Quickstart

Integrate hardware-extracted, cryptographically conditioned entropy into your application in minutes using our official Python and Node.js SDKs, or direct API endpoints.


Authentication

All requests to the Quey Cloud API require an API key. You can generate an API key from your Dashboard.

Authenticate your requests by providing your API key in a custom header named x-quey-key.

x-quey-key: qu_cloud_your_api_key_here

Security Note

Never hardcode your API key in production. Always use environment variables or a secure secrets manager.


Installation (Python SDK)

The easiest way to interact with Quey is via our official Python SDK. Install the package via pip:

$ pip install quey-random

Initialize the client with your API key and request entropy:

generate_seed.py
from quey_random import QueyRandom

# Initialize the client with your secure Cloud API key
quey = QueyRandom(api_key="qu_cloud_your_api_key_here")

# Fetch 32 bytes (256 bits) of hardware-extracted entropy
seed = quey.get_bytes(32)
print(f"Entropy Seed: {seed.hex()}")

# Generate a uniform true random float for simulations
val = quey.random()
print(f"Photonic Entropy: {val}")

Installation (Node.js SDK)

You can also interact with Quey using our official Node.js/TypeScript SDK. Install the package via npm:

$ npm install quey-random

Initialize the client with your API key and request entropy:

generateSeed.ts
import { QueyRandom } from 'quey-random';

// Initialize the client
const client = new QueyRandom('qu_cloud_your_api_key_here');

async function generateSeed() {
  // Request 32 bytes (256 bits) of hardware-extracted entropy
  const seedBuffer = await client.getBytes(32);
  
  console.log(`Entropy Seed: ${seedBuffer.toString('hex')}`);
  // Output: Entropy Seed: 7f8a9b2...
}

generateSeed();

Example: Monte-Carlo Simulation

Estimate π by sampling random points in the unit square. Pre-fetch a buffer for fast random() calls in tight loops.

monte_carlo_pi.py
from quey_random import QueyRandom

quey = QueyRandom(api_key="qu_cloud_your_api_key_here")

# Pre-fetch a buffer for fast random() calls
quey.prefetch(megabytes=10)

# Run 100k Monte-Carlo iterations to estimate π
inside = 0
for _ in range(100_000):
    x = quey.random()
    y = quey.random()
    if x*x + y*y <= 1:
        inside += 1

pi_estimate = 4 * inside / 100_000
print(f"π ≈ {pi_estimate}")

Example: Verifiable Raffle Draw

Pick winners from a participant list and obtain a signed verification certificate proving the draw used physical entropy.

raffle_draw.js
import { QueyRandom } from 'quey-random';

const quey = new QueyRandom({ apiKey: process.env.QUEY_API_KEY });

// Draw 10 winners from 50,000 participants with a verifiable certificate
const draw = await quey.drawWithCertificate({
  participants: 50_000,
  winners: 10
});

console.log('Winners (indexes):', draw.winners);
console.log('Verification URL:', draw.certificateUrl);

Example: Cryptographic Seed Material

Get physical entropy bytes for use as input to a key derivation function (KDF), nonce material, or seed for cryptographic operations.

crypto_seed.py
from quey_random import QueyRandom

quey = QueyRandom(api_key="qu_cloud_your_api_key_here")

# Get 64 bytes (512 bits) of physical entropy as seed material
seed = quey.get_bytes(64)

# Use as seed for KDF, key derivation, nonces, etc.
print(f"Seed (hex): {seed.hex()}")

Example: Bulk Entropy Download (cURL)

Download a large block of entropy as raw binary directly via REST. Useful for offline simulation seeding or batch jobs.

# Download a 1 MB block of entropy as binary
curl -X GET "https://api.queyquantum.io/v1/entropy/bulk?bytes=1048576" \
  -H "X-Quey-Token: qu_cloud_your_api_key_here" \
  --output entropy_block.bin

# Verify entropy quality locally
sha256sum entropy_block.bin

REST API

For environments where the SDK is not available, you can interact directly with our REST API to fetch raw entropy blocks.

GET https://us-central1-quey-deb85.cloudfunctions.net/getQuantumEntropy

Returns a hex-encoded string of hardware-extracted random bytes.

Query Parameters

Parameter Type Description
size integer Number of bytes to return (Max: 10240). Default: 32.
format string Output format: hex, base64, or binary. Default: hex.

Example Request (cURL)

curl -X GET "https://us-central1-quey-deb85.cloudfunctions.net/getQuantumEntropy?size=32" \
  -H "x-quey-key: qu_cloud_your_api_key_here"

Example Response

{
  "status": "success",
  "bytes_returned": 32,
  "entropy_hex": "7f8a9b2c4e5f6d7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1",
  "node_id": "quey_edge_01"
}

Verifiable Draw Endpoints

Three endpoints let you produce, fetch, and verify cryptographically signed selection certificates from physical entropy. Every certificate is Ed25519-signed by Quey and independently verifiable in any modern browser via WebCrypto.

POST verifiableDraw

POST https://verifiabledraw-33ssvbagba-uc.a.run.app

Run a signed selection. Returns an Ed25519-signed certificate. Requires a Pro or Enterprise plan.

Authentication

Send your API key in the x-quey-key header, or as Authorization: Bearer <key>.

Rate limit

10 draws per minute, per user.

Request body — common fields

Field Type Description
mode string "list" or "index" (see below).
num_winners integer Number of entries to select. Must be ≥ 1 and ≤ total_participants.

Mode "list" — additional fields

Field Type Description
participants string[] Array of strings, 2 to 10,000 items. Order is preserved. input_hash in the certificate is SHA3-256 of participants.join("\n").

Mode "index" — additional fields (GDPR-friendly)

Send only a count and the SHA3-256 hash of your participant list. Quey never sees the data.

Field Type Description
total_count integer Number of entries in your list. 2 to 10,000.
input_hash string SHA3-256 hash of your list (64 lowercase hex chars). Must equal the hash a verifier would compute from participants.join("\n").

Response — certificate fields

Field Type Description
versionintegerCertificate schema version (currently 1).
draw_idstring (UUID v4)Unique identifier for this draw.
timestampstring (ISO 8601)UTC timestamp at which the draw was signed.
input_hashstring (hex)SHA3-256 of the canonical input.
total_participantsintegerSize of the source set.
num_winnersintegerNumber of indices selected.
winning_indicesinteger[]Zero-based indices of selected entries, sorted ascending. Selection uses rejection sampling — never modulo.
entropy_consumed_bytesintegerBytes of physical entropy consumed from the pool.
key_idstring (16 hex)First 16 hex chars of SHA-256 of the public key.
signaturestring (128 hex)Ed25519 signature of the canonical payload (see Verification below).
verify_urlstringPublic verification URL: https://queyquantum.io/verify/<draw_id>

Errors

Status Meaning
400Invalid body, mode, num_winners, participants, or input_hash.
401Missing or invalid API key.
403Your plan does not include verifiable draws (Pro or Enterprise required).
404User document not found.
429Rate limit (10/min) or monthly entropy quota exceeded.
503Entropy pool temporarily depleted. Retry in ~60s.

Example — Mode "list" (cURL)

curl -X POST "https://verifiabledraw-33ssvbagba-uc.a.run.app" \
  -H "x-quey-key: qu_cloud_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "list",
    "num_winners": 3,
    "participants": ["alice@example.com", "bob@example.com", "carol@example.com", "dave@example.com", "eve@example.com"]
  }'

Example — Mode "index" (cURL, GDPR-friendly)

curl -X POST "https://verifiabledraw-33ssvbagba-uc.a.run.app" \
  -H "x-quey-key: qu_cloud_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "index",
    "num_winners": 3,
    "total_count": 5,
    "input_hash": "3e85a73e8c1f3c6d9d7b1a2f4e5c8b9d0a1f2e3d4c5b6a7d8e9f0a1b2c3d4e5f"
  }'

Example response

{
  "status": "success",
  "certificate": {
    "version": 1,
    "draw_id": "89421ffc-6af3-427e-8123-fa6c799cc166",
    "timestamp": "2026-05-26T14:32:11.482Z",
    "input_hash": "3e85a73e8c1f3c6d9d7b1a2f4e5c8b9d0a1f2e3d4c5b6a7d8e9f0a1b2c3d4e5f",
    "total_participants": 5,
    "num_winners": 3,
    "winning_indices": [0, 2, 4],
    "entropy_consumed_bytes": 2,
    "key_id": "1ec2b73ecd9dab6e",
    "signature": "a3f9c2e5d8b1f4a7...",
    "verify_url": "https://queyquantum.io/verify/89421ffc-6af3-427e-8123-fa6c799cc166"
  }
}

GET getDrawCertificate

GET https://getdrawcertificate-33ssvbagba-uc.a.run.app?id=<draw_id>

Fetch a previously issued certificate by its draw_id. Public endpoint — no authentication required. Responses are cached for 1 hour (Cache-Control: public, max-age=3600).

Query Parameters

Parameter Type Description
id string The draw_id returned by verifiableDraw.

Response fields are the public subset of the certificate: version, draw_id, timestamp, input_hash, total_participants, num_winners, winning_indices, entropy_consumed_bytes, key_id, signature, verify_url. Caller identity (user_id, api_key_doc_id, mode) is never exposed.

Example Request (cURL)

curl "https://getdrawcertificate-33ssvbagba-uc.a.run.app?id=89421ffc-6af3-427e-8123-fa6c799cc166"

Example Response

{
  "version": 1,
  "draw_id": "89421ffc-6af3-427e-8123-fa6c799cc166",
  "timestamp": "2026-05-26T14:32:11.482Z",
  "input_hash": "3e85a73e8c1f3c6d9d7b1a2f4e5c8b9d0a1f2e3d4c5b6a7d8e9f0a1b2c3d4e5f",
  "total_participants": 5,
  "num_winners": 3,
  "winning_indices": [0, 2, 4],
  "entropy_consumed_bytes": 2,
  "key_id": "1ec2b73ecd9dab6e",
  "signature": "a3f9c2e5d8b1f4a7...",
  "verify_url": "https://queyquantum.io/verify/89421ffc-6af3-427e-8123-fa6c799cc166"
}

GET getPublicKey

GET https://getpublickey-33ssvbagba-uc.a.run.app

Return the Ed25519 public key used to sign certificates. Public endpoint — no authentication. Cached for 24 hours (Cache-Control: public, max-age=86400).

Example Request (cURL)

curl "https://getpublickey-33ssvbagba-uc.a.run.app"

Example Response

{
  "algorithm": "Ed25519",
  "public_key_hex": "4fad999c2b586aab53155afc97f564a231350087b4c66d6a8f868963f42caf15",
  "key_id": "1ec2b73ecd9dab6e"
}

Verifying a Certificate

You can verify any Quey-issued draw without trusting Quey — the signature check runs entirely in your environment against a published public key.

Easy path — in the browser

Share or open https://queyquantum.io/verify/<draw_id>. The verification page fetches the certificate and the public key, then runs Ed25519 verification locally via crypto.subtle.verify (WebCrypto). No server-side check, no trust required.

Manual path — five steps

  1. Fetch the certificate: GET getDrawCertificate?id=<draw_id>
  2. Fetch the public key: GET getPublicKey
  3. Confirm cert.key_id === keyData.key_id. If not, refuse the certificate — it was signed with a different key.
  4. Reconstruct the canonical payload (see format below).
  5. Verify the Ed25519 signature against the canonical payload using the public key. Pass = authentic and untampered; fail = reject.

Canonical payload format

The payload signed by Quey is a pipe-delimited UTF-8 string. Field order is fixed; whitespace, BOM, or trailing newlines must not be added.

QUEY-DRAW-CERT-V1|{draw_id}|{timestamp}|{input_hash}|{total_participants}|{num_winners}|{winning_indices_csv}|{entropy_consumed_bytes}|{key_id}
  • QUEY-DRAW-CERT-V1 — fixed version tag.
  • winning_indices_csv — indices joined by "," with no spaces (e.g. "0,2,4").
  • Integers are serialized with String(n) (no leading zeros, no thousands separators).

Reference: JavaScript verification snippet

verify.js
// Fetch certificate and public key, then verify locally.
const [certRes, keyRes] = await Promise.all([
  fetch(`https://getdrawcertificate-33ssvbagba-uc.a.run.app?id=${drawId}`),
  fetch('https://getpublickey-33ssvbagba-uc.a.run.app')
]);
const cert = await certRes.json();
const keyData = await keyRes.json();

if (cert.key_id !== keyData.key_id) throw new Error('key_id mismatch');

const canonical = [
  'QUEY-DRAW-CERT-V1',
  cert.draw_id, cert.timestamp, cert.input_hash,
  String(cert.total_participants),
  String(cert.num_winners),
  cert.winning_indices.join(','),
  String(cert.entropy_consumed_bytes),
  cert.key_id
].join('|');

const hexToBytes = (h) =>
  Uint8Array.from(h.match(/../g).map(b => parseInt(b, 16)));

const pubKey = await crypto.subtle.importKey(
  'raw', hexToBytes(keyData.public_key_hex),
  { name: 'Ed25519' }, false, ['verify']
);

const ok = await crypto.subtle.verify(
  'Ed25519', pubKey,
  hexToBytes(cert.signature),
  new TextEncoder().encode(canonical)
);
console.log(ok ? 'authentic' : 'tampered');