cputools logo cputools
View as Markdown ↓

Utils tools

Six in-process crypto/encoding primitives on Node’s built-in crypto and jose — the same open-source libraries you could run yourself. Every op is a POST https://api.relaystation.ai/v1/utils/<op>. These return a small JSON object (a hash, a list of UUIDs, a verification result) — there is no file output.

Inputs

hash, hmac, and base64 take bytes; the rest take a string. The byte-taking ops accept either an inline data string or a file input source — { "inline": "<base64>" } (≤ 4 MB) or { "inputKey": "..." } (from POST /v1/cputools/upload-url, ≤ 50 MB) — exactly one. Secret inputs (the hmac key, the jwt-verify key) ride only in the request body and are never logged and never echoed in an error.

Billing

hash, hmac, base64 bill per MB of input (min 1 MiB) at cputools.price.utils.<op>.per_mb_micros (launch default $0.0002 / MB). uuid, jwt-decode, jwt-verify are flat at cputools.price.utils.<op>.flat_micros (launch default $0.0001 / call). The live 402 challenge is authoritative.

OpBilled onRate
hashinput MB$0.0002 / MB
hmacinput MB$0.0002 / MB
base64input MB$0.0002 / MB
uuidper call$0.0001 flat
jwt-decodeper call$0.0001 flat
jwt-verifyper call$0.0001 flat

hash

Hash bytes with sha256, sha512, sha1, or md5. Returns { algo, hash: <hex> }. (sha1/md5 are offered for legacy checksum compatibility.)

POST /v1/utils/hash
{ "data": "hello", "algo": "sha256" }

hmac

Keyed HMAC over the same algorithms. Returns { algo, hmac: <hex> }. The key is never logged.

POST /v1/utils/hmac
{ "data": "hello", "key": "<secret>", "algo": "sha256" }

uuid

Generate v4 UUIDs. count defaults to 1 and is capped at cputools.utils.uuid.max_count (default 1000). Returns { uuids: [...] }.

POST /v1/utils/uuid
{ "count": 5 }

jwt-decode

Decode a JWT’s header + payload without verifying the signature (jose). Returns { header, payload }. A malformed token → 422 JWT_MALFORMED.

POST /v1/utils/jwt-decode
{ "token": "<jwt>" }

jwt-verify

Verify a JWT signature, pinned to the declared alg — this blocks the alg-confusion / alg:none downgrade (none is not an accepted algorithm). alg is one of HS256/384/512, RS256/384/512, ES256/384. A valid-shape token that fails verification is a paid answer (200 { valid: false, reason }) — you paid to learn validity; only an unparseable token (422 JWT_MALFORMED) or an unimportable key (422 JWT_KEY_INVALID) is an error. The key is never logged.

POST /v1/utils/jwt-verify
{ "token": "<jwt>", "key": "<secret-or-PEM>", "alg": "HS256" }

base64

Encode or decode a string. Returns { data: <result> }.

POST /v1/utils/base64
{ "data": "hello", "mode": "encode" }

Sample

curl -X POST https://api.relaystation.ai/v1/utils/hash \
  -H 'X-Payment: <base64 EIP-3009 auth>' \
  -H 'Idempotency-Key: hash-manifest-20260609' \
  -H 'Content-Type: application/json' \
  -d '{"data":"hello","algo":"sha256"}'

Errors

  • 402 PAYMENT_REQUIRED — no valid payment.
  • 422 JWT_MALFORMED — the token isn’t a well-formed JWT (jwt-decode / jwt-verify).
  • 422 JWT_KEY_INVALID — the jwt-verify key couldn’t be imported for the declared alg (the key bytes are never echoed).
  • 422 COUNT_TOO_LARGEuuid count over the cap. Rejected before any charge.
  • 400 VALIDATION_ERROR — the body failed schema validation (e.g. neither/both of data/file, or alg: "none").

Next

PDF tools · CSV tools · Image tools · Generate tools · Archive tools · Pricing · API reference