Protected endpoints are paid API routes exposed at /p/:projectSlug/*. They are the primary way developers monetize external APIs on Galliun.

Route pattern

ANY /p/:projectSlug/*

Examples:

POST https://api.galliun.com/p/myapp/summarize
GET  https://api.galliun.com/p/acme/search?q=hello
POST https://api.galliun.com/p/demo-api/translate

How endpoints are registered

Developers create endpoints via the dashboard or developer API:

1. Create a project with a unique slug
2. Register an API (external URL)
3. Define endpoints with method, path, and price
4. Configure payment rails (chain, network, provider recipient, USDC asset)

The platform returns the protected URL:

https://api.galliun.com/p/{projectSlug}/{endpointPath}

Provider and platform fee recipients are configured per payment rail. Payers send USDC directly to both wallets in one atomic exact_split transaction.

External proxy endpoints

For endpointType = external_proxy, Galliun forwards the request to your registered API origin after payment verification:

• Forwards method, path, query, and body
• Applies origin auth (bearer token, API key, etc.)
• Strips internal headers (X-PAYMENT, session headers, x-galliun-*)
• Enforces configured timeout

Calling from the SDK

import { GalliunClient } from "@galliun/sdk";

const client = new GalliunClient({
  baseUrl: "https://api.galliun.com",
  chain: "sui",
  wallet: suiWallet,
});

const response = await client.fetch("/p/acme/search", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ query: "best restaurants in Tokyo" }),
});

const data = await response.json();

See Calling Protected APIs for GET/POST details, headers, and response handling.

Endpoint availability

If an endpoint is disabled or unhealthy, the API returns 503 endpoint_unavailable — never 402. See Endpoint Failures.

Next steps

• Calling protected APIs