Docs
Internal APIs run inside this site backend. Browser clients never receive RunPod tokens; the server uses encrypted credentials and forwards model requests securely.
For technical credibility notes (USD format, viewer stack, determinism), see Research & Insights.
Auth model
1. User logs in via NextAuth credentials, Google OAuth, or GitHub OAuth.
2. Session cookie authenticates internal API calls.
3. Server retrieves and decrypts provider tokens from the database.
4. Server forwards request to RunPod endpoint.
Output contracts
GENAR: `previewUrls`, `viewerUrl`, `downloads[]`
HOLODECK: `usdUrl`, `previewUrls`, `metrics`
Status fields: `queued`, `running`, `succeeded`, `failed`
cURL example
curl -X POST https://voxelspatiallabs.com/api/genar/submit \
-H "Content-Type: application/json" \
-H "Cookie: next-auth.session-token=<session-cookie>" \
-d '{
"prompt": "a beautiful city with cool street lights at night",
"seed": 42,
"qualityPreset": "balanced"
}'JavaScript fetch example
const submit = await fetch("/api/holodeck/submit", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
prompt: "a flat table with a book on top",
sceneScale: "tabletop",
gravity: true,
collisionQuality: "accurate"
})
});
const { job } = await submit.json();
const status = await fetch("/api/holodeck/status?jobId=" + job.id);Internal API endpoints
POST `/api/genar/submit`
GET `/api/genar/status?jobId=...`
POST `/api/holodeck/submit`
GET `/api/holodeck/status?jobId=...`
POST `/api/jobs/create` (paper-run billing + job queue stub)
POST `/api/contact`
POST `/api/early-access`
External model API expectations (RunPod)
POST {GENAR_API_BASE_URL}/submit -> { jobId, status, progress, outputs? }
GET {GENAR_API_BASE_URL}/status?jobId=... -> { status, progress, outputs, runtimeSecs? }
POST {HOLODECK_API_BASE_URL}/submit -> { jobId, status, progress, outputs? }
GET {HOLODECK_API_BASE_URL}/status?jobId=... -> { status, progress, outputs, runtimeSecs? }