Quickstart
Integrate hardware-extracted, cryptographically conditioned entropy into your application in minutes using our official Python and Node.js SDKs, or direct API endpoints.
Authentication
All requests to the Quey Cloud API require an API key. You can generate an API key from your Dashboard.
Authenticate your requests by providing your API key in a custom header named x-quey-key.
x-quey-key: qu_cloud_your_api_key_here
Security Note
Never hardcode your API key in production. Always use environment variables or a secure secrets manager.
Installation (Python SDK)
The easiest way to interact with Quey is via our official Python SDK. Install the package via pip:
$ pip install quey-random
Initialize the client with your API key and request entropy:
from quey_random import QueyRandom # Initialize the client with your secure Cloud API key quey = QueyRandom(api_key="qu_cloud_your_api_key_here") # Fetch 32 bytes (256 bits) of hardware-extracted entropy seed = quey.get_bytes(32) print(f"Entropy Seed: {seed.hex()}") # Generate a uniform true random float for simulations val = quey.random() print(f"Photonic Entropy: {val}")
Installation (Node.js SDK)
You can also interact with Quey using our official Node.js/TypeScript SDK. Install the package via npm:
$ npm install quey-random
Initialize the client with your API key and request entropy:
import { QueyRandom } from 'quey-random'; // Initialize the client const client = new QueyRandom('qu_cloud_your_api_key_here'); async function generateSeed() { // Request 32 bytes (256 bits) of hardware-extracted entropy const seedBuffer = await client.getBytes(32); console.log(`Entropy Seed: ${seedBuffer.toString('hex')}`); // Output: Entropy Seed: 7f8a9b2... } generateSeed();
Example: Monte-Carlo Simulation
Estimate π by sampling random points in the unit square. Pre-fetch a buffer for fast random() calls in tight loops.
from quey_random import QueyRandom quey = QueyRandom(api_key="qu_cloud_your_api_key_here") # Pre-fetch a buffer for fast random() calls quey.prefetch(megabytes=10) # Run 100k Monte-Carlo iterations to estimate π inside = 0 for _ in range(100_000): x = quey.random() y = quey.random() if x*x + y*y <= 1: inside += 1 pi_estimate = 4 * inside / 100_000 print(f"π ≈ {pi_estimate}")
Example: Verifiable Raffle Draw
Pick winners from a participant list and obtain a signed verification certificate proving the draw used physical entropy.
import { QueyRandom } from 'quey-random'; const quey = new QueyRandom({ apiKey: process.env.QUEY_API_KEY }); // Draw 10 winners from 50,000 participants with a verifiable certificate const draw = await quey.drawWithCertificate({ participants: 50_000, winners: 10 }); console.log('Winners (indexes):', draw.winners); console.log('Verification URL:', draw.certificateUrl);
Example: Cryptographic Seed Material
Get physical entropy bytes for use as input to a key derivation function (KDF), nonce material, or seed for cryptographic operations.
from quey_random import QueyRandom quey = QueyRandom(api_key="qu_cloud_your_api_key_here") # Get 64 bytes (512 bits) of physical entropy as seed material seed = quey.get_bytes(64) # Use as seed for KDF, key derivation, nonces, etc. print(f"Seed (hex): {seed.hex()}")
Example: Bulk Entropy Download (cURL)
Download a large block of entropy as raw binary directly via REST. Useful for offline simulation seeding or batch jobs.
# Download a 1 MB block of entropy as binary curl -X GET "https://api.queyquantum.io/v1/entropy/bulk?bytes=1048576" \ -H "X-Quey-Token: qu_cloud_your_api_key_here" \ --output entropy_block.bin # Verify entropy quality locally sha256sum entropy_block.bin
REST API
For environments where the SDK is not available, you can interact directly with our REST API to fetch raw entropy blocks.
https://us-central1-quey-deb85.cloudfunctions.net/getQuantumEntropy
Returns a hex-encoded string of hardware-extracted random bytes.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| size | integer | Number of bytes to return (Max: 10240). Default: 32. |
| format | string | Output format: hex, base64, or binary. Default: hex. |
Example Request (cURL)
curl -X GET "https://us-central1-quey-deb85.cloudfunctions.net/getQuantumEntropy?size=32" \ -H "x-quey-key: qu_cloud_your_api_key_here"
Example Response
{
"status": "success",
"bytes_returned": 32,
"entropy_hex": "7f8a9b2c4e5f6d7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1",
"node_id": "quey_edge_01"
}
Verifiable Draw Endpoints
Three endpoints let you produce, fetch, and verify cryptographically signed selection certificates from physical entropy. Every certificate is Ed25519-signed by Quey and independently verifiable in any modern browser via WebCrypto.
POST verifiableDraw
https://verifiabledraw-33ssvbagba-uc.a.run.app
Run a signed selection. Returns an Ed25519-signed certificate. Requires a Pro or Enterprise plan.
Authentication
Send your API key in the x-quey-key header, or as Authorization: Bearer <key>.
Rate limit
10 draws per minute, per user.
Request body — common fields
| Field | Type | Description |
|---|---|---|
| mode | string | "list" or "index" (see below). |
| num_winners | integer | Number of entries to select. Must be ≥ 1 and ≤ total_participants. |
Mode "list" — additional fields
| Field | Type | Description |
|---|---|---|
| participants | string[] | Array of strings, 2 to 10,000 items. Order is preserved. input_hash in the certificate is SHA3-256 of participants.join("\n"). |
Mode "index" — additional fields (GDPR-friendly)
Send only a count and the SHA3-256 hash of your participant list. Quey never sees the data.
| Field | Type | Description |
|---|---|---|
| total_count | integer | Number of entries in your list. 2 to 10,000. |
| input_hash | string | SHA3-256 hash of your list (64 lowercase hex chars). Must equal the hash a verifier would compute from participants.join("\n"). |
Response — certificate fields
| Field | Type | Description |
|---|---|---|
| version | integer | Certificate schema version (currently 1). |
| draw_id | string (UUID v4) | Unique identifier for this draw. |
| timestamp | string (ISO 8601) | UTC timestamp at which the draw was signed. |
| input_hash | string (hex) | SHA3-256 of the canonical input. |
| total_participants | integer | Size of the source set. |
| num_winners | integer | Number of indices selected. |
| winning_indices | integer[] | Zero-based indices of selected entries, sorted ascending. Selection uses rejection sampling — never modulo. |
| entropy_consumed_bytes | integer | Bytes of physical entropy consumed from the pool. |
| key_id | string (16 hex) | First 16 hex chars of SHA-256 of the public key. |
| signature | string (128 hex) | Ed25519 signature of the canonical payload (see Verification below). |
| verify_url | string | Public verification URL: https://queyquantum.io/verify/<draw_id> |
Errors
| Status | Meaning |
|---|---|
| 400 | Invalid body, mode, num_winners, participants, or input_hash. |
| 401 | Missing or invalid API key. |
| 403 | Your plan does not include verifiable draws (Pro or Enterprise required). |
| 404 | User document not found. |
| 429 | Rate limit (10/min) or monthly entropy quota exceeded. |
| 503 | Entropy pool temporarily depleted. Retry in ~60s. |
Example — Mode "list" (cURL)
curl -X POST "https://verifiabledraw-33ssvbagba-uc.a.run.app" \ -H "x-quey-key: qu_cloud_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{ "mode": "list", "num_winners": 3, "participants": ["alice@example.com", "bob@example.com", "carol@example.com", "dave@example.com", "eve@example.com"] }'
Example — Mode "index" (cURL, GDPR-friendly)
curl -X POST "https://verifiabledraw-33ssvbagba-uc.a.run.app" \ -H "x-quey-key: qu_cloud_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{ "mode": "index", "num_winners": 3, "total_count": 5, "input_hash": "3e85a73e8c1f3c6d9d7b1a2f4e5c8b9d0a1f2e3d4c5b6a7d8e9f0a1b2c3d4e5f" }'
Example response
{
"status": "success",
"certificate": {
"version": 1,
"draw_id": "89421ffc-6af3-427e-8123-fa6c799cc166",
"timestamp": "2026-05-26T14:32:11.482Z",
"input_hash": "3e85a73e8c1f3c6d9d7b1a2f4e5c8b9d0a1f2e3d4c5b6a7d8e9f0a1b2c3d4e5f",
"total_participants": 5,
"num_winners": 3,
"winning_indices": [0, 2, 4],
"entropy_consumed_bytes": 2,
"key_id": "1ec2b73ecd9dab6e",
"signature": "a3f9c2e5d8b1f4a7...",
"verify_url": "https://queyquantum.io/verify/89421ffc-6af3-427e-8123-fa6c799cc166"
}
}
GET getDrawCertificate
https://getdrawcertificate-33ssvbagba-uc.a.run.app?id=<draw_id>
Fetch a previously issued certificate by its draw_id. Public endpoint — no authentication required. Responses are cached for 1 hour (Cache-Control: public, max-age=3600).
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | The draw_id returned by verifiableDraw. |
Response fields are the public subset of the certificate: version, draw_id, timestamp, input_hash, total_participants, num_winners, winning_indices, entropy_consumed_bytes, key_id, signature, verify_url. Caller identity (user_id, api_key_doc_id, mode) is never exposed.
Example Request (cURL)
curl "https://getdrawcertificate-33ssvbagba-uc.a.run.app?id=89421ffc-6af3-427e-8123-fa6c799cc166"
Example Response
{
"version": 1,
"draw_id": "89421ffc-6af3-427e-8123-fa6c799cc166",
"timestamp": "2026-05-26T14:32:11.482Z",
"input_hash": "3e85a73e8c1f3c6d9d7b1a2f4e5c8b9d0a1f2e3d4c5b6a7d8e9f0a1b2c3d4e5f",
"total_participants": 5,
"num_winners": 3,
"winning_indices": [0, 2, 4],
"entropy_consumed_bytes": 2,
"key_id": "1ec2b73ecd9dab6e",
"signature": "a3f9c2e5d8b1f4a7...",
"verify_url": "https://queyquantum.io/verify/89421ffc-6af3-427e-8123-fa6c799cc166"
}
GET getPublicKey
https://getpublickey-33ssvbagba-uc.a.run.app
Return the Ed25519 public key used to sign certificates. Public endpoint — no authentication. Cached for 24 hours (Cache-Control: public, max-age=86400).
Example Request (cURL)
curl "https://getpublickey-33ssvbagba-uc.a.run.app"
Example Response
{
"algorithm": "Ed25519",
"public_key_hex": "4fad999c2b586aab53155afc97f564a231350087b4c66d6a8f868963f42caf15",
"key_id": "1ec2b73ecd9dab6e"
}
Verifying a Certificate
You can verify any Quey-issued draw without trusting Quey — the signature check runs entirely in your environment against a published public key.
Easy path — in the browser
Share or open https://queyquantum.io/verify/<draw_id>. The verification page fetches the certificate and the public key, then runs Ed25519 verification locally via crypto.subtle.verify (WebCrypto). No server-side check, no trust required.
Manual path — five steps
- Fetch the certificate:
GET getDrawCertificate?id=<draw_id> - Fetch the public key:
GET getPublicKey - Confirm
cert.key_id === keyData.key_id. If not, refuse the certificate — it was signed with a different key. - Reconstruct the canonical payload (see format below).
- Verify the Ed25519 signature against the canonical payload using the public key. Pass = authentic and untampered; fail = reject.
Canonical payload format
The payload signed by Quey is a pipe-delimited UTF-8 string. Field order is fixed; whitespace, BOM, or trailing newlines must not be added.
QUEY-DRAW-CERT-V1|{draw_id}|{timestamp}|{input_hash}|{total_participants}|{num_winners}|{winning_indices_csv}|{entropy_consumed_bytes}|{key_id}
QUEY-DRAW-CERT-V1— fixed version tag.winning_indices_csv— indices joined by","with no spaces (e.g."0,2,4").- Integers are serialized with
String(n)(no leading zeros, no thousands separators).
Reference: JavaScript verification snippet
// Fetch certificate and public key, then verify locally. const [certRes, keyRes] = await Promise.all([ fetch(`https://getdrawcertificate-33ssvbagba-uc.a.run.app?id=${drawId}`), fetch('https://getpublickey-33ssvbagba-uc.a.run.app') ]); const cert = await certRes.json(); const keyData = await keyRes.json(); if (cert.key_id !== keyData.key_id) throw new Error('key_id mismatch'); const canonical = [ 'QUEY-DRAW-CERT-V1', cert.draw_id, cert.timestamp, cert.input_hash, String(cert.total_participants), String(cert.num_winners), cert.winning_indices.join(','), String(cert.entropy_consumed_bytes), cert.key_id ].join('|'); const hexToBytes = (h) => Uint8Array.from(h.match(/../g).map(b => parseInt(b, 16))); const pubKey = await crypto.subtle.importKey( 'raw', hexToBytes(keyData.public_key_hex), { name: 'Ed25519' }, false, ['verify'] ); const ok = await crypto.subtle.verify( 'Ed25519', pubKey, hexToBytes(cert.signature), new TextEncoder().encode(canonical) ); console.log(ok ? 'authentic' : 'tampered');