AppView API
Read-only XRPC queries over the co/core indexed read-model — receipts, jobs, providers, and social graph state.
Overview
The co/core AppView indexes provider-signed records under dev.cocore.* from the network firehose. It exposes a small read API at https://appview.cocore.dev/xrpc for discovery, verification, and analytics. Authoritative state remains in each actor's PDS — the AppView is a cache, not a ledger.
Service discovery
Service DID is did:web:appview.cocore.dev. Production deployments advertise the AppView endpoint via #cocore_appview on the console DID document.
Inference API
To run inference against co/core providers, use the OpenAI-compatible chat completions surface documented on /docs/inference. Drop-in replacement: change the base URL and API key in your existing OpenAI SDK client.
Directory
no auth · 4 endpointsList indexed provider records (`dev.cocore.compute.provider`).
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.listProviders'
Click Run example to fetch a live response.
List indexed account profile records (`dev.cocore.account.profile`).
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.account.listProfiles'
Click Run example to fetch a live response.
Full profile payload for one DID — machines, activity counts, and social context.
| Param | Type |
|---|---|
| did* | did |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.account.getProfile?did=did%3Aplc%3Am2sjv3wncvsasdapla35hzwj'
Click Run example to fetch a live response.
Discovery directory of signed-up DIDs with profile and provider counts.
| Param | Type |
|---|---|
| limit | integer |
| offset | integer |
| sortBy | string |
| providersOnly | boolean |
| viewerDid | did |
| excludeViewerFriends | boolean |
| q | string |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.account.listAccounts?limit=12&q=did%3Aplc%3Am2sjv3wncvsasdapla35hzwj'
Click Run example to fetch a live response.
Friend records whose subject is the queried DID.
| Param | Type |
|---|---|
| did* | did |
| limit | integer |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.account.listIncomingFriends?did=did%3Aplc%3Am2sjv3wncvsasdapla35hzwj&limit=10'
Click Run example to fetch a live response.
Every directed trust edge in the indexed network (friender → subject).
| Param | Type |
|---|---|
| limit | integer |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.account.listFriendEdges?limit=100'
Click Run example to fetch a live response.
Compute index
no auth · 3 endpointsIndexed receipt records with optional provider, requester, or job filters.
| Param | Type |
|---|---|
| provider | did |
| requester | did |
| job | at-uri |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.listReceipts?provider=did%3Aplc%3Am2sjv3wncvsasdapla35hzwj'
Click Run example to fetch a live response.
Indexed job records for a requester DID.
| Param | Type |
|---|---|
| requester* | did |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.listJobs?requester=did%3Aplc%3Am2sjv3wncvsasdapla35hzwj'
Click Run example to fetch a live response.
Indexed settlement records with optional receipt or requester filters.
| Param | Type |
|---|---|
| receipt | at-uri |
| requester | did |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.listSettlements?receipt=at%3A%2F%2Fdid%3Aplc%3Acbkjy5n7bk3ax2wplmtjofq2%2Fdev.cocore.compute.receipt%2F3mororcfmk22k'
Click Run example to fetch a live response.
Verification
no auth · 2 endpointsStructural + cryptographic verification of an indexed receipt against its job and attestation.
| Param | Type |
|---|---|
| uri* | at-uri |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.verifyReceipt?uri=at%3A%2F%2Fdid%3Aplc%3Acbkjy5n7bk3ax2wplmtjofq2%2Fdev.cocore.compute.receipt%2F3mororcfmk22k'
Click Run example to fetch a live response.
Verify a settlement chain against indexed receipt and authorization records.
| Param | Type |
|---|---|
| uri* | at-uri |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.verifySettlement?uri=at%3A%2F%2Fdid%3Aplc%3A5quuhkmwe2q4k3azfsgg7kdz%2Fdev.cocore.compute.settlement%2F3mororclhvk2z'
Click Run example to fetch a live response.
Analytics
no auth · 2 endpointsAggregate receipt activity per model across rolling time windows.
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.modelActivity'
Click Run example to fetch a live response.
Network latency rollup derived from indexed receipt timestamps.
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.compute.latency'
Click Run example to fetch a live response.
API keys
service auth · 4 endpointsMint a new API key for the authenticated account. The full secret is returned exactly once. Authenticate via AT Protocol service auth — your PDS proxies the call to the AppView's `#cocore_appview` service.
| Param | Type |
|---|---|
| name* | string |
| expiresAt | datetime |
curl -sS -X POST 'https://appview.cocore.dev/xrpc/dev.cocore.account.createApiKey' -H 'Content-Type: application/json' -d '{"name":"my-laptop"}'
Sign in to run this example (curl uses Bearer $ACCESS_TOKEN).
List the authenticated account's API keys, newest first. Secrets are never returned.
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.account.listApiKeys'
Sign in to run this example (curl uses Bearer $ACCESS_TOKEN).
Revoke one of your API keys. The key stops authenticating immediately but the row is kept (revoked) for audit.
| Param | Type |
|---|---|
| id* | string |
curl -sS -X POST 'https://appview.cocore.dev/xrpc/dev.cocore.account.revokeApiKey' -H 'Content-Type: application/json' -d '{"id":"<key-id>"}'
Sign in to run this example (curl uses Bearer $ACCESS_TOKEN).
Hard-delete one of your API keys (no audit-trail recovery).
| Param | Type |
|---|---|
| id* | string |
curl -sS -X POST 'https://appview.cocore.dev/xrpc/dev.cocore.account.deleteApiKey' -H 'Content-Type: application/json' -d '{"id":"<key-id>"}'
Sign in to run this example (curl uses Bearer $ACCESS_TOKEN).
Inference
session auth · console · 1 endpointSubmit an inference request and stream the result as Server-Sent Events: the job + payment authorization are published, then plaintext output chunks until completion.
| Param | Type |
|---|---|
| model* | string |
| prompt* | string |
| maxTokensOut* | integer |
| priceCeiling* | object |
| targetProviderDid | did |
curl -sS -X POST 'https://appview.cocore.dev/xrpc/dev.cocore.inference.dispatch' -H 'Content-Type: application/json' -d '{"model":"llama3.2","prompt":"Say hello.","maxTokensOut":256,"priceCeiling":{"amount":1000,"currency":"CC"}}'
Sign in to run this example (curl uses Bearer $ACCESS_TOKEN).
Device pairing
console · 3 endpointsBegin a device-pairing flow (OAuth device-authorization style). Returns a `deviceId` plus a short `userCode` to approve at the verification URI.
curl -sS -X POST 'https://appview.cocore.dev/xrpc/dev.cocore.devicePair.start' -H 'Content-Type: application/json' -d '{}'
Sign in to run this example (curl uses Bearer $ACCESS_TOKEN).
Poll a pairing attempt by `deviceId` until it is approved (then returns the granted session), denied, expired, or consumed.
| Param | Type |
|---|---|
| deviceId* | string |
curl -sS 'https://appview.cocore.dev/xrpc/dev.cocore.devicePair.poll'
Click Run example to fetch a live response.
Approve or deny a pending pairing attempt, identified by the `userCode` the device displayed. Called from the verification UI by a signed-in user.
| Param | Type |
|---|---|
| userCode* | string |
| decision* | string |
curl -sS -X POST 'https://appview.cocore.dev/xrpc/dev.cocore.devicePair.confirm' -H 'Content-Type: application/json' -d '{"userCode":"ABCD-1234","decision":"approve"}'
Sign in to run this example (curl uses Bearer $ACCESS_TOKEN).
Social graph
no auth · 2 endpoints