Intro

With the CryptoLoot HTTP API you can fetch the numerical value of hashes solved for a user account on your website, game, or app. You can also withdraw Monero, verify tokens and create shortlinks, or use CryptoLoot as a captcha system to prevent spam and other attacks.

Using this API requires a secret key (see Manage Sites). This key should be kept secret and should never be exposed to your anybody, including your users. The HTTP API should only ever be called from the server side, i.e. from PHP, NodeJS, Ruby, Python scripts running on your own server.

You should never call the CryptoLoot HTTP API from the client side!

Your secret key can be passed with each API call as a GET or POST parameter, depending on the required method for the endpoints.

The API returns a JSON encoded object for each request. All responses contain a boolean success property. In case success is false, an error property will be present, describing why the operation failed.

Global Errors

Each API request may result in any of these global errors

invalid_secret The secret provided as GET or POST parameter is invalid.
bad_request A malformed request was received.
wrong_method The API expected a POST request but a GET request was performed.
not_found The API endpoint could not be found. Check the URL for your API call.
internal_error Something bad happened on our side. Contact us if the issue persists.

API Reference

Tokens

Users

Links

Statistics

/token/verify

URL: https://api.crypto-loot.com/token/verify

Method: POST

Verify that a token from a CRLT.Token miner has reached a number of hashes. Tokens are only valid for 1 hour. Note that a token can only be verified once. All subsequent requests to verify the same token will result in the invalid_token error.

Parameters

secret Your private Secret-Key. See Manage Sites.
token The name of the token you want to verify. This can be obtained directly from the miner, through miner.getToken(). For the captcha, the token name will be submitted together with the form as CryptoLoot-captcha-token.
hashes The number of hashes this token must have reached in order to be valid.

Response

      {
        "success": true|false,  	// whether the token could be verified
        "hashes"number, 		// the number of hashes recorded for this token
        "error": string 		// optional
      }
    

Possible Errors

Any of the global errors might occur.

missing_input No token or hashes provided as POST parameters.
invalid_token The token could not be verified. Either the token name was not found, or the token hasn't reached the requested number of hashes.

      curl -X POST \
        -d "token=IihNsqfRlZztd42d6vbaD59Z8p3AdCwJ" \
        -d "hashes=1024" \
        -d "secret=<secret-key>" \
        "https://api.crypto-loot.com/token/verify"

      # {"success": true, "hashes": 1024}
      

/user/balance

URL: https://api.crypto-loot.com/user/balance

Method: GET

Parameters

secret
name

Response

      {
        "success": true|false, 	// whether the user's balance could be obtained
        "name": string, 		// the user's name
        "total"number, 		// Total amount of accepted hashes
        "withdrawn"number, 	// the number of withdrawn XMR
        "balance"number, 		// the number of (accepted - withdrawn) XMR
        "error": string 		// optional      }
      

Possible Errors

Any of the global errors might occur.

missing_input No name provided as GET parameter
unknown_user The user name is not known (has never connected to the pool).

      curl "https://api.crypto-loot.com/user/balance?name=johnd&secret=<secret-key>"

      # {success: true, name: "maria", total: "318801685", withdrawn: "0.02", balance: "0.03689529"}
      

/user/withdraw

URL: https://api.crypto-loot.com/user/withdraw

Method: POST

Coming soon

/user/top

URL: https://api.crypto-loot.com/user/top

Method: GET

Get a list of top users ordered by total number of hashes, balance or hashes withdrawn.

Parameters

secret Your private Secret-Key. See Manage Sites.
count
order Order by.. Optional. Either total, balance or withdrawn. The default is total.

Response

      {
        "success": true|false,
        "users": [
          {
            "name": string,
            "total"number,
            "withdrawn"number,
            "balance": number
          },
          …
        ],
        "error": string // optional
      }
      

Possible Errors

Any of the global errors might occur.

/user/list

URL: https://api.crypto-loot.com/user/list

Method: GET

Get a paginated list of all users in alphabetical order. Note that this will only return users with a total number of hashes greater than 0.

Parameters

secret Your private Secret-Key. See Manage Sites.
count Optional. The number of users to return. Default 4096, min 32, max 8192.
page Page (Optional). The page of users to return, obtained from the previous request's nextPage property. Leave out or specify an empty string for the first page.

Response

      {
        "success": true|false,
        "users": [
          {
            "name": string,
            "total"number,
            "withdrawn"number,
            "balance": number          },
          …
        ],
        "nextPage": string|null, // the name of the next page of users
        "error": string // optional      }
      

Possible Errors

Any of the global errors might occur.

invalid_page The page of users could not be found.

/user/reset

URL: https://api.crypto-loot.com/user/reset

Method: POST

Coming soon

/user/reset-all

URL: https://api.crypto-loot.com/user/reset-all

Method: POST

Coming soon

URL: https://api.crypto-loot.com/link/create

Method: POST

Create a new shortlink. You can also do this by hand, directly from your dashboard.

Parameters

secret Your private Secret-Key. See Manage Sites.
url The target URL for the shortlink.
hashes The number of hashes that have to be solved, before the user is redirected to the target URL.

Response

      {
        "success": true|false, 	//  whether the request succeeded
        "url": string, 			// the resulting URL of the shortlink
        "error": string 		// optional
      }
      

Possible Errors

Any of the global errors might occur.

missing_input No token or hashes provided as POST parameters.
invalid_url The provided target URL is not a valid http:// or https:// URL.

      curl -X POST \
        -d "url=https://en.wikipedia.org/wiki/Monero_(cryptocurrency)" \
        -d "hashes=1024" \
        -d "secret=<secret-key>" \
        "https://api.crypto-loot.com/link/create"

      # {success: true, url: "https://crlt.co/7xkq"}
      

/stats/payout

URL: https://api.crypto-loot.com/stats/payout

Method: GET

Get the current payout rate and stats about the network.

Parameters

secret Your private Secret-Key. See Manage Sites.

Response

      {
        "success": true|false,
        "diff"number,
        "value"number,
        "payout"number,
        "payoutPer1MHashes"number,
        "synctime"number,
        "error": string // optional
      }
      

Possible Errors

Any of the global errors might occur.

/stats/history

URL: https://api.crypto-loot.com/stats/history

Method: GET

Get the hourly history of total hashes and hashes/s for the last 7 days for the site.

Parameters

secret Your private Secret-Key. See Manage Sites.

Response

      {
        "success": true|false,
        "history": [
          {
            "synctime"number, // unix timestamp        "hashes"number, //Total amount of accepted hashes
            "hashrate": number //hashrate at the time
          },
          …
        ],
        "error": string // optional
      }
      

Possible Errors

Any of the global errors might occur.