REST API Reference
Complete programmatic interface to the VerifyStack detection engine. Every endpoint documented with request/response schemas, authentication flows, error taxonomy, and interactive try-it-out capability against the live specification.
Authentication
All API requests require authentication via X-API-Key header or Bearer token. Public keys (pk_live_*) for client-side SDK; secret keys (sk_live_*) for server-side calls.
Rate Limits
Adaptive rate limiting with token-bucket algorithm. Headers includeX-RateLimit-Remaining and retry-after guidance. Enterprise plans support custom throughput.
Error Taxonomy
Consistent JSON error envelope with machine-readable codes, human-readable messages, and request correlation IDs. Follows RFC 7807 problem details for HTTP APIs.
Interactive API Explorer
Try endpoints directly against the OpenAPI 3.0 specification
Integration Architecture Notes
Detection Pipeline: The /decide endpoint orchestrates signal fusion, policy evaluation, and decision governance in one deterministic pass. Requests combine SDK telemetry, server metadata, and tenant policy context into an auditable allow/challenge/deny result.
Signal Architecture: Browser and session telemetry includes device, network, behavior, and environment signals, with privacy-preserving hashing before transport to the API.
Privacy by Design: All fingerprints are SHA-256 hashed client-side before transmission. The API never receives raw canvas data, keystroke content, or personally identifiable information in plaintext. GDPR Article 25 compliant by architecture.
Idempotency: Decision requests with the samerequestId return cached results. Evidence trails are immutable and audit-ready, enabling post-hoc forensic analysis of any decision.