Documentation

Asset API

Endpoints for managing assets in the Grids marketplace.

List Assets

GET /assets

Query parameters:

Param	Type	Description
`type`	`string`	Filter by asset type (`texture`, `audio`, `video`, `model`, `script`)
`search`	`string`	Search by name
`limit`	`number`	Max results (default: 50)
`offset`	`number`	Pagination offset

Response:

{
  "assets": [
    {
      "id": "abc123",
      "name": "Brick Wall",
      "type": "texture",
      "description": "Red brick wall texture",
      "thumbnail_url": "https://...",
      "creator_id": "user456",
      "creator_name": "BuilderPro",
      "downloads": 1234,
      "created_at": "2026-01-15T00:00:00Z"
    }
  ],
  "total": 128
}

Get Asset

GET /assets/:id

Returns full asset metadata including download info.

Upload Asset

POST /assets
Content-Type: multipart/form-data
Authorization: Bearer <token>

Form fields:

Field	Type	Required	Description
`file`	`File`	Yes	Asset file
`name`	`string`	Yes	Display name
`type`	`string`	Yes	Asset type
`description`	`string`	No	Description
`thumbnail`	`File`	No	Thumbnail image

Signed Download URL

POST /assets/:id/sign
Authorization: Bearer <token>

Returns an HMAC-signed URL for secure asset download. The URL expires after the configured TTL.

Response:

{
  "url": "/assets/abc123/stream?expires=1712000000&sig=...",
  "expires_at": "2026-04-02T00:00:00Z"
}

Scrambled Stream

GET /assets/:id/stream?expires=...&sig=...

Downloads the asset file with XOR-scrambled delivery for basic copy protection. The client (game engine) reverses the XOR to recover the original file.

Query parameters:

Param	Type	Description
`expires`	`number`	Unix timestamp when the URL expires
`sig`	`string`	HMAC-SHA256 signature

Returns the asset file as a binary stream with Content-Type: application/octet-stream.