Base URL: https://api.qmumma.com/v1
The Q-MUMMA API is a RESTful HTTP API served exclusively over HTTPS. It provides access to quantum algorithm execution, entropy generation, benchmark data, and compliance certificates. All responses are JSON. All results include ML-DSA-65 PQC signatures and SHA-256 audit hashes.
Single public surface. The REST API is the only public-facing surface of Q-MUMMA. All internal computation, hardware routing, and AI optimisation happens behind an mTLS gRPC mesh — completely invisible to API consumers.
Q-MUMMA uses Bearer token authentication. Every API key is scoped to a specific plan and rate limit. Keys are prefixed so you can identify them at a glance.
| Prefix | Environment | Description |
|---|---|---|
| qm_live_ | Production | Full hardware access. Billed per execution. |
| qm_test_ | Sandbox | Simulated responses. Identical API structure. Never billed. |
| qm_ent_ | Enterprise | Extended rate limits. Dedicated hardware queue. |
Keep keys secret. Never embed API keys in frontend code or public repositories. Use environment variables or a secrets manager. Rotate keys from the dashboard if compromised.
Jobs are the core resource. Submit a quantum algorithm job, the AI Brain selects optimal hardware, executes, and returns a signed result.
Returns paginated list of your jobs. Query params: limit, before, after, status.
Returns full JSON Schema for the algorithm's parameters object, along with hardware availability, current queue depth, and result schema.
Compliance certificates are cryptographically bound to job results. They are signed with ML-DSA-65 and suitable for FDA 21 CFR Part 11, SEC, and ISO regulatory submissions.
Returns a PDF certificate containing: job ID, hardware, fidelity, algorithm, result summary, PQC signature, blockchain anchor, and Aumtrix digital seal. Commercial plan and above.
Regulatory Use. Certificates include all fields required for FDA 21 CFR Part 11, SEC Rule 17a-4, and ISO 27001 evidence packages. Contact enterprise@qmumma.com for jurisdiction-specific template customisation.
| HTTP Code | Error Type | Meaning |
|---|---|---|
| 400 | bad_request | Invalid request body or missing required fields |
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Feature not available on your plan |
| 404 | not_found | Job ID or algorithm not found |
| 429 | rate_limited | Exceeded requests per minute — back off and retry |
| 500 | server_error | Temporary error — retry after exponential backoff |
| 503 | hardware_unavailable | Requested hardware offline — use "auto" for failover |
Failed hardware jobs are never billed. If a job fails due to hardware error (5xx), you are not charged. The job is automatically eligible for retry with alternate hardware.
| Plan | Requests/min | Jobs/month included | Burst |
|---|---|---|---|
| Student / Free | 10 | 5 | 20 |
| Academic | 60 | 30 | 100 |
| Commercial | 300 | 100 | 500 |
| Enterprise | Unlimited | Custom | Unlimited |
All SDKs are open source on Aumtrix GitHub. In the meantime, all endpoints are curl-compatible. See our API Marketplace for curl examples for each algorithm.
Receive a POST to your URL the moment a job completes, fails, or is rerouted. Webhook payloads are signed with HMAC-SHA256 using your webhook secret.
Full OpenAPI 3.0 specification available. Import into Postman, Insomnia, or any HTTP client to get autocomplete for all endpoints, parameters, and response shapes.