Receipts: …Delivery: PQC (hybrid X25519MLKEM768)
egress…

Quickstart

Install an SDK and request your first receipt-attested entropy in a few minutes.

Prerequisites

A reachable EMS deployment. Examples below use http://localhost:8080 — the nginx edge, which routes /v1/* to the entropy egress and /api/v1/* to the admin registry. SDKs may also connect to the egress directly (default http://localhost:7081).

Step 1: Install an SDK

pip install -e sdk-python/

Step 2: Request entropy

Request 32 bytes against the quantum_verified policy. The SDK pins the server's public key and automatically verifies the receipt attached to the response.

from lr_entropy import EntropyClient, Policy

cli = EntropyClient("http://localhost:8080")
cli.fetch_verifier()          # pin server key; receipts auto-verify from here

r = cli.get_bytes(32, policy=Policy.QUANTUM_VERIFIED)
print(r.bytes_.hex())
print(r.receipt.quality_score, r.receipt.contributing_sources)

Step 3: Verify the receipt

Each response carries a signed receipt. SDK clients verify it before returning bytes — a tampered or unsigned response raises an error instead of yielding output. To verify independently, fetch the active public key from GET /v1/pubkey and check the signature over the canonicalized receipt (details in Receipts & verification).

r = cli.get_bytes(32, policy=Policy.HIGHEST_QUALITY)

# Already verified by the client; inspect the attestation:
r.receipt.signature_alg          # "Ed25519" or "ML-DSA-65"
r.receipt.quality_score          # real-time score from the quality stage
r.receipt.rct_pass, r.receipt.apt_pass   # health-test outcomes

Limits & authentication

  • Request size: 1 – 65,536 bytes per call.
  • When the deployment sets EMS_API_KEYS, every /v1/* call must carry Authorization: Bearer <key>. SDKs accept the key via constructor option or the LR_EMS_API_KEY environment variable.

Next steps