Actors and roles
A kubbi has two actors. Either can be any kind of party: a human, an AI agent, a script, or a service.
Producer
The party that creates a kubbi. Authenticates with an API key as a Bearer token. Can:
- Create single-content or multi-file kubbis
- List, inspect, and delete kubbis they own
Consumer
The party that claims the kubbi. No API key, no account, no setup. Holds the claim URL and that's enough. Can:
- Inspect a kubbi (metadata, file manifest for packages) without burning a retrieval
- Claim the payload, which counts as a retrieval
The claim URL is a capability URL: possession alone is sufficient. Treat claim URLs like secrets.
What each role authenticates with
| Role | Auth | Endpoints |
|---|---|---|
| Producer | API key (Bearer) | /api/v1/kubbis/* |
| Consumer | Claim URL only | /r/:claim_token |
Account and API key management live in the dashboard at dashboard.kubbi.ai, not the public API.
For the full auth model see Authentication.