{ "item": [ { "name": "Anchors", "description": "Anchor a sha (standard), a sealed commitment (sealed/blind), or a manifest of leaves on-chain.", "item": [ { "id": "2fdc1fc7-cf18-4ece-a8d0-db1b4c248250", "name": "Find your workspace's proof from a local digest", "request": { "name": "Find your workspace's proof from a local digest", "description": { "content": "Find a proof you already created in YOUR workspace from a digest you compute locally from the original file — the file bytes never leave your client. Send candidate roots (the raw SHA-256 of the file for standard proofs and/or a manifest merkle root); the server HMACs each with your workspace's secret and returns the first matching proof. Scoped strictly to the authenticated key's workspace: no cross-workspace lookup and no global existence oracle — a miss is a uniform envelope. Sealed proofs are never matchable (they expose no salt-independent digest). Standard + manifest only.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "match-local" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"candidates\": [\n \"b202bcdbd2895be48f3f9e2c4273e294dd027c1692007cdd2345026e9b2ff132\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "431f41ad-0605-40dc-afb3-93a663fa3421", "name": "A matching proof in your workspace, or a uniform miss envelope (HTTP 200 either way).", "originalRequest": { "url": { "path": [ "api", "v1", "match-local" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"candidates\": [\n \"b202bcdbd2895be48f3f9e2c4273e294dd027c1692007cdd2345026e9b2ff132\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"proof_id\": \"\",\n \"mode\": \"standard\",\n \"txid\": \"\",\n \"created_utc\": \"\",\n \"label\": \"\",\n \"folder_slug\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "0fac43c5-8ca7-4e18-b1ad-0b796bc45ce6", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "match-local" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"candidates\": [\n \"b202bcdbd2895be48f3f9e2c4273e294dd027c1692007cdd2345026e9b2ff132\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "696c2b4a-8525-49f6-a3c7-52c4ad012c78", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "match-local" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"candidates\": [\n \"b202bcdbd2895be48f3f9e2c4273e294dd027c1692007cdd2345026e9b2ff132\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "95ff9a03-46ec-47eb-8737-7e37fdaa143f", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "match-local" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"candidates\": [\n \"b202bcdbd2895be48f3f9e2c4273e294dd027c1692007cdd2345026e9b2ff132\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "458d4c2c-4165-4055-abe3-1553ee6f67f2", "name": "Per-workspace match-local rate limit exceeded (default 5000/h). Body adds a `retry_after` (seconds); X-RateLimit-* headers describe the window.", "originalRequest": { "url": { "path": [ "api", "v1", "match-local" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"candidates\": [\n \"b202bcdbd2895be48f3f9e2c4273e294dd027c1692007cdd2345026e9b2ff132\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "9a66d863-b98c-4b23-b44b-b2c19f6df195", "name": "List anchors across the workspace", "request": { "name": "List anchors across the workspace", "description": { "content": "Workspace-wide anchor listing across every folder the API key can see. Cross-folder audit counterpart to /api/v1/folders/{slug}/anchors. Soft-deleted proofs are included because chain anchors are permanent.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "d94bd293-2ad4-4e62-a9ff-15034161f7c4", "name": "Paginated anchor list.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"workspace\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\"\n },\n \"anchor_count\": \"\",\n \"workspace_total\": \"\",\n \"limit\": \"\",\n \"next_cursor\": \"\",\n \"anchors\": [\n {\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"category\": \"\",\n \"deleted\": \"\",\n \"deleted_at\": \"\",\n \"folder_id\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n },\n {\n \"proof_id\": \"\",\n \"mode\": \"sealed\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"category\": \"\",\n \"deleted\": \"\",\n \"deleted_at\": \"\",\n \"folder_id\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n }\n ],\n \"before\": \"\",\n \"folder_slug\": \"\",\n \"note\": \"\",\n \"session_id\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "fbc8c066-160d-4ec4-8ab2-8fd525cc2363", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "48b1d5dd-07eb-4f72-beae-d0aba11ccf3c", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "d94049ee-5995-4b38-a548-205072e88123", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "fa66e8aa-3f39-43c9-9c0b-5cbe4784dc94", "name": "Resource not found.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "e0f32aed-874f-416e-b684-a33d7f37e2ba", "name": "Create an on-chain anchor (standard / sealed / manifest)", "request": { "name": "Create an on-chain anchor (standard / sealed / manifest)", "description": { "content": "Create an on-chain anchor. Three mutually-exclusive request shapes are dispatched via the request body:\n\n - **standard** (default): commit sha256_hex + file_size for a single file\n - **sealed**: commit a byte_exact_commitment (HMAC) for a salt-bearing or blind file; salt_b64 optional (omit for blind)\n - **manifest**: commit a Merkle root over an items[] array (presence of items[] selects this mode regardless of the `mode` field)\n\nManifest detection: the body's `items[]` key selects manifest mode; sending `mode:'manifest'` without items[] or items[] together with sha256_hex/file_size produces a 400 `mode_conflict`. Note: `manifest` here is a request shape (a multi-item evidence batch), orthogonal to the Standard/Sealed privacy axis. A sealed manifest is created via `mode:'sealed'` + `proof_set.chunk_merkle`, not via `items[]`; the `mode` field is a wire discriminator, not a privacy taxonomy.\n\nIdempotency-Key (optional request header): same key + identical body returns the verbatim cached response with `X-Idempotent-Replayed: true` (no broadcast, no quota tick). Same key + different body returns 409 `idempotency_key_reuse_body_mismatch`. 24h TTL, per-(workspace, key) scope. See components/headers/IdempotencyKey.\n\nRate-limit headers are surfaced on every 2xx and on the 429 `quota_exceeded` body.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "8a32b279-1f0b-4314-b1a1-8e09e521b0fc", "name": "Anchor created. May also be a same-body Idempotency-Key replay (look for `X-Idempotent-Replayed: true`) or a dedup-hit (`duplicate: true` in body, with the prior proof_id).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-Idempotent-Replayed", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"proof_id\": \"\",\n \"mode\": \"provenance\",\n \"category\": \"\",\n \"dry_run\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"anchor_state\": \"broadcast\",\n \"bundle_b64\": \"\",\n \"bundle_url\": \"\",\n \"canonical_b64\": \"\",\n \"confirmations\": \"\",\n \"doc_hash\": \"\",\n \"duplicate\": \"\",\n \"leaf_count\": \"\",\n \"lifecycle\": {\n \"tx_status\": \"\",\n \"confirmation_howto\": \"\",\n \"docs_url\": \"\",\n \"bundle_download\": \"\",\n \"retention_docs_url\": \"\",\n \"status_url\": \"\"\n },\n \"note\": \"\",\n \"retain_until\": \"\",\n \"root\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "17a56002-fff4-4c1a-9461-dff0d312ddfa", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "0fda0c0a-d4df-4639-b69e-c9c40f3c4f80", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f806588e-ca36-4515-941a-0bcb9ba246e2", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f22cbcd4-9d76-4b31-b9a9-ee288c83cbcb", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "0371abac-6079-4457-bb6b-0ac58bce9d33", "name": "State conflict. Common error codes: `idempotency_key_reuse_body_mismatch` (same Idempotency-Key + different body), `proof_set_requires_force_new` (prior anchor for this sha exists + caller sent new proof_set without force_new), `duplicate_slug` (folder slug already taken by a folder with a different name; an identical slug+name re-POST returns 200 with `duplicate: true` instead).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Conflict", "code": 409, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "6d1a4556-89b3-4c75-ab9b-41539091536d", "name": "Workspace quota exhausted for the current window.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"sha256_hex\": \"117d783c94f51429013e1fd3f41e5cbcf7646546ce14ac989ac8829ae79bf479\",\n \"file_size\": \"\",\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"mode\": \"\",\n \"session_id\": \"\",\n \"filename\": \"\",\n \"force_new\": \"\",\n \"proof_leaves\": {\n \"merkle_leaves\": [\n \"181354ba79f2c60e8873bf614abcdecc8e99cc111c65ca98f9238f620492bf60\",\n \"83f7ad7df0a4027772bfa6fb7cc041cda16d3b7d6ad190a8911b0f1adb036808\"\n ],\n \"metadata\": {\n \"leaf_count\": \"\"\n },\n \"scheme\": \"\"\n },\n \"proof_set\": {\n \"byte_exact\": {\n \"hash\": \"25bdf39dd8a8e7c2806228ac2ecb5fbe7f97fad4a067652bedff3e11c4226676\",\n \"algo\": \"sha256\",\n \"size\": \"\"\n },\n \"chunk_merkle\": {\n \"algo\": \"sha256\",\n \"leaf_count\": \"\",\n \"root\": \"9d65303bd5ef6171df9b2b922782461fe9694dc161edc629b52533eac2671c45\",\n \"scheme\": \"\"\n },\n \"content_canonical\": {\n \"algo\": \"sha256\",\n \"hash\": \"b97139fb5f2615e7b45a5da905f828ebb6f2e00929313010ba6c205af27bf5e2\",\n \"scheme\": \"\"\n }\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"error\": {\n \"code\": \"quota_exceeded\",\n \"message\": \"\"\n },\n \"plan\": \"\",\n \"used_today\": \"\",\n \"limit\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "76034271-f466-4cec-9a8c-3ebace1d96ee", "name": "Get one anchor (proof) by id", "request": { "name": "Get one anchor (proof) by id", "description": { "content": "Fetch one proof by id (the `{bundle_id}` path placeholder keeps the legacy name; responses expose the id as `proof_id`). Scoped to the API key's workspace; proofs in other workspaces (or outside a scoped key's folder allowlist) 404 with the same body as a genuinely-missing id (no enumeration oracle).", "type": "text/plain" }, "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id", "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "c556d4c8-2db8-440b-a66d-21aa3ecad4f1", "name": "Receipt detail.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"category\": \"\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"folder_id\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"folder_anchor_count\": \"\",\n \"folder_anchors_url\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"manifest\": {\n \"leaf_count\": \"\",\n \"root\": \"\",\n \"scheme\": \"\"\n },\n \"proof_kind\": \"disclosure\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"txid\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "0a41ce85-d636-441d-bec5-11df468ead22", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f1bed72b-7341-44b9-b027-719c4342b533", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "1d9295f6-0a63-4fe6-899a-ea365c70e4c9", "name": "No proof with that id in this workspace (or outside a scoped key's folder allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "5066c3ee-8fcc-4c85-af30-27e70f8dbb32", "name": "Annotate (or clear an annotation on) one anchor", "request": { "name": "Annotate (or clear an annotation on) one anchor", "description": { "content": "Attach (`{annotation: {kind, text, superseded_by_bundle_id?}}`) or clear (`{annotation: null}`) an operator annotation on a proof. The chain anchor itself is unchanged - annotations are workspace metadata only. Requires the `proofs:annotate` scope (legacy spelling `receipts:annotate` also accepted), which is NOT in the default-mint scope set; mint a dedicated key for annotation tooling.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id", "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" } } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"annotation\": {\n \"kind\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "62dbd069-c1ad-4594-a337-59ce018512b7", "name": "Updated proof (same shape as GET /api/v1/anchors/{bundle_id}).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"annotation\": {\n \"kind\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"category\": \"\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"folder_id\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"folder_anchor_count\": \"\",\n \"folder_anchors_url\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"manifest\": {\n \"leaf_count\": \"\",\n \"root\": \"\",\n \"scheme\": \"\"\n },\n \"proof_kind\": \"disclosure\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"txid\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "48703a4f-1951-4a1c-83f8-5c687a6f731b", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"annotation\": {\n \"kind\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "a23149d2-9fb8-4af1-b44f-458a225838f3", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"annotation\": {\n \"kind\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "be7febd7-cf7c-4133-b638-875493d8a475", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"annotation\": {\n \"kind\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "78e1d5d1-927f-41d9-a9e9-dcc4a2e10ab0", "name": "No anchor with that id in this workspace (or outside a scoped key's folder allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"annotation\": {\n \"kind\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "9167bede-e7b6-494f-9eb1-152473dbaee3", "name": "List supported disclosure schemes (public)", "request": { "name": "List supported disclosure schemes (public)", "description": { "content": "Public capability list (no authentication, CORS-open, no rate limit) of the native disclosure schemes supported for content-addressed anchoring with selective redaction and verification. Derived live from the server's scheme registries. Lists only schemes that are creatable, redactable, and verifiable end-to-end today; PDF/image/zip granularities remain deferred and are intentionally not listed.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "anchors", "schemes" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "b46ef49a-d480-4790-b642-8c9eab0f9728", "name": "Supported native disclosure schemes.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", "schemes" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"schemes\": [\n {\n \"scheme\": \"\",\n \"file_type\": \"csv\",\n \"granularity\": \"node\",\n \"standard\": \"\",\n \"redactable\": \"\",\n \"sealed_supported\": \"\",\n \"spec_route\": \"\"\n },\n {\n \"scheme\": \"\",\n \"file_type\": \"csv\",\n \"granularity\": \"keypath\",\n \"standard\": \"\",\n \"redactable\": \"\",\n \"sealed_supported\": \"\",\n \"spec_route\": \"\"\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "ed8eb72a-0a74-4ebe-b787-aea6dbd8db4d", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "anchors", "schemes" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "8f0b1ca0-a800-41d0-9e38-b20569c2553f", "name": "Get one proof by proof_id", "request": { "name": "Get one proof by proof_id", "description": { "content": "Canonical proof-detail route. Identical handler and response shape as /api/v1/anchors/{bundle_id}; the `{bundle_id}` path placeholder keeps the legacy name.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "proofs", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id", "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "2bb1dc6e-4ae4-409f-9c1f-481d417ee7af", "name": "Receipt detail.", "originalRequest": { "url": { "path": [ "api", "v1", "proofs", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"category\": \"\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"folder_id\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"folder_anchor_count\": \"\",\n \"folder_anchors_url\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"manifest\": {\n \"leaf_count\": \"\",\n \"root\": \"\",\n \"scheme\": \"\"\n },\n \"proof_kind\": \"disclosure\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"txid\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "ba362794-d3c0-4fb5-a754-2a90ed818809", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "proofs", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "e2a737bf-26a2-4a50-89e8-660278094cc6", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "proofs", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "ab7a80b7-1b2f-4610-b535-652139f1fae5", "name": "No proof with that id in this workspace (or outside a scoped key's folder allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "proofs", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Folders", "description": "Workspace folders (canonical name). Legacy spelling: matters.", "item": [ { "id": "e74aa819-4af8-4ce5-adbe-24d80c5c7bc2", "name": "List folders in the workspace", "request": { "name": "List folders in the workspace", "description": { "content": "List folders the API key can see. Scoped keys see only folder ids in their allowlist; unscoped keys see every folder in the workspace.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "829ec377-c1ab-4be2-9558-8e24260bf078", "name": "Folder listing.", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"workspace\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\"\n },\n \"folders\": [\n {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n },\n {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "d245dcd7-dd64-4604-8be0-b32d6954d76f", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "dbcf9d6a-7069-402e-b2c5-6e4bc44d80aa", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "657a3304-87b9-413e-9447-ef74a072c08c", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "5db32b4c-d798-43c8-9f11-1a7d3c3a1832", "name": "Create a folder", "request": { "name": "Create a folder", "description": { "content": "Create a folder. Keyless retries converge: re-POSTing an identical slug+name returns the existing folder as 200 with `duplicate: true` (nothing is created); a slug collision with a DIFFERENT name returns 409 `duplicate_slug`. Idempotency-Key supported (24h TTL, body-hash match -> verbatim replay; mismatch -> 409). Scoped API keys are rejected (403 `folder_create_forbidden`) - a scoped key creating a fresh folder and anchoring under it would defeat the scope.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "6090bef8-bbc9-436b-9d8e-919517089d11", "name": "Identical slug+name re-POST: the existing folder, with top-level `duplicate: true`. Nothing was created.", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-Idempotent-Replayed", "value": "" } ], "body": "{\n \"folder\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n },\n \"duplicate\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "86ac97b8-25e9-4687-abbc-a8a3d7942273", "name": "Folder created.", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-Idempotent-Replayed", "value": "" } ], "body": "{\n \"folder\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n },\n \"duplicate\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "d1d75646-965e-4098-bcc4-fd70915c95be", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "95c6cd2c-7e6b-407f-873e-d4b1afc26249", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "31467b3c-753f-454b-91d3-7f46bd61cf6c", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "16fe74de-6e39-4b48-bc3d-c78d661a3373", "name": "State conflict. Common error codes: `idempotency_key_reuse_body_mismatch` (same Idempotency-Key + different body), `proof_set_requires_force_new` (prior anchor for this sha exists + caller sent new proof_set without force_new), `duplicate_slug` (folder slug already taken by a folder with a different name; an identical slug+name re-POST returns 200 with `duplicate: true` instead).", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Conflict", "code": 409, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3cfd992f-7ae6-4b09-b1f3-16887879b173", "name": "Workspace quota exhausted for the current window.", "originalRequest": { "url": { "path": [ "api", "v1", "folders" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"error\": {\n \"code\": \"quota_exceeded\",\n \"message\": \"\"\n },\n \"plan\": \"\",\n \"used_today\": \"\",\n \"limit\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "8400aa7c-bea0-4fc5-a794-da4a18a4d29b", "name": "List anchors in one folder", "request": { "name": "List anchors in one folder", "description": { "content": "Folder-level anchor transparency. Returns every proof ever written for this folder, including soft-deleted rows (chain anchors are permanent - soft-delete must not mask siblings from an audit). Does NOT cross folders.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "folders", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "slug", "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "f305521e-73a2-4d45-b7be-aa75795ce47a", "name": "Folder + its anchor list.", "originalRequest": { "url": { "path": [ "api", "v1", "folders", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"workspace\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\"\n },\n \"folder\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n },\n \"anchor_count\": \"\",\n \"anchors\": [\n {\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"annotation\": null,\n \"bundle_url\": \"\",\n \"category\": \"\",\n \"deleted\": \"\",\n \"deleted_at\": \"\",\n \"folder_id\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n },\n {\n \"proof_id\": \"\",\n \"mode\": \"standard\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"category\": \"\",\n \"deleted\": \"\",\n \"deleted_at\": \"\",\n \"folder_id\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n }\n ],\n \"note\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "50b53cab-efd6-42cc-a20a-920dcd2eeefa", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "folders", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "e6416a99-827c-4707-8dcf-dbc2ca1dc4fa", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "folders", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "83ae21da-f04a-43db-8351-82847f086fd0", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "folders", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Usage", "description": "Workspace quota + plan window.", "item": [ { "id": "17d88dff-d52a-48a3-94fb-a57bb2e9b54d", "name": "Get workspace quota / usage status", "request": { "name": "Get workspace quota / usage status", "description": { "content": "Read-only quota / usage status for the API key's workspace. Same numbers the X-RateLimit-* headers carry, plus the current plan + period boundary so a finance team can reconcile against the workspace's usage_events table.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "d6a657bf-4ec7-43ce-b4a5-ecce66441e71", "name": "Quota envelope.", "originalRequest": { "url": { "path": [ "api", "v1", "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"workspace\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\"\n },\n \"plan\": \"\",\n \"window\": \"month\",\n \"used\": \"\",\n \"limit\": \"\",\n \"remaining\": \"\",\n \"period_end_utc\": \"\",\n \"anchors_allowed\": \"\",\n \"reason\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "644bba77-10f4-4cb2-8c7a-9c04f8f94bbe", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "14b45f3e-65e3-4e1a-b231-f2cc96fe82d6", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "018b1bad-5daa-454b-96c8-2bc0a48ae138", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "usage" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Webhooks", "description": "Configure SaaS sources (Stripe, GitHub, Langfuse, none) to anchor inbound webhook bodies; receive signed deliveries.", "item": [ { "id": "b5044bb7-9415-42d1-baad-54a03fb52452", "name": "List webhook configs", "request": { "name": "List webhook configs", "description": { "content": "List webhook configs in the API key's workspace. Scoped keys see only configs whose folder is in their scope. Paginated by `created_at` DESC.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "14971455-d027-4dbb-93d0-89896820627e", "name": "Webhook listing.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"webhook_count\": \"\",\n \"workspace_total\": \"\",\n \"limit\": \"\",\n \"next_cursor\": \"\",\n \"webhooks\": [\n {\n \"webhook_id\": \"wh_wBmyJF\",\n \"url\": \"\",\n \"source_type\": \"stripe\",\n \"secret_set\": \"\",\n \"created_at\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\"\n },\n {\n \"webhook_id\": \"wh_gaZD5\",\n \"url\": \"\",\n \"source_type\": \"stripe\",\n \"secret_set\": \"\",\n \"created_at\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\"\n }\n ],\n \"before\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f322074e-7c92-45dc-82cf-afb08be68a5b", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3dc7c8b6-fba3-4227-b1bb-b3443ee5e81e", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "edd2f076-a432-4b4e-9eac-9708bf8672b7", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "64176af5-2c8e-42af-b077-7cc784ea0208", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Page size. Default 100, capped at 1000.", "type": "text/plain" }, "key": "limit", "value": "100" }, { "disabled": false, "description": { "content": "Pagination cursor - return rows strictly older than this unix timestamp. Pass `before=next_cursor` from the prior page until `next_cursor` is null.", "type": "text/plain" }, "key": "before", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "31ee9599-1def-417e-a7a1-8224fed8b206", "name": "Create a webhook config", "request": { "name": "Create a webhook config", "description": { "content": "Create a webhook config that anchors inbound deliveries against a folder. For `source_type=none` and `source_type=github`, the server generates (or accepts caller-supplied) a signing secret and returns it ONE-TIME in `secret` (unrecoverable afterwards). For `source_type=stripe` or `source_type=langfuse`, the secret is supplied separately at create or via PATCH.\n\nIdempotency-Key supported (same shape as POST /api/v1/anchors / /folders). Replay returns the verbatim cached 201 - INCLUDING the one-shot secret - so a retry never mints a duplicate config with a fresh secret.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"folder_slug\": \"\",\n \"source_type\": \"stripe\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "6a8f642b-aba3-4085-9fa4-06c16428117b", "name": "Webhook created.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"folder_slug\": \"\",\n \"source_type\": \"stripe\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-Idempotent-Replayed", "value": "" } ], "body": "{\n \"webhook_id\": \"wh_449ze92C\",\n \"url\": \"\",\n \"source_type\": \"none\",\n \"secret_set\": \"\",\n \"created_at\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\",\n \"note\": \"\",\n \"secret\": \"\",\n \"secret_note\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "c80b263c-ad6f-4b9d-b24d-8e80f30e58a5", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"folder_slug\": \"\",\n \"source_type\": \"stripe\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f8172282-8ff3-4e2c-9ce9-690619fd1dd2", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"folder_slug\": \"\",\n \"source_type\": \"stripe\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "6325a788-335e-4b77-a8fe-a94c427492b3", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"folder_slug\": \"\",\n \"source_type\": \"stripe\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "7cbb31b4-3651-488d-a4d6-9c47e47ea10b", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"folder_slug\": \"\",\n \"source_type\": \"stripe\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "d9a5e534-fec0-4bf2-bc4e-5eedaddfad0d", "name": "Revoke (soft-delete) a webhook config", "request": { "name": "Revoke (soft-delete) a webhook config", "description": { "content": "Soft-revoke a webhook config. Chain anchors written via this config are untouched.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id", "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "DELETE", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "c680c753-4e7f-4cf9-afff-95f22d5eccf2", "name": "Revoked.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "No Content", "code": 204, "header": [], "cookie": [], "_postman_previewlanguage": "text" }, { "id": "819f54dc-4953-4799-acff-291bdbd9d57d", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "1cc154e7-c70c-41c2-8fcc-2a9c8e908c48", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "164a84b7-dfe6-44a5-a58a-562686ec75d6", "name": "No webhook config with that id in this workspace (or outside a scoped key's folder allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "cdcc8227-1486-46c9-b1e3-2ce46b127f37", "name": "Already revoked.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Gone", "code": 410, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "19dd5484-ae55-4bed-a23c-1fe0522645f1", "name": "Get one webhook config", "request": { "name": "Get one webhook config", "description": { "content": "Fetch one webhook config. Workspace-scoped - a key holder cannot look up configs from other workspaces.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id", "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "128490b9-f36c-4342-895c-7b77ace7303d", "name": "Webhook config.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"webhook_id\": \"wh_n\",\n \"url\": \"\",\n \"source_type\": \"github\",\n \"secret_set\": \"\",\n \"created_at\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "bf6c59f8-0d1f-4bbc-a8ae-710124f3522e", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "9299feba-20a0-44f0-8d6f-2f0b475e3c28", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "6f2a8610-44b9-451e-ac4a-2b48337ac6d3", "name": "No webhook config with that id in this workspace (or outside a scoped key's folder allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "95d67d22-76ca-417c-b109-1499fb5c6d30", "name": "Update a webhook config", "request": { "name": "Update a webhook config", "description": { "content": "Update a webhook config. Body allowlist: `{signing_secret, label, revoked}`. `revoked: true` revokes; `revoked: false` is rejected (un-revoke is intentionally not exposed - mint a new config to rotate).", "type": "text/plain" }, "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id", "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" } } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"label\": \"\",\n \"revoked\": true,\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "385b98af-cbfd-4ccb-b5e1-ebfb5e6d5e7e", "name": "Updated webhook config.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"label\": \"\",\n \"revoked\": true,\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"webhook_id\": \"wh_n\",\n \"url\": \"\",\n \"source_type\": \"github\",\n \"secret_set\": \"\",\n \"created_at\": \"\",\n \"folder_slug\": \"\",\n \"label\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "a48fe1ab-c53a-4d36-8ffb-bbb4f8c9310a", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"label\": \"\",\n \"revoked\": true,\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "b05fe933-d35c-4f66-a9a7-3f98cea0ed2a", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"label\": \"\",\n \"revoked\": true,\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "2c137e2a-91a9-482d-9c8d-58980b96beb3", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"label\": \"\",\n \"revoked\": true,\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "77dc4a6c-0901-49f3-a417-9e715929d1ec", "name": "No webhook config with that id in this workspace (or outside a scoped key's folder allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"label\": \"\",\n \"revoked\": true,\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "1abd7ccb-a979-43ff-88e3-4bb308af81c0", "name": "Config has been revoked.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{\n \"label\": \"\",\n \"revoked\": true,\n \"signing_secret\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Gone", "code": 410, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "a4de3f14-0f9a-47e1-b641-514b689b632f", "name": "Receive a signed webhook delivery from the configured source", "request": { "name": "Receive a signed webhook delivery from the configured source", "description": { "content": "Receive a signed event from a configured SaaS source and anchor the body bytes against the config's folder. **No Authorization header** - the URL-encoded `webhook_id` is the router, and the per-source signature scheme authenticates the payload.\n\nSecurity model: `WebhookSignatureAuth`. For `source_type=none` the signature is HMAC-SHA256(secret, '.' + body) in `X-Satsignal-Signature`. For `source_type=stripe|github|langfuse` the source's native signature scheme is verified (Stripe-Signature, X-Hub-Signature-256, Langfuse webhook signature, respectively).\n\nEnumeration defense: unknown id, revoked config, not-yet-provisioned secret, and bad signature ALL collapse to the same generic 401 `signature_mismatch` response. The per-wh_id rate limit (60/60s) is keyed on the URL id and applied identically to real, unknown, and revoked ids so 401-vs-429 cannot distinguish them.\n\nWebhook deliveries dedup on body sha256 (Stripe retries within the 5-min replay window arrive with the same body + same valid signature; we MUST NOT broadcast again on a legitimate retry).", "type": "text/plain" }, "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id", "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" } } ] }, "header": [ { "key": "Content-Type", "value": "application/octet-stream" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "" }, "auth": { "type": "apikey", "apikey": [ { "key": "key", "value": "X-Satsignal-Signature" }, { "key": "value", "value": "{{apiKey}}" }, { "key": "in", "value": "header" } ] } }, "response": [ { "id": "aeac775d-d4f6-4885-b8e7-024e87964204", "name": "Anchored (or dedup-hit on a Stripe-style retry).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/octet-stream" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "X-Satsignal-Signature", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "" } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"duplicate\": \"\",\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"anchor_state\": \"failed\",\n \"bundle_url\": \"\",\n \"confirmations\": \"\",\n \"note\": \"\",\n \"txid\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "0f6346fb-6469-4fde-a3ab-1c9c29c7b0c4", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/octet-stream" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "X-Satsignal-Signature", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "" } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "cc61418c-9805-4fa0-931e-213fc1a354ce", "name": "Signature mismatch (or unknown / revoked / unprovisioned id - collapsed for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/octet-stream" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "X-Satsignal-Signature", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "" } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "da0c5764-dc13-4edd-bcbe-f1fddd26e6c8", "name": "Per-webhook delivery rate limit hit (60/60s).", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/octet-stream" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "X-Satsignal-Signature", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "" } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "Seconds to wait before retrying.", "type": "text/plain" }, "key": "Retry-After", "value": "" } ], "body": "{\n \"error\": {\n \"code\": \"rate_limited\",\n \"message\": \"\"\n },\n \"retry_after\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "1af9e97a-d066-4248-8b9a-50ea2be607f8", "name": "Workspace or folder no longer available.", "originalRequest": { "url": { "path": [ "api", "v1", "webhooks", ":webhook_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Webhook config id (prefixed `wh_`).", "type": "text/plain" }, "type": "any", "value": "wh_V-2CTKKP", "key": "webhook_id" } ] }, "header": [ { "key": "Content-Type", "value": "application/octet-stream" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: apikey", "type": "text/plain" }, "key": "X-Satsignal-Signature", "value": "" } ], "method": "POST", "body": { "mode": "raw", "raw": "" } }, "status": "Service Unavailable", "code": 503, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Keys", "description": "Programmatic scoped key minting - the keys:admin lane (decision 0047). Mint per-tenant scoped sub-keys, list your mint lineage, revoke. Enabled per-host by SATSIGNAL_NOTARY_KEY_MINT_API_ENABLED.", "item": [ { "id": "8656f742-54e6-4b3c-9759-0821b2dbdd8e", "name": "List keys you minted", "request": { "name": "List keys you minted", "description": { "content": "List the keys minted by the CALLING keys:admin key - its mint lineage, with revoked rows included so a sweep sees everything it ever created. Deliberately NOT the whole workspace key list: a leaked admin key cannot enumerate dashboard-minted credentials.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "178f3597-6f58-41f7-ad4f-5ad119109f5f", "name": "Mint lineage for this admin key.", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"keys\": [\n {\n \"id\": \"\",\n \"name\": \"\",\n \"prefix\": \"st7KtkNM\",\n \"scopes\": [\n \"\",\n \"\"\n ],\n \"folder_ids\": [\n \"\",\n \"\"\n ],\n \"expires_at\": \"\",\n \"minted_by_key_id\": \"\",\n \"created_at\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\"\n },\n {\n \"id\": \"\",\n \"name\": \"\",\n \"prefix\": \"wiNMsC8Y\",\n \"scopes\": [\n \"\",\n \"\"\n ],\n \"folder_ids\": null,\n \"expires_at\": \"\",\n \"minted_by_key_id\": \"\",\n \"created_at\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\"\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "6624f277-8349-4e31-9bd3-e9c570082e2a", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "a8942fed-6c28-43f1-ae57-884178e12a15", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "5de85e07-4fa3-42ba-8635-31967c2cc3b2", "name": "Mint a scoped sub-key", "request": { "name": "Mint a scoped sub-key", "description": { "content": "Mint a scoped sub-key. Required scope: keys:admin (grantable ONLY on the owner dashboard - the API can never mint a key bearing keys:admin). Requested `scopes` must be a non-empty subset of the minting key's own scopes (minus keys:admin); a folder-scoped minting key bounds its children to the same folders (omitting `folder_slugs` inherits that allowlist). The raw secret is returned ONCE in `secret` and stored only as a sha256 hash. Per-minting-key (default 10/h) and per-workspace (default 30/h) sliding-window mint limits apply.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"name\": \"\",\n \"scopes\": [\n \"proofs:annotate\"\n ],\n \"expires_at\": \"\",\n \"folder_slugs\": [\n \"\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "63fa34e9-2c37-4ee2-b260-ee05f4eaba1e", "name": "Key minted. `secret` is shown exactly once - store it now.", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"name\": \"\",\n \"scopes\": [\n \"proofs:annotate\"\n ],\n \"expires_at\": \"\",\n \"folder_slugs\": [\n \"\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"key\": {\n \"id\": \"\",\n \"name\": \"\",\n \"prefix\": \"sPXFDvsD\",\n \"scopes\": [\n \"\",\n \"\"\n ],\n \"folder_ids\": null,\n \"expires_at\": \"\",\n \"minted_by_key_id\": \"\",\n \"created_at\": \"\",\n \"last_used_at\": \"\",\n \"revoked_at\": \"\"\n },\n \"secret\": \"sk_-UkRpGgY_DRLdUAHVM2z6mt5Kazqe7c0w9jxyHFen\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "cb89ebd6-e1ce-4605-81ea-138f3616670d", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"name\": \"\",\n \"scopes\": [\n \"proofs:annotate\"\n ],\n \"expires_at\": \"\",\n \"folder_slugs\": [\n \"\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "e93cc2f6-c39f-486f-91c0-b2d4e46eb2fc", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"name\": \"\",\n \"scopes\": [\n \"proofs:annotate\"\n ],\n \"expires_at\": \"\",\n \"folder_slugs\": [\n \"\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "a2c3c6d0-d44c-42b4-a380-0992be1b61cd", "name": "Missing the keys:admin scope (`insufficient_scope`), an attempt to mint keys:admin (`keys_admin_not_mintable`), or requested scopes exceeding the minting key's own (`scope_escalation`).", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"name\": \"\",\n \"scopes\": [\n \"proofs:annotate\"\n ],\n \"expires_at\": \"\",\n \"folder_slugs\": [\n \"\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3bcf1e27-94ca-40b4-90c3-df5842087546", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"name\": \"\",\n \"scopes\": [\n \"proofs:annotate\"\n ],\n \"expires_at\": \"\",\n \"folder_slugs\": [\n \"\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "8f40d816-ca3a-487d-a318-8079abd5d9c3", "name": "Per-minting-key or per-workspace mint rate limit hit (code `rate_limited`).", "originalRequest": { "url": { "path": [ "api", "v1", "keys" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"name\": \"\",\n \"scopes\": [\n \"proofs:annotate\"\n ],\n \"expires_at\": \"\",\n \"folder_slugs\": [\n \"\"\n ]\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" }, { "disabled": false, "description": { "content": "Seconds to wait before retrying.", "type": "text/plain" }, "key": "Retry-After", "value": "" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "ada424f8-27aa-4f2c-a433-91f676760e10", "name": "Revoke a key you minted", "request": { "name": "Revoke a key you minted", "description": { "content": "Revoke a key the CALLING admin key minted. Idempotent 204 (a re-DELETE of an already-revoked child is still 204). Everything else - unknown id, a dashboard-minted key, another admin key's mint, another workspace's key - is one uniform 404 `not_found` (anti-enumeration). Revoking an admin key does NOT cascade automatically; the dashboard lineage tags are the manual sweep tool (decision 0047).", "type": "text/plain" }, "url": { "path": [ "api", "v1", "keys", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "uX5qqsvM5", "key": "id", "disabled": false, "description": { "content": "(Required) Id of a key minted by the calling admin key.", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "DELETE", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "c9560809-8658-462a-ad87-e35abc856f0e", "name": "Revoked (idempotent).", "originalRequest": { "url": { "path": [ "api", "v1", "keys", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Id of a key minted by the calling admin key.", "type": "text/plain" }, "type": "any", "value": "uX5qqsvM5", "key": "id" } ] }, "header": [ { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "No Content", "code": 204, "header": [], "cookie": [], "_postman_previewlanguage": "text" }, { "id": "8850c84f-ec48-4705-8431-04c1cfbd9c39", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "keys", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Id of a key minted by the calling admin key.", "type": "text/plain" }, "type": "any", "value": "uX5qqsvM5", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "5b0af615-d43c-4b52-b49b-b7f5b81412fa", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "keys", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Id of a key minted by the calling admin key.", "type": "text/plain" }, "type": "any", "value": "uX5qqsvM5", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "fdb1e4bc-decb-4b42-a7c9-c3cc4c11f1c9", "name": "Resource not found.", "originalRequest": { "url": { "path": [ "api", "v1", "keys", ":id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Id of a key minted by the calling admin key.", "type": "text/plain" }, "type": "any", "value": "uX5qqsvM5", "key": "id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "DELETE", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Provenance", "description": "Structured provenance ingest (satsignal.provenance.v1 manifest).", "item": [ { "id": "e21e0cb9-2da4-43c2-9f31-5a0acae9b316", "name": "Anchor a structured provenance manifest", "request": { "name": "Anchor a structured provenance manifest", "description": { "content": "Structured provenance ingest. Two mutually-exclusive request shapes (see ProvenanceAnchorRequest), selected by the fields present — there is no `mode` field:\n\n - **plaintext**: send the `manifest` object. It is strict-normalized + SCJ-v1-canonicalized server-side (Satsignal Canonical JSON — deliberately not RFC 8785/JCS; see /spec-provenance §3); its sha256 is committed on-chain as a byte_exact standard anchor and the full canonical manifest ships in the bundle (offline-verifiable). Response carries `manifest_hash` plus a ready-to-embed `chain_anchor` envelope.\n - **sealed**: the client HMAC-blinds the manifest locally and sends ONLY `byte_exact_commitment` (+ optional `salt_b64`); the plaintext manifest NEVER reaches the server. `privacy.onchain_mode:\"sealed\"` lives inside the client-canonicalized manifest bytes, not as a transport flag. See /spec-provenance §6 for the commitment construction. Response `mode` is `provenance_sealed` and carries no `manifest_hash`.\n\nA `manifest` whose `privacy.onchain_mode` is `sealed` on this (plaintext) route is rejected 400 `sealed_manifest_on_plaintext_route`.\n\nThere is NO HTTP validate-only / dry-run input: `dry_run` appears in the RESPONSE but is rejected as a request field (400 `unknown_field`) — a malformed body burns a real anchor, so validate client-side first.\n\nReuses the same auth / quota / dedup-mutex / harness-string machinery as POST /api/v1/anchors.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "provenance", "anchor" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"manifest\": {},\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"force_new\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"session_id\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "26696b6c-6365-46a2-9c10-78b1367212f5", "name": "Provenance anchor created.", "originalRequest": { "url": { "path": [ "api", "v1", "provenance", "anchor" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"manifest\": {},\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"force_new\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"session_id\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"proof_id\": \"\",\n \"mode\": \"\",\n \"manifest_hash\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"anchor_state\": \"confirmed\",\n \"bundle_url\": \"\",\n \"category\": \"\",\n \"chain_anchor\": {},\n \"confirmations\": \"\",\n \"dry_run\": \"\",\n \"duplicate\": \"\",\n \"lifecycle\": {\n \"tx_status\": \"\",\n \"confirmation_howto\": \"\",\n \"docs_url\": \"\",\n \"bundle_download\": \"\",\n \"retention_docs_url\": \"\",\n \"status_url\": \"\"\n },\n \"note\": \"\",\n \"retain_until\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "7e7b8186-a330-458a-9d8d-32e82cc9d4d8", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "provenance", "anchor" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"manifest\": {},\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"force_new\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"session_id\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "46f8dca4-ca53-467d-b9a5-cfca5df01ebc", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "provenance", "anchor" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"manifest\": {},\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"force_new\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"session_id\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "95b69fa2-c479-4065-b06e-d1c8a1b916d4", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "provenance", "anchor" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"manifest\": {},\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"force_new\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"session_id\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "8ec18d1e-bffb-45fe-bf45-bf9928401b3d", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "provenance", "anchor" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"manifest\": {},\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"force_new\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"session_id\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "27a295c5-69ee-45fd-9021-4ced76fcf76a", "name": "Workspace quota exhausted for the current window.", "originalRequest": { "url": { "path": [ "api", "v1", "provenance", "anchor" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"manifest\": {},\n \"category\": \"\",\n \"folder_slug\": \"\",\n \"force_new\": \"\",\n \"label\": \"\",\n \"matter_slug\": \"\",\n \"session_id\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "{\n \"error\": {\n \"code\": \"quota_exceeded\",\n \"message\": \"\"\n },\n \"plan\": \"\",\n \"used_today\": \"\",\n \"limit\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Audit", "description": "Deterministic workspace audit packet (zip).", "item": [ { "id": "48b98b21-f590-4b1a-88c4-1e1af051aa5d", "name": "Export workspace receipts as a deterministic audit packet (zip)", "request": { "name": "Export workspace receipts as a deterministic audit packet (zip)", "description": { "content": "Deterministic export of a workspace's receipts as a self-contained zip (Phase 4.4). Same scope + verifier version in -> byte-identical zip out; the packet's sha256 (`X-Audit-Packet-Digest`) is a stable identifier the holder can re-derive offline.\n\nThe underscore alias `/api/v1/audit_packet` is also routed to this handler (history: brief / agent docs repeatedly mis-wrote the URL).", "type": "text/plain" }, "url": { "path": [ "api", "v1", "audit-packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/zip" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "b4a2c0ab-2dce-4e66-8ff8-5d46191532ae", "name": "Audit packet zip. Filename pattern: `satsignal-audit--.zip`.", "originalRequest": { "url": { "path": [ "api", "v1", "audit-packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/zip" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/zip" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "Content-Disposition", "value": "" }, { "disabled": false, "description": { "content": "Count of anchors included in the packet.", "type": "text/plain" }, "key": "X-Audit-Packet-Anchors", "value": "" }, { "disabled": false, "description": { "content": "sha256 of the packet zip bytes; re-derive offline to confirm receipt.", "type": "text/plain" }, "key": "X-Audit-Packet-Digest", "value": "" }, { "disabled": false, "description": { "content": "Count of receipts whose canonical bytes were unavailable on disk (retention-evicted etc.). Listed under `handoff.skipped[]` in the packet.", "type": "text/plain" }, "key": "X-Audit-Packet-Skipped", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Limit", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Remaining", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Reset", "value": "" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "X-RateLimit-Window", "value": "" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "id": "4345bf08-66c2-4c85-996b-9c5a7c707c23", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "audit-packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "e2706bba-09a0-4ddd-a147-000c45ea25bb", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "audit-packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "7ddfc583-aed6-49c7-bf72-fd69fc661965", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "audit-packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "4e54feaa-38f9-45f3-831a-dd66bb736dbc", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "audit-packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "254b7097-1bf8-48c8-a096-bfd5b096ecaf", "name": "Workspace scope exceeded the MAX_ANCHORS cap (1000). Narrow the workspace or time range and retry with a smaller scope.", "originalRequest": { "url": { "path": [ "api", "v1", "audit-packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Request Entity Too Large", "code": 413, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Bundle", "description": "Bearer-auth .mbnt bundle download.", "item": [ { "id": "4b977f8b-eb93-4ee7-be33-14ddae8baa21", "name": "Download a .mbnt bundle (bearer-auth)", "request": { "name": "Download a .mbnt bundle (bearer-auth)", "description": { "content": "Bearer-auth bundle download. Streams the .mbnt zip after confirming the proof belongs to the API key's workspace.\n\nSealed-blind responses don't persist a server-side bundle - the .mbnt is assembled client-side from `canonical_b64` at anchor time. Those proofs return 404 `bundle_not_persisted` here so callers can distinguish 'you never gave us this bundle' from 'we don't recognize you'.", "type": "text/plain" }, "url": { "path": [ "bundle", "{{bundle_id}}.mbnt" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/zip" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "366f8cb1-e7ed-434c-8d1a-fd10ec192a46", "name": "The .mbnt bundle zip.", "originalRequest": { "url": { "path": [ "bundle", "{{bundle_id}}.mbnt" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/zip" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/zip" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "Content-Disposition", "value": "" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "id": "369cbd0a-c568-4b0a-86d4-7fc315dc6c28", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "bundle", "{{bundle_id}}.mbnt" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "3b434067-8fc8-4c67-9b2d-3306d2bf521d", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "bundle", "{{bundle_id}}.mbnt" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "cca4ac90-8e67-4d33-b86c-70b191e7a20c", "name": "`proof_not_found` or `bundle_not_persisted` (sealed-blind).", "originalRequest": { "url": { "path": [ "bundle", "{{bundle_id}}.mbnt" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Public", "description": "Public hash-existence oracle, no auth, CORS-open, rate-limited per IP.", "item": [ { "id": "c24e56ca-cd93-41fe-92f5-0222f2bb8a53", "name": "Look up a sha256 in the public hash-existence index", "request": { "name": "Look up a sha256 in the public hash-existence index", "description": { "content": "Public hash-existence oracle. NO auth, CORS-open (Access-Control-Allow-Origin: *), rate-limited 120 GETs per IP per hour (configurable via SATSIGNAL_NOTARY_LOOKUP_HASH_LIMIT). Only indexes the ORIGINAL-FILE sha256 (the `sha256_hex` submitted when anchoring) from standard-mode sidecars; merkle roots, sealed commitments, and commit-doc SHAs all fall through to miss.\n\nExactly one of `sha`, `sha256_hex`, or `sha256` must be supplied as a query parameter — they are aliases for the same value. Several supplied with identical values is accepted; differing values return `400 conflicting_alias` (the same convention `/api/v1/anchors` uses for `folder_slug` vs its legacy `matter_slug` alias).\n\nUsed by third-party verifier UIs (regulator portals, embedded widgets) without proxying.", "type": "text/plain" }, "url": { "path": [ "lookup_hash" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Full 64-character lowercase sha256 of the original file — the `sha256_hex` submitted when anchoring. Case is folded to lowercase server-side. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha`, matching the JSON request-body field name used elsewhere in the API. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256_hex", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha` (shortened spelling integrators reach for). One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "1a571c72-e3b9-48d5-acc4-557eac31f9fd", "name": "Hit (with `proof_id` + `txid` + `created_utc`) or miss (with `miss: true` + `reason`).", "originalRequest": { "url": { "path": [ "lookup_hash" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Full 64-character lowercase sha256 of the original file — the `sha256_hex` submitted when anchoring. Case is folded to lowercase server-side. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha`, matching the JSON request-body field name used elsewhere in the API. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256_hex", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha` (shortened spelling integrators reach for). One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "Access-Control-Allow-Origin", "value": "" } ], "body": "{\n \"proof_id\": \"\",\n \"txid\": \"\",\n \"created_utc\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "8371c273-d868-4f20-b07a-e2caa672352d", "name": "`missing_sha`, `missing_or_invalid_sha`, or `conflicting_alias`.", "originalRequest": { "url": { "path": [ "lookup_hash" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Full 64-character lowercase sha256 of the original file — the `sha256_hex` submitted when anchoring. Case is folded to lowercase server-side. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha`, matching the JSON request-body field name used elsewhere in the API. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256_hex", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha` (shortened spelling integrators reach for). One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "9835fe4b-1844-4631-a325-f75e21231a94", "name": "Per-IP rate limit exceeded.", "originalRequest": { "url": { "path": [ "lookup_hash" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Full 64-character lowercase sha256 of the original file — the `sha256_hex` submitted when anchoring. Case is folded to lowercase server-side. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha`, matching the JSON request-body field name used elsewhere in the API. One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256_hex", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" }, { "disabled": false, "description": { "content": "Alias for `sha` (shortened spelling integrators reach for). One of `sha`, `sha256_hex`, or `sha256` must be supplied; supplying several is permitted only if values match.", "type": "text/plain" }, "key": "sha256", "value": "Cb1CEfBbc7383Fa86b7CF2d3dC76c6dC7eD2Fbf36fF6E6D25A658Ae5bE4BD9c1" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "Too Many Requests", "code": 429, "header": [ { "key": "Content-Type", "value": "application/json" }, { "disabled": false, "description": { "content": "", "type": "text/plain" }, "key": "Retry-After", "value": "" } ], "body": "{}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "Legacy", "description": "Deprecated legacy spellings of canonical endpoints. Requests are still accepted indefinitely (identical handlers); responses emit canonical keys only.", "item": [ { "id": "d637f9e1-ab87-465e-8d3a-dce192403d44", "name": "Audit packet (underscore alias)", "request": { "name": "Audit packet (underscore alias)", "description": { "content": "Legacy alias of /api/v1/audit-packet. Identical handler and response shape. Kept stable; not deprecated.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "audit_packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/zip" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "5731dbf8-aba7-45ef-8097-a3057c0381ed", "name": "Audit packet zip; see /api/v1/audit-packet for headers.", "originalRequest": { "url": { "path": [ "api", "v1", "audit_packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/zip" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/zip" } ], "body": "", "cookie": [], "_postman_previewlanguage": "text" }, { "id": "3e96506f-1dd0-4417-9401-7e9995ed9520", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "audit_packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "b39f9287-9e1a-47cd-9dd5-826e60335111", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "audit_packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "27da3f2b-eab2-43c0-b304-bfedbead0bba", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "audit_packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f87bb3fd-b36d-4216-9fa4-f7064a25b699", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "audit_packet" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "Restrict to one folder by slug (canonical filter). Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "folder_slug", "value": "" }, { "disabled": false, "description": { "content": "Legacy alias of `folder_slug`, still accepted. Unknown slug -> 404 `folder_not_found`.", "type": "text/plain" }, "key": "matter_slug", "value": "" }, { "disabled": false, "description": { "content": "Restrict to anchors tagged with this exact `session_id` (off-chain operator grouping key from POST /api/v1/anchors).", "type": "text/plain" }, "key": "session_id", "value": "" }, { "disabled": false, "description": { "content": "Inclusive lower bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "since", "value": "" }, { "disabled": false, "description": { "content": "Inclusive upper bound on anchored_at (unix seconds).", "type": "text/plain" }, "key": "until", "value": "" } ], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "4b6e50a4-b96d-4209-ade9-c9f09e918921", "name": "List folders (legacy spelling)", "request": { "name": "List folders (legacy spelling)", "description": { "content": "Legacy alias of /api/v1/folders. Identical handler; still accepted. Responses emit canonical keys only.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "d18bcc5f-3333-493a-85e2-073ea24d0814", "name": "Folder listing.", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"workspace\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\"\n },\n \"folders\": [\n {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n },\n {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "b95b3d9a-a565-4b50-b0f0-2f70ffe09db1", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "fd843dde-0324-4f0d-99a1-2472a640f9bb", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "11ac9462-ebdf-41b5-9ced-ca5e6facf921", "name": "Create a folder (legacy spelling)", "request": { "name": "Create a folder (legacy spelling)", "description": { "content": "Legacy alias of POST /api/v1/folders. Identical handler; still accepted. Responses emit canonical keys only.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "e270c94b-6f0b-407d-8401-f1ad12407c21", "name": "Folder created.", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"folder\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n },\n \"duplicate\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "08820c6d-a76c-44cf-a272-57e2a76243e1", "name": "Validation error. Common error codes: `bad_body`, `invalid_content_type`, `invalid_type`, `unknown_field`, `unknown_query_field`, `mode_conflict`, `missing_folder_slug`, `invalid_mode`, `invalid_category`, `invalid_session_id`, `rejected_field`, `anchor_failed`, `invalid_sha256`, `conflicting_alias`, `bad_limit`, `bad_before`, `bad_session_id`, `bad_since`, `bad_until`, `slug_too_short`, `name_too_short`, `name_too_long`, `missing_slug`, `missing_name`, `invalid_source_type`, `invalid_value`, `empty_patch`, `missing_annotation`, `bad_annotation`, `annotation_failed`, `invalid_manifest`, `audit_packet_failed`.", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "b122e00a-d78c-4d89-abf1-8e6f421f9639", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "79fed062-e4d4-4635-8b34-df8389214e88", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "f8959809-04b5-4cb8-a143-4b57ba92420d", "name": "State conflict. Common error codes: `idempotency_key_reuse_body_mismatch` (same Idempotency-Key + different body), `proof_set_requires_force_new` (prior anchor for this sha exists + caller sent new proof_set without force_new), `duplicate_slug` (folder slug already taken by a folder with a different name; an identical slug+name re-POST returns 200 with `duplicate: true` instead).", "originalRequest": { "url": { "path": [ "api", "v1", "matters" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [] }, "header": [ { "disabled": false, "description": { "content": "Optional at-most-once key. See components/headers/IdempotencyKey for semantics.", "type": "text/plain" }, "key": "Idempotency-Key", "value": "" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"slug\": \"\",\n \"name\": \"\"\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Conflict", "code": 409, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "c355e2f0-6d96-4598-a97a-a66c1b503749", "name": "List anchors in one folder (legacy spelling)", "request": { "name": "List anchors in one folder (legacy spelling)", "description": { "content": "Legacy alias of /api/v1/folders/{slug}/anchors. Identical handler; still accepted. Responses emit canonical keys only.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "matters", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "", "key": "slug", "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "c9344dae-0082-4845-b009-8354796dcc16", "name": "Folder + anchor list.", "originalRequest": { "url": { "path": [ "api", "v1", "matters", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"workspace\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\"\n },\n \"folder\": {\n \"id\": \"\",\n \"slug\": \"\",\n \"name\": \"\",\n \"archived\": \"\",\n \"created_at\": \"\"\n },\n \"anchor_count\": \"\",\n \"anchors\": [\n {\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"annotation\": null,\n \"bundle_url\": \"\",\n \"category\": \"\",\n \"deleted\": \"\",\n \"deleted_at\": \"\",\n \"folder_id\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n },\n {\n \"proof_id\": \"\",\n \"mode\": \"standard\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"category\": \"\",\n \"deleted\": \"\",\n \"deleted_at\": \"\",\n \"folder_id\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"session_id\": \"\",\n \"txid\": \"\"\n }\n ],\n \"note\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "01a85a42-8825-43f3-b3f4-1115a0e32ec9", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "matters", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "1802d663-1971-4bff-ad85-0e50b28d75be", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "matters", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "bfc4a7f0-5fd3-4034-8fb1-e3a924026a05", "name": "Folder slug doesn't exist in this workspace (or is outside a scoped key's allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "matters", ":slug", "anchors" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) Folder slug (2-64 chars).", "type": "text/plain" }, "type": "any", "value": "", "key": "slug" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "1a11f91d-06ab-43a8-badc-d0293841617e", "name": "Get one proof by id (legacy spelling)", "request": { "name": "Get one proof by id (legacy spelling)", "description": { "content": "Legacy alias of /api/v1/proofs/{bundle_id}. Identical handler; still accepted. Responses emit canonical keys only.", "type": "text/plain" }, "url": { "path": [ "api", "v1", "receipts", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id", "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}" } ] } }, "response": [ { "id": "b88e72cc-7988-47fb-b249-65257c56b8bc", "name": "Receipt detail.", "originalRequest": { "url": { "path": [ "api", "v1", "receipts", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"proof_id\": \"\",\n \"mode\": \"manifest\",\n \"category\": \"\",\n \"label\": \"\",\n \"anchored_at\": \"\",\n \"folder_id\": \"\",\n \"annotation\": {\n \"kind\": \"\",\n \"annotated_at\": \"\",\n \"is_chain_mutation\": \"\",\n \"superseded_by_bundle_id\": \"\",\n \"text\": \"\"\n },\n \"bundle_url\": \"\",\n \"folder_anchor_count\": \"\",\n \"folder_anchors_url\": \"\",\n \"folder_name\": \"\",\n \"folder_slug\": \"\",\n \"manifest\": {\n \"leaf_count\": \"\",\n \"root\": \"\",\n \"scheme\": \"\"\n },\n \"proof_kind\": \"disclosure\",\n \"proof_url\": \"\",\n \"retain_until\": \"\",\n \"txid\": \"\"\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "d460be2c-7341-4de6-96ef-320a3864188d", "name": "Authentication failed. Common error codes: `missing_bearer` (Authorization header missing/malformed), `invalid_key` (unknown / revoked / malformed).", "originalRequest": { "url": { "path": [ "api", "v1", "receipts", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Unauthorized", "code": 401, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "1fa75d6c-30dd-441e-9329-6d0dcf34e204", "name": "Key lacks the required scope, or a scoped key attempted folder creation (`folder_create_forbidden`).", "originalRequest": { "url": { "path": [ "api", "v1", "receipts", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Forbidden", "code": 403, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" }, { "id": "296bece4-ba2e-400d-8254-edc600b861e6", "name": "No proof with that id in this workspace (or outside a scoped key's folder allowlist - same response shape for enumeration defense).", "originalRequest": { "url": { "path": [ "api", "v1", "receipts", ":bundle_id" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) 16-char lowercase hex proof id. The path placeholder keeps the legacy `bundle_id` name; responses expose the id as `proof_id`.", "type": "text/plain" }, "type": "any", "value": "48dfdf7cb791a013624f487d22b758", "key": "bundle_id" } ] }, "header": [ { "key": "Accept", "value": "application/json" }, { "description": { "content": "Added as a part of security scheme: bearer", "type": "text/plain" }, "key": "Authorization", "value": "Bearer " } ], "method": "GET", "body": {} }, "status": "Not Found", "code": 404, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"error\": {\n \"code\": \"\",\n \"message\": \"\"\n }\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ], "event": [], "variable": [ { "key": "baseUrl", "value": "https://app.satsignal.cloud" }, { "key": "bundle_id", "value": "48dfdf7cb791a013624f487d22b758" } ], "info": { "_postman_id": "9278f1eb-7222-4c59-85ac-6d304e2485ff", "name": "Satsignal API", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "description": { "content": "Hand-authored OpenAPI 3.1 spec for the Satsignal notary service.\n\nSee the integration guides at https://satsignal.cloud/docs.html for getting-started flows. This spec is the machine-readable reference - import into Postman or render with any OpenAPI viewer.\n\nVocabulary: the canonical public vocabulary is `folder` (grouping noun) and `proof` (artifact noun) on every surface. Legacy spellings are INBOUND-ONLY compatibility aliases - requests carrying them keep working indefinitely:\n - routes: `/api/v1/matters` -> `/api/v1/folders`, `/api/v1/receipts/{id}` -> `/api/v1/proofs/{id}`\n - request keys / query params: `matter_slug` -> `folder_slug`\n - scopes: `receipts:read` -> `proofs:read`, `receipts:annotate` -> `proofs:annotate`\nEvery 2xx JSON response emits canonical keys ONLY (`proof_id`, `proof_url`, `folder_slug`, `folder_id`, `folder_name`, `folder_anchor_count`, `folder_anchors_url`, `folder`/`folders` containers); the legacy response keys are no longer emitted.\n\nContact Support:\n Name: Satsignal", "type": "text/plain" } } }