REST API Reference

Base URL: https://api.phronedge.com/api/v1

Authentication: API key via X-PhronEdge-Key header or Bearer token via Authorization header.

Authentication

GET /auth/me

Returns the authenticated user and tenant.

Shell

curl -H "Authorization: Bearer {token}" \
  https://api.phronedge.com/api/v1/auth/me

JSON

{
  "uid": "user_id",
  "email": "user@company.com",
  "name": "User Name",
  "tenant_id": "tn_abc123",
  "role": "owner",
  "tenant": {
    "org_name": "Company",
    "plan": "professional",
    "calls_this_month": 12847,
    "calls_limit": 250000
  }
}

PATCH /auth/profile

Update display name, org name, or logo.

Shell

curl -X PATCH \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{"display_name": "Gabriel", "org_name": "PhronEdge"}' \
  https://api.phronedge.com/api/v1/auth/profile

POST /auth/keys/create

Create an API key for SDK access.

Shell

curl -X POST \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{"label": "production", "agent_id": "claims-agent"}' \
  https://api.phronedge.com/api/v1/auth/keys/create

JSON

{
  "api_key": "pe_live_4178c0c2db3641efb66c81f9",
  "key_prefix": "pe_live_4178...",
  "message": "Store this key securely. It will not be shown again."
}

GET /auth/keys

List API keys (masked). Only key prefixes are shown.

POST /auth/keys/revoke

Revoke an API key. Takes effect globally in under 5 seconds.

Shell

curl -X POST \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{"key_id": "pe_live_4178..."}' \
  https://api.phronedge.com/api/v1/auth/keys/revoke

Governance

POST /governance/build

Sign a constitutional policy. Creates cryptographic credentials for each agent.

POST /governance/amend

Amend an existing policy. Creates a new version linked to the previous policy hash.

GET /governance/policy/{hash}

Retrieve a signed policy by its hash.

GET /governance/form-data

Get available options for the Policy Builder (models, tiers, jurisdictions).

GET /governance/preview

Preview policy intelligence before signing.

Policy Export

GET /policy/export/rego

Export the signed policy as OPA Rego. Every rule traces to a regulation from the credential.

Shell

curl -H "Authorization: Bearer {token}" \
  https://api.phronedge.com/api/v1/policy/export/rego

JSON

{
  "format": "rego",
  "policy_hash": "c691ac83...",
  "jurisdiction": "DE",
  "frameworks": ["GDPR", "EU AI Act", "DORA"],
  "rego": "package phronedge.governance\n\nimport future.keywords.in\n\ndefault allow := false\n..."
}

GET /policy/export/yaml

Export as YAML.

GET /policy/export/json

Export as JSON. Returns the full signed credential.

Gateway

POST /gateway/proxy/{tool_name}

Governed tool call. The SDK calls this automatically. Every call runs through 7 checkpoints.

Shell

curl -X POST \
  -H "X-PhronEdge-Key: pe_live_..." \
  -H "Content-Type: application/json" \
  -d '{"arguments": {"patient_id": "P-123"}}' \
  https://api.phronedge.com/api/v1/gateway/proxy/lookup_patient

Agents

GET /agents

List all agents and their governance status.

GET /agent/{id}/status

Get real-time status of an agent (active, quarantined, killed).

POST /agent/{id}/kill

Activate kill switch. Revokes the agent globally in under 5 seconds.

POST /agent/{id}/quarantine

Quarantine an agent. All tool calls blocked pending review.

POST /agent/{id}/reinstate

Reinstate a quarantined agent. Tool calls resume.

Tenant

GET /tenant

Get tenant info including plan, limits, and settings.

PATCH /tenant

Update tenant settings (org name, webhook URL, anchor settings).

GET /tenant/usage

Get current usage stats.

JSON

{
  "plan": "professional",
  "calls_this_month": 12847,
  "calls_limit": 250000,
  "agents_allowed": 25,
  "keys_allowed": 25,
  "members_allowed": 10,
  "retention_days": 90
}

Team

GET /tenant/members

List team members.

POST /tenant/members

Invite a member.

JSON

{"email": "ciso@company.com", "role": "ciso"}

Roles: owner, ciso, dpo, architect, auditor, readonly

PATCH /tenant/members/{id}

Change member role.

DELETE /tenant/members/{id}

Remove member.

Notifications

GET /notifications

List notification inbox.

GET /notifications/count

Unread count for badge.

POST /notifications/read

Mark notifications as read.

Alert Rules

GET /tenant/alerts

List alert rules.

POST /tenant/alerts

Create alert rule.

JSON

{
  "name": "Critical Block Alert",
  "event_type": "TOOL_CALL_BLOCKED",
  "severity_filter": "CRITICAL",
  "channels": ["email", "slack"],
  "recipients": ["ciso"],
  "cooldown_seconds": 300,
  "enabled": true
}

Event types: TOOL_CALL_BLOCKED, VAULT_TAMPER_DETECTED, KILL_SWITCH_ACTIVATED, PII_INPUT_DETECTED, PROMPT_INJECTION_DETECTED, USAGE_THRESHOLD

PATCH /tenant/alerts/{id}

Update alert rule.

DELETE /tenant/alerts/{id}

Delete alert rule.

Notification Channels

GET /tenant/notifications/channels

List connected channels.

POST /tenant/notifications/channels

Connect a channel.

Slack:

JSON

{"channel_type": "slack", "config": {"webhook_url": "https://hooks.slack.com/...", "channel": "#ai-governance"}}

PagerDuty:

JSON

{"channel_type": "pagerduty", "config": {"routing_key": "your-routing-key"}}

Microsoft Teams:

JSON

{"channel_type": "teams", "config": {"webhook_url": "https://outlook.office.com/webhook/..."}}

DELETE /tenant/notifications/channels/{id}

Disconnect channel.

Audit

POST /audit/share

Generate a time-limited shareable link for external auditors.

JSON

{"email": "auditor@kpmg.com", "expires_days": 30}

Returns a share URL that the auditor can access without an account.

GET /audit/shared/{token}

View shared audit log. Public endpoint, token-based access.

POST /audit/export

Export audit log.

JSON

{"format": "json", "date_from": 1743000000, "date_to": 1744000000, "severity": "CRITICAL"}

Formats: json, csv

Reports

POST /reports/generate/{type}

Generate a governance report on demand.

Types: weekly, monthly, quarterly, governance, compliance

POST /reports/trigger

Trigger scheduled reports. Used by automated scheduling.

Checkout

POST /checkout

Create a checkout session for plan upgrade.

JSON

{"plan": "starter"}

Returns {"url": "https://checkout.stripe.com/..."}. Redirect user to this URL.

Plans: starter ($99/mo), professional ($499/mo)

POST /checkout/portal

Open billing portal for subscription management.

Public Endpoints (no auth)

GET /plans

All plan definitions with limits and features.

GET /roles

All role definitions with permissions.

Feedback

POST /feedback

Submit feedback from the console.

JSON

{"type": "bug", "message": "Observer not loading events"}

Types: bug, feature, question

Error responses

All errors follow the same format:

JSON

{
  "detail": "Authentication required"
}

Status	Meaning
401	Authentication required or token invalid
403	Permission denied (plan limit or role)
404	Resource not found
429	Rate limited or plan call limit reached
500	Server error

Previous

CLI Reference

Next

Console Guide