{
    "ok": true,
    "auth_example": "curl -H 'X-API-Key: YOUR_KEY' https:\/\/api.cormsor.xyz\/v1\/health",
    "tts": {
        "method": "POST",
        "url": "\/v1\/tts",
        "body": {
            "text": "merhaba dünya",
            "language": "tr",
            "voice": "rachel_ref",
            "format": "mp3",
            "response": "json"
        },
        "note": "response=json döner audio_b64; response=binary direkt mp3\/wav stream",
        "languages": [
            "tr",
            "en",
            "de",
            "fr",
            "es",
            "it",
            "pt",
            "pl",
            "ru",
            "nl",
            "cs",
            "ar",
            "zh-cn",
            "hu",
            "ko",
            "ja",
            "hi"
        ]
    },
    "slide": {
        "method": "POST",
        "url": "\/v1\/slide",
        "body": {
            "prompt": "cormsor.ai tanıtımı...",
            "duration_sec": 60,
            "video_size": "1920x1080",
            "with_music": false,
            "webhook_url": "https:\/\/yoursite.com\/webhook (optional)"
        },
        "returns": {
            "job_id": "job_abc...",
            "status": "pending"
        },
        "poll": "GET \/v1\/jobs\/{job_id} → {status, result?, error?}",
        "note": "render 60-300sn alır; webhook varsa job tamamlanınca POST {job_id, result} gönderilir"
    },
    "webhook": {
        "note": "webhook_url verilirse iş tamamlanınca veya başarısız olunca POST gelir",
        "method": "POST",
        "headers": {
            "Content-Type": "application\/json",
            "User-Agent": "cormsor-api-webhook\/1.0",
            "X-Cormsor-Timestamp": "unix epoch (string)",
            "X-Cormsor-Signature": "sha256=<HMAC-SHA256(timestamp + \".\" + body, secret)>",
            "X-Cormsor-Event": "job.completed | job.failed"
        },
        "payload": {
            "job_id": "job_abc",
            "type": "slide",
            "status": "completed",
            "created_at": 1778316508,
            "completed_at": 1778316785,
            "api_key_name": "cormsor-internal",
            "result": {
                "public_url": "https:\/\/cdn.cormsor.xyz\/...",
                "duration_sec": 40.1,
                "cost_cents": 27
            },
            "error": null
        },
        "retry": "3 deneme, exponential backoff (2s, 4s); 200\/201\/204 dışı kod = retry",
        "verify": "\nPHP örnek receiver:\n\n  $body  = file_get_contents(\"php:\/\/input\");\n  $ts    = $_SERVER[\"HTTP_X_CORMSOR_TIMESTAMP\"] ?? \"\";\n  $sig   = $_SERVER[\"HTTP_X_CORMSOR_SIGNATURE\"] ?? \"\";\n  if (abs(time() - (int)$ts) > 300) { http_response_code(403); exit(\"stale\"); }\n  $expected = \"sha256=\" . hash_hmac(\"sha256\", $ts . \".\" . $body, \"<your-shared-secret>\");\n  if (!hash_equals($expected, $sig)) { http_response_code(403); exit(\"bad sig\"); }\n  $payload = json_decode($body, true);\n  \/\/ ... iş ile ilgili işle ...\n  http_response_code(200); echo \"ok\";\n\nNode.js örnek receiver:\n\n  app.post(\"\/webhook\", express.raw({type: \"application\/json\"}), (req, res) => {\n    const body = req.body.toString();\n    const ts   = req.headers[\"x-cormsor-timestamp\"];\n    const sig  = req.headers[\"x-cormsor-signature\"];\n    if (Math.abs(Date.now()\/1000 - parseInt(ts)) > 300) return res.status(403).end();\n    const expected = \"sha256=\" + crypto.createHmac(\"sha256\", SECRET).update(ts + \".\" + body).digest(\"hex\");\n    if (!crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) return res.status(403).end();\n    res.json({ok: true});\n  });\n            ",
        "note_secret": "Webhook shared secret üretim öncesi rotasyona alınmalı; per-key secret v2 sürümünde gelecek"
    }
}