Skip to main content

API Overview

The Veritrellis REST API is the core authorization boundary. Every permit begins with a call here.

Base URL

https://api.veritrellis.ai

All endpoints are versioned under /v1. The current stable version is v1.

Authentication

The public API authenticates with API key bearer tokens. Include your key in every request:

Authorization: Bearer vt_sandbox_01HXXX...

API keys are scoped to a workspace and environment (sandbox or production). A sandbox key cannot authorize production-environment requests.

Keep keys server-side

API keys carry full authorization for your workspace. Never expose them in a browser, mobile app, or client-side code.

Request format

Send JSON with Content-Type: application/json:

curl -sS https://api.veritrellis.ai/v1/authorize \
-H "Authorization: Bearer YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{ ... }'

Response format

All responses are JSON. Successful responses include a top-level decision field. Error responses include error and message:

Error response
{
"error": "unauthorized",
"message": "API key not found or expired"
}

HTTP status codes

CodeMeaning
200Request succeeded
202Permit not yet issued — approval is pending
400Bad request — check your payload schema
401Missing or invalid API key
403Key does not have access to this workspace/environment
404Resource not found
409Terminal conflict — permit will not be issued for this request
422Validation error — payload failed schema checks
429Rate limit exceeded
500Internal server error

API surfaces

The API is segmented into three surfaces, each with its own authentication boundary:

Public API

Audience: your backend, agents, connectors, and SDK integrations.

Authentication: API key bearer token.

RouteMethodPurpose
/v1/authorizePOSTSubmit an action for authorization
/v1/permits/:requestIdGETFetch permit after approval
/v1/workspaces/:workspaceId/.well-known/jwks.jsonGETRetrieve workspace public keys for permit verification
/v1/connectors/:installationId/invokePOSTInvoke from a connector integration (HubSpot, Intercom, Zendesk)
/v1/gateway/executePOSTFeature-gated execution boundary
/public/requests/:requestId/summaryGETUnauthenticated summary for UI extensions

Admin API

Audience: the Veritrellis admin app.

Authentication: session token (WorkOS AuthKit).

Routes under /admin/* cover workspace management, member access, policies, requests, approvals, approver groups, API keys, audit, connectors, and billing.

Internal API

Audience: ops tooling only.

Authentication: INTERNAL_SERVICE_TOKEN in the Authorization header.

Routes under /internal/* cover customer operations, entitlement overrides, billing sync, and internal reporting. Not for external use.

Endpoint detail pages

OpenAPI reference

A machine-readable OpenAPI spec and generated endpoint inventory are available: