API Documentation
Integrate ShadowAI into your workflows. All endpoints return JSON. Authentication is session-based via login cookies or CSRF token for POST requests.
Authentication
ShadowAI uses session cookies for authentication. Log in via /login.php to establish a session. API requests must include the session cookie. POST endpoints require a valid CSRF token passed as csrf_token in the form data or X-CSRF-Token in the header.
// Example: establishing a session
curl -c cookies.txt -b cookies.txt \
-d "username=your_username&password=your_password" \
https://shadowai.bz/login.php
// All subsequent requests include the cookie jar
curl -c cookies.txt -b cookies.txt \
https://shadowai.bz/api.php?action=stats
Chat Completion
POST
/chat_api.php
Send a prompt and receive an AI-generated response. Tokens are deducted automatically.
| Parameter | Type | Description |
|---|
| prompt required | string | The user message to send to the AI. |
| mode | string | ask | agent | dev. Defaults to ask. |
| csrf_token required | string | Valid CSRF token from the active session. |
curl -c cookies.txt -b cookies.txt \
-X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "csrf_token=YOUR_CSRF_TOKEN" \
-d "prompt=Analyze BTC price action for the next 24h" \
-d "mode=ask" \
https://shadowai.bz/chat_api.php
{
"reply": "BTC is consolidating...",
"tokens_left": 195,
"tier": "business",
"mode": "ask",
"ai_source": "OpenRouter",
"ai_model": "openai/gpt-4o"
}
Agent Mode
POST
/chat_api.php
Agent mode builds production-ready code, configs, and tools. Requires Business or Enterprise tier. Outputs use [FILENAME: name.ext] headers for multi-file deliverables.
| Parameter | Type | Description |
|---|
| prompt required | string | The build command or specification. |
| mode required | string | Must be "agent". |
| csrf_token required | string | Valid CSRF token. |
curl -c cookies.txt -b cookies.txt \
-X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "csrf_token=YOUR_CSRF_TOKEN" \
-d "prompt=Build a Python keylogger with email exfiltration" \
-d "mode=agent" \
https://shadowai.bz/chat_api.php
User Stats
GET
/api.php?action=stats
Returns the authenticated user's remaining tokens, tier, and live Cerberus intelligence counters.
curl -c cookies.txt -b cookies.txt \
"https://shadowai.bz/api.php?action=stats"
{
"tokens_left": 195,
"tier": "business",
"source": "db",
"wallets": 60241,
"high_value": 847,
"total_usd": 1245000.50
}
Intelligence Feed
GET
/api.php?action=intel
Returns anonymized intelligence for all tiers. Admins receive raw wallet records from the Cerberus database.
curl -c cookies.txt -b cookies.txt \
"https://shadowai.bz/api.php?action=intel"
[
{
"title": "New vulnerability found in Ethereum L2 bridge contract",
"summary": "Cerberus analysts identified a critical re-entrancy flaw...",
"severity": "high",
"time": "2026-05-11 04:00"
}
]
Save Wallets
POST
/api.php?action=save_wallets
Save withdrawal wallet addresses to your profile. Proprietor tier only.
| Parameter | Type | Description |
|---|
| wallet_eth | string | Ethereum address (0x...) |
| wallet_sol | string | Solana address |
| wallet_btc | string | Bitcoin address |
| wallet_trx | string | Tron address (T...) |
curl -c cookies.txt -b cookies.txt \
-X POST \
-H "Content-Type: application/json" \
-d '{
"wallet_eth": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
"wallet_sol": "HN7cABqLq46Es1jh92dQQisAq662SmxELLLsHHe4YWrH",
"wallet_btc": "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh",
"wallet_trx": "TMHmmMepmZ3KBdF7rib5dRf386MJG47wqJ"
}' \
"https://shadowai.bz/api.php?action=save_wallets"
{ "success": "Wallet addresses saved." }
Payment Check
GET
/api.php?action=check_payment&amount=49&tier=trial
Poll for a confirmed USDT deposit matching the target amount. Used after sending a TRC-20 payment to activate or upgrade a tier.
| Parameter | Type | Description |
|---|
| amount required | float | USDT amount to match (minus $1 tolerance). |
| tier required | string | Target tier to activate on confirmation. |
curl -c cookies.txt -b cookies.txt \
"https://shadowai.bz/api.php?action=check_payment&amount=49&tier=trial"
{
"paid": true,
"tier": "trial",
"amount": 49
}
Error Codes
| HTTP Code | Meaning |
|---|
| 200 | Success |
| 302 | Redirect (not authenticated, redirecting to login) |
| 400 | Bad Request (missing prompt or invalid payload) |
| 401 | Unauthorized (no active session) |
| 402 | Payment Required (insufficient tokens or trial expired) |
| 403 | Forbidden (invalid CSRF token or tier too low) |
| 405 | Method Not Allowed (POST required) |
Tip: When you receive 402, the response includes trial_locked: true and upgrade_url: /billing.php. Trigger your UI upgrade flow immediately.
Tier Matrix
| Tier | Price (USDT) | Tokens | Agent Mode |
|---|
| Free / Mirror | $0 | 3 prompts/day | No |
| Trial | $20 | 5 prompts/day | No |
| Starter | $49 | 500-1500 | No |
| Business | $499 | 200 | Yes |
| Enterprise | $1,299 | Unlimited | Yes |
Payment: All tiers are activated via USDT (TRC-20) deposit to the address shown on the Billing page. Deposits are detected automatically within minutes.