Customer-facing API
A narrow HTTP API. POST endpoints for signals, leads, campaigns, sends. GET and POST endpoints for the evidence pack. All authenticated with pk_live / sk_live key pairs.
The API surface is final, the SDKs are not. We are publishing the contract early so customers can build against it; the official TypeScript and Python SDKs ship in Phase 2.
Endpoints
POST /v1/signals
POST /v1/leads
POST /v1/campaigns
POST /v1/sends
GET /v1/evidence/:lead_id
POST /v1/evidence/:lead_id/pdfAuthentication
Per-tenant pk_live_* (publishable) and sk_live_* (secret) keys. Argon2id hash at rest. Last-4 displayed only at creation. Both ride in Authorization: Bearer <key>. Rotation reminders fire at 90 days; secret keys are revocable on a 60-second propagation window.
Evidence pack endpoints
GET /v1/evidence/:lead_id returns the JSON payload — every signal, send, suppression, and Chainlog event for the lead. POST /v1/evidence/:lead_id/pdf renders the artifact via Puppeteer and returns the binary. Both endpoints are gated by the tenant tier (Starter pays per export; Growth includes 200/mo; Scale unlimited).
Two free MCP tools surface this pipeline inside Cursor or Claude Desktop — no key required.