the result but the batch continues. Partial results are marked with "partial": true.

Dry Run

Preview what an API call will cost without executing it. No credits are charged. Validates your input against the schema and returns cost estimates, affordability checks, and example outputs.

Endpoint

POST /v1/dry-run/{slug}

curl Example

curl

curl -X POST https://slopshop.gg/v1/dry-run/hash-sha256 \
  -H "Authorization: Bearer sk-slop-demo-key-12345678" \
  -H "Content-Type: application/json" \
  -d '{"input": "test data"}'

# Response (no credits charged):
# {
#   "ok": true,
#   "dry_run": true,
#   "slug": "hash-sha256",
#   "name": "SHA-256 Hash",
#   "credits": 1,
#   "estimated_cost_usd": "0.0090",
#   "can_afford": true,
#   "balance": 200,
#   "balance_after": 199,
#   "has_handler": true,
#   "input_schema": { "required": ["input"], ... },
#   "input_validation": { "valid": true, "missing_fields": [] },
#   "hints": {
#     "execute": "POST /v1/hash-sha256",
#     "stream": "POST /v1/stream/hash-sha256",
#     "async": "POST /v1/async/hash-sha256"
#   }
# }

Node.js Example

javascript

// Check cost before executing
const preview = await fetch('https://slopshop.gg/v1/dry-run/hash-sha256', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk-slop-demo-key-12345678',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ input: 'test data' }),
}).then(r => r.json());

if (preview.can_afford && preview.input_validation.valid) {
  console.log(`Proceeding. Cost: ${preview.credits} credits ($${preview.estimated_cost_usd})`);
  // Now execute the real call
  const result = await fetch('https://slopshop.gg/v1/hash-sha256', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer sk-slop-demo-key-12345678',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({ input: 'test data' }),
  }).then(r => r.json());
  console.log(result);
} else {
  console.log('Cannot proceed:', preview.input_validation);
}

Node.js SDK

Install the Slopshop SDK for Node.js:

bash

npm install slopshop

Basic Usage

javascript

const Slop = require('slopshop');

const slop = new Slop('sk-slop-demo-key-12345678');

// Call any API by slug
const result = await slop.call('text-reverse', { text: 'hello' });
console.log(result.data);
// { reversed: "olleh", _engine: "real" }

// Batch multiple calls
const batch = await slop.batch([
  { slug: 'uuid-generate', input: {} },
  { slug: 'hash-sha256', input: { input: 'data' } },
]);
console.log(batch.results);

// Check balance
const balance = await slop.balance();
console.log(`Credits remaining: ${balance.credits}`);

// Dry run
const preview = await slop.dryRun('hash-sha256', { input: 'test' });
console.log(`Cost: ${preview.credits} credits`);

// Stream
const stream = await slop.stream('text-reverse', { text: 'stream me' });
stream.on('result', data => console.log(data));
stream.on('done', () => console.log('Complete'));

Agent Mode with Memory

javascript

const slop = new Slop('sk-slop-demo-key-12345678', { agentMode: true });

// Every call now returns suggestions + auto-persists to memory
const result = await slop.call('validate-email', {
  email: 'test@example.com',
  session_id: 'onboarding-flow',
});
console.log(result.agent.suggestions);
// ["validate-phone", "pii-detect", ...]

Python SDK

Install the Slopshop SDK for Python:

bash

pip install slopshop

Basic Usage

python

from slopshop import Slop

slop = Slop("sk-slop-demo-key-12345678")

# Call any API by slug
result = slop.call("text-reverse", text="hello")
print(result.data)
# {"reversed": "olleh", "_engine": "real"}

# Batch multiple calls
batch = slop.batch([
    {"slug": "uuid-generate", "input": {}},
    {"slug": "hash-sha256", "input": {"input": "data"}},
])
print(batch.results)

# Check balance
balance = slop.balance()
print(f"Credits remaining: {balance.credits}")

# Dry run
preview = slop.dry_run("hash-sha256", input="test")
print(f"Cost: {preview.credits} credits")

# Stream
for event in slop.stream("text-reverse", text="stream me"):
    print(event.type, event.data)

Async Support

python

import asyncio
from slopshop import AsyncSlop

async def main():
    slop = AsyncSlop("sk-slop-demo-key-12345678")

    # Concurrent calls
    results = await asyncio.gather(
        slop.call("uuid-generate"),
        slop.call("text-reverse", text="async"),
        slop.call("hash-sha256", input="data"),
    )
    for r in results:
        print(r.data)

asyncio.run(main())

OpenAPI Specification

The full OpenAPI 3.0 spec is available as machine-readable JSON, auto-generated from the live registry:

curl

# Download the OpenAPI spec
curl https://slopshop.gg/v1/openapi.json -o openapi.json

# Or access it directly in your browser:
# https://slopshop.gg/v1/openapi.json

Node.js Example (loading the spec)

javascript

// Fetch and parse the OpenAPI spec
const spec = await fetch('https://slopshop.gg/v1/openapi.json').then(r => r.json());
console.log(`${Object.keys(spec.paths).length} endpoints available`);

// List all API slugs
for (const [path, methods] of Object.entries(spec.paths)) {
  console.log(path, methods.post?.summary);
}

Python Example

python

import requests

spec = requests.get("https://slopshop.gg/v1/openapi.json").json()
print(f"{len(spec['paths'])} endpoints available")

for path, methods in spec["paths"].items():
    print(path, methods.get("post", {}).get("summary", ""))

Use with Swagger UI: You can import the OpenAPI spec into Swagger UI, Postman, Insomnia, or any other API client that supports OpenAPI 3.0.

MCP Integration (Claude Code)

Slopshop is a native MCP (Model Context Protocol) server. This means Claude Code, Claude Desktop, and any MCP-compatible client can discover and call all 78 tool categories as tools automatically.

Setup with npx

bash

# Add Slopshop as an MCP server in Claude Code
npx -y slopshop mcp

# Or with your own API key
SLOP_KEY=sk-slop-your-key npx -y slopshop mcp

Claude Desktop Configuration

Add this to your Claude Desktop claude_desktop_config.json:

json

{
  "mcpServers": {
    "slopshop": {
      "command": "npx",
      "args": ["-y", "slopshop", "mcp"],
      "env": {
        "SLOP_KEY": "sk-slop-demo-key-12345678"
      }
    }
  }
}

What Claude Can Do with MCP

Once connected, Claude can use any Slopshop tool as a native function call. For example:

text

User: "Hash my password 'secret123' with SHA-256"

Claude uses tool: slopshop.hash-sha256({ input: "secret123" })
Result: { hash: "fcb3...", algorithm: "sha256", _engine: "real" }

Claude: "Here's the SHA-256 hash: fcb3..."

curl Example (testing the MCP manifest)

curl

# Check the AI tools manifest (used by MCP clients)
curl https://slopshop.gg/.well-known/ai-tools.json

Zero configuration: The MCP server automatically discovers all available tools from the Slopshop registry. No manual tool definitions needed. When new APIs are added, they become available immediately.