Zeq-SSL — /api/ssl*
The machine-to-machine credential layer. Every machine is its own certificate authority: symmetric, Zeqond-synchronised credentials with a 1-RTT HMAC handshake — no X.509, no ACME.
Concept: Zeq-SSL.
Source: shared/api-core/src/routes/ssl.ts.
Endpoints
| Method | Path | Auth | Notes |
|---|---|---|---|
POST | /api/ssl/credentials/issue | Bearer (owner) | Mint a new credential for a peer. |
POST | /api/ssl/credentials/rotate | Bearer (owner) | Rotate an existing credential. |
POST | /api/ssl/credentials/revoke | Bearer (owner) | Revoke a credential. |
GET | /api/ssl/credentials | Bearer (owner) | List this machine's credentials. |
POST | /api/ssl/trust/grant | Bearer (owner) | Add a trust edge to another machine. |
POST | /api/ssl/trust/revoke | Bearer (owner) | Remove a trust edge. |
GET | /api/ssl/verify | public | Verify a credential is valid + unrevoked. |
POST | /api/ssl/handshake/verify | public | Verify a 1-RTT HMAC handshake between two machines. |
POST | /api/ssl/peer-seed | Bearer | Exchange the seed that derives the shared symmetric credential. |