Wire the QSG entropy endpoint into your stack in minutes. Drop-in replacement for crypto.randomBytes() with signed provenance.
Three calls. No SDK install. Bring your own HTTP client.
Request access at /access. You'll receive an API key (qsg_live_…) within 24–48 hours.
curl -X POST https://api.quantumsecuregateway.com/v1/entropy \
-H "Authorization: Bearer qsg_live_…" \
-H "Content-Type: application/json" \
-d '{"size_bytes": 32, "tier": "standard"}'
const r = await fetch("https://api.quantumsecuregateway.com/v1/entropy", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.QSG_API_KEY}`,
"Content-Type": "application/json"
},
body: JSON.stringify({ size_bytes: 32, tier: "standard" })
});
const { entropy, entropy_score, source_class, fallback } = await r.json();
if (fallback.is_fallback) {
console.warn(`CSPRNG fallback engaged: ${fallback.reason}`);
}
import os, requests
r = requests.post(
"https://api.quantumsecuregateway.com/v1/entropy",
headers={"Authorization": f"Bearer {os.environ['QSG_API_KEY']}"},
json={"size_bytes": 32, "tier": "standard"},
timeout=5,
)
r.raise_for_status()
body = r.json()
if body["fallback"]["is_fallback"]:
print(f"CSPRNG fallback engaged: {body['fallback']['reason']}")
The entropy field is base64-encoded raw bytes. Decode and feed into your key-derivation function, seed your DRBG, or hand to your cryptographic library:
import base64 raw = base64.b64decode(body["entropy"]) # now `raw` is 32 bytes suitable for HKDF / direct use
If your workload runs on Cloudflare Workers, route entropy calls through a binding to keep latency at the edge.
[[services]] binding = "QSG" service = "qsg-api-gateway" environment = "production"
export default {
async fetch(req, env) {
const r = await env.QSG.fetch(
new Request("https://internal/v1/entropy", {
method: "POST",
headers: {
"Authorization": `Bearer ${env.QSG_API_KEY}`,
"Content-Type": "application/json"
},
body: JSON.stringify({ size_bytes: 32, tier: "standard" })
})
);
return new Response(r.body, r);
}
};
First-party SDKs are in development. Until they ship, the endpoint is plain HTTP and works with any language.
Want early access? Email info@quantumsecuregateway.com with your language and use case.
Per-API-key rolling-window limits. Bursts up to 2× allowed for 5 seconds. Higher tiers available on request.
| Tier | RPS | Daily Cap | Max size_bytes |
|---|---|---|---|
| Builder | 5 | 10,000 | 64 |
| Standard | 50 | 500,000 | 256 |
| Standard+ | 200 | 5,000,000 | 256 |
| Verified | 50 | 500,000 | 256 |
| Verified+ | 200 | 5,000,000 | 256 |
| Enterprise | Custom | Custom | 1024 |
When you exceed a limit, the response is 429 with a Retry-After header indicating seconds until retry.
Full endpoint reference, error codes, provenance schema, and billing model.