200+ Endpoints

API Reference

Build governed AI applications with 200+ REST endpoints. Full OpenAPI spec, tenant-scoped, versioned, and rate-limited.

Get API Key Back to Docs

Explore the API

Every endpoint is tenant-scoped, authenticated, and emits evidence. Pick a domain to dive in.

Governance & Protocol

Agents & Ara

Deploy AI agents, manage personas, execute actions through the Ara orchestration layer with approval workflows.

Evidence & Audit

Emit, query, and verify tamper-proof evidence artifacts. Every action leaves an auditable trail.

Compliance

Enable SOC 2, GDPR, HIPAA, and ISO 27001 frameworks. Track controls, posture scores, and audit exports.

Users & Teams

Manage users, roles, tenants, SSO configuration, and SCIM provisioning for enterprise identity.

Integrations

Connect 100+ tools via OAuth. Start auth flows, manage connector lifecycle, and sync data.

Analytics & Metrics

Protocol latency, training quality, approval rates, and custom metric targets with time-series data.

Billing & Usage

Stripe-powered checkout, subscription management, usage metering, and invoice retrieval.

Operations & SLOs

Define SLOs, track error budgets, manage alert rules, incidents, and runbooks.

Webhooks & Events

Receive real-time HMAC-signed event notifications for artifacts, compliance, users, and billing.

Authentication

Two methods: API keys for server-to-server, OAuth for user-facing apps

API Key Authentication

Generate scoped API keys from Settings. Pass the key in every request header.

curl -X GET https://api.arqera.io/api/v1/protocol/manifest \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json"

Session Authentication

For browser-based apps. Authenticate via login, then use the session token.

// Login and receive tokens
const res = await fetch("https://api.arqera.io/api/v1/auth/login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    email: "[email protected]",
    password: "********"
  })
});

const { access_token, refresh_token } = await res.json();

// Use access token for subsequent requests
fetch("/api/v1/protocol/manifest", {
  headers: { "Authorization": `Bearer ${access_token}` }
});

Auth Endpoints

Method	Endpoint	Description
POST	/api/v1/auth/login	Authenticate with email + password
POST	/api/v1/auth/register	Register a new user account
POST	/api/v1/auth/logout	Invalidate the current session
GET	/api/v1/auth/me	Return the current user profile
POST	/api/v1/auth/refresh	Rotate access/refresh tokens
POST	/api/v1/auth/password/forgot	Request a password reset email
POST	/api/v1/auth/password/reset	Reset password with a reset token
GET	/api/v1/auth/verify-email	Verify email with one-time token
POST	/api/v1/auth/resend-verification	Resend verification email

Govern Every AI Action

Action Tier System

Every protocol execution is classified into one of three tiers. The governance engine evaluates risk, policy, and trust before routing each action.

AUTO

Read operations, searches, diagnostics. Executed immediately with no approval required.

SOFT

Notifications, non-destructive writes. Execute with a 30-second undo window.

HARD

Emails, deletions, payments. Requires explicit human approval before execution.

Protocol Endpoints

12 endpoints

Method	Endpoint	Description
POST	/api/v1/protocol/manifest/validate	Validate a manifest without storing it
POST	/api/v1/protocol/manifest	Register a new protocol manifest
GET	/api/v1/protocol/manifest	List all registered manifests
GET	/api/v1/protocol/manifest/{node_id}	Fetch manifest by node ID (latest or specific version)
GET	/api/v1/protocol/manifest/{node_id}/versions	List all available versions of a manifest
POST	/api/v1/protocol/execute	Execute a governed protocol action
GET	/api/v1/work/approvals	List pending approval requests
POST	/api/v1/work/approvals/{id}/approve	Approve a pending action
POST	/api/v1/work/approvals/{id}/reject	Reject a pending action
GET	/api/v1/security/tenants/{tenant_id}/policies	List security policies for a tenant
POST	/api/v1/security/tenants/{tenant_id}/policies	Create a security policy
GET	/api/v1/security/tenants/{tenant_id}/audit-logs	Query audit logs with filtering

Execute a Governed Action

Send an action through the governance engine. The system evaluates policies, classifies the action tier, and either executes immediately or queues for approval.

Request

POST /api/v1/protocol/execute
Content-Type: application/json
X-API-Key: ak_live_7f3a9b2c...

{
  "node_id": "ara.connectors.salesforce",
  "action_id": "lead.create",
  "decision_contract_id": 101,
  "payload": {
    "email": "[email protected]",
    "company": "Northwind Traders",
    "source": "inbound_demo"
  },
  "routing_hints": {
    "latency_budget_ms": 500
  },
  "policy_context": {
    "require_approval": true
  }
}

Response

{
  "status": "pending_approval",
  "result": {
    "status": "queued",
    "message": "Approval required before execution.",
    "payload_echo": {
      "email": "[email protected]"
    }
  },
  "receipt": {
    "request_id": "req_8k2m4n6p",
    "trace_id": "tr_a1b2c3d4e5f6",
    "correlation_id": "cor_9x8y7z",
    "node_id": "ara.connectors.salesforce",
    "action_id": "lead.create",
    "version": "1.0.0",
    "policy_evaluations": [
      { "policy_id": "pii_local_only", "result": "pass" }
    ],
    "routing_decision": {
      "strategy": "manifest",
      "tier": "HARD"
    },
    "latency_ms": 1.2,
    "retries": 0
  }
}

Deploy and Orchestrate AI Agents

Manage agent personas, training pipelines, A/B tests, and the Ara execution engine

AI Training & Agent Endpoints

24 endpoints

Method	Endpoint	Description
GET	/api/v1/ai-training/jobs	List training jobs with status and metrics
POST	/api/v1/ai-training/jobs	Create a new training job
POST	/api/v1/ai-training/jobs/{job_id}/cancel	Cancel a running training job
GET	/api/v1/ai-training/datasets	List training datasets
POST	/api/v1/ai-training/datasets	Create a training dataset
POST	/api/v1/ai-training/datasets/generate	Auto-generate dataset from protocol executions
GET	/api/v1/ai-training/models	List deployed model versions
POST	/api/v1/ai-training/models	Register a new model version
POST	/api/v1/ai-training/models/{model_id}/deploy	Queue model deployment (approval required)
POST	/api/v1/ai-training/models/{model_id}/rollback	Rollback to a previous model version
GET	/api/v1/ai-training/personas	List agent persona profiles
GET	/api/v1/ai-training/personas/{persona_key}	Fetch a persona by key
PUT	/api/v1/ai-training/personas/{persona_key}	Update persona configuration
POST	/api/v1/ai-training/ab-tests	Create an A/B test between model versions
POST	/api/v1/ai-training/ab-tests/{id}/start	Start an A/B test
POST	/api/v1/ai-training/ab-tests/{id}/complete	Complete and declare a winner
GET	/api/v1/ai-training/feedback	List training feedback entries
POST	/api/v1/ai-training/feedback	Submit training feedback
GET	/api/v1/ai-training/infrastructure	List training infrastructure
GET	/api/v1/ai-training/infrastructure/health	Infrastructure health summary
GET	/api/v1/ai-training/stats	Training telemetry and statistics

Generate a Training Dataset from Live Traffic

ARQERA can auto-generate SFT and DPO training pairs from your protocol execution history. Approved actions become "chosen" samples; rejected actions become "rejected" samples.

curl -X POST https://api.arqera.io/api/v1/ai-training/datasets/generate \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "q1-governance-pairs",
    "source": "protocol_executions",
    "format": "dpo",
    "filters": {
      "start_date": "2026-01-01T00:00:00Z",
      "end_date": "2026-03-31T23:59:59Z",
      "min_confidence": 0.8
    }
  }'

Prove Every Decision

Tamper-proof evidence chain with hash verification, cryptographic signatures, and audit exports

Evidence & Claims Endpoints

8 endpoints

Method	Endpoint	Description
GET	/api/claims	Public claims snapshot (benchmarks, runtime spec, inventory)
GET	/api/evidence/latest	Latest evidence artifacts, filterable by type
GET	/api/evidence/verify	Verify evidence hash-chain integrity and signatures
POST	/api/v1/compliance/tenants/{tenant_id}/evidence	Submit compliance evidence
GET	/api/v1/exports/receipts	Export protocol execution receipts
GET	/api/v1/exports/approvals	Export approval decisions
GET	/api/v1/exports/usage	Export usage records (API calls, tokens, storage)
GET	/api/v1/exports/training	Export training jobs and outcomes

Verify the Evidence Chain

Every action emits an evidence artifact with a cryptographic hash linked to the previous artifact. Auditors can verify the entire chain has not been tampered with.

curl

curl https://api.arqera.io/api/evidence/verify \
  -H "X-API-Key: ak_live_7f3a9b2c..."

Response

{
  "chain_valid": true,
  "total_artifacts": 14832,
  "first_artifact": "2025-11-02T08:14:00Z",
  "latest_artifact": "2026-02-19T15:42:11Z",
  "signature_status": "all_verified",
  "broken_links": 0
}

Export Data for Auditors

All export endpoints support ISO timestamp filtering with start_at, end_at, and a window_days fallback.

curl "https://api.arqera.io/api/v1/exports/receipts?start_at=2026-01-01T00:00:00Z&end_at=2026-02-01T00:00:00Z" \
  -H "X-API-Key: ak_live_7f3a9b2c..."

Automate Compliance Across Frameworks

Enable SOC 2, GDPR, HIPAA, and ISO 27001. Track controls, measure posture, generate audit exports.

Compliance Endpoints

6 endpoints

Method	Endpoint	Description
GET	/api/v1/compliance/tenants/{tenant_id}/frameworks	List available compliance frameworks
POST	/api/v1/compliance/tenants/{tenant_id}/frameworks/{id}/enable	Enable a framework for the tenant
GET	/api/v1/compliance/tenants/{tenant_id}/frameworks/{id}/controls	List controls and their status
GET	/api/v1/compliance/tenants/{tenant_id}/posture	Get overall compliance posture score
POST	/api/v1/compliance/tenants/{tenant_id}/evidence	Submit compliance evidence artifact
POST	/api/v1/compliance/tenants/{tenant_id}/frameworks/{id}/export	Generate audit-ready export

Check Your Compliance Posture

Get a single score that reflects your compliance health across all enabled frameworks.

GET /api/v1/compliance/tenants/t_acme/posture

{
  "overall_score": 87.5,
  "frameworks": [
    {
      "id": "soc2",
      "status": "compliant",
      "controls_met": 45,
      "controls_total": 50
    },
    {
      "id": "gdpr",
      "status": "compliant",
      "controls_met": 32,
      "controls_total": 35
    },
    {
      "id": "iso27001",
      "status": "in_progress",
      "controls_met": 78,
      "controls_total": 114
    }
  ]
}

Manage Users, Roles, and Tenants

Enterprise identity with SSO, SCIM provisioning, IP allowlists, and customer-managed encryption keys

Workforce & Tasks

GET

/api/v1/work/tasks

List tasks (filter by status, assignee, priority)

POST

/api/v1/work/tasks

Create a task

PATCH

/api/v1/work/tasks/{id}

Update task status or assignee

GET

/api/v1/work/workers

List workers (human + AI)

POST

/api/v1/work/workers

GET

/api/v1/work/sla-policies

List SLA policies

Security & Identity

GET

/.../{tenant_id}/sso

Get SSO configuration

POST

/.../{tenant_id}/sso

Configure SAML or OIDC

GET

/.../{tenant_id}/ip-allowlist

List IP allowlist rules

POST

/.../{tenant_id}/ip-allowlist

Add IP allowlist rule (CIDR)

GET

/.../{tenant_id}/kms

Get encryption key config

POST

/.../{tenant_id}/kms

Configure customer-managed keys

Verify a Custom Domain

Prove domain ownership via DNS TXT record verification. Required for SSO and custom branding.

# 1. Request a verification token
POST /api/v1/tenants/t_acme/domain/verification

# 2. Add the TXT record to your DNS:
#    _arqera-verify.acme.co -> arq_verify_8k2m4n6p

# 3. Confirm verification
POST /api/v1/tenants/t_acme/domain/verification/confirm

# Response:
{ "domain": "acme.co", "verified": true, "verified_at": "2026-02-19T12:00:00Z" }

Connect Your Entire Stack

100+ connectors via OAuth. Manage lifecycle, sync data, and auto-generate protocol manifests.

Integration Fabric Endpoints

10 endpoints

Method	Endpoint	Description
GET	/api/v1/integration-fabric/connectors	List available connectors
GET	/api/v1/integration-fabric/connectors/{id}	Get connector details
GET	/api/v1/integration-fabric/connectors/{id}/scopes	List required OAuth scopes
POST	/api/v1/integration-fabric/connectors/{id}/auth/start	Start OAuth flow
POST	/api/v1/integration-fabric/connectors/{id}/auth/complete	Complete OAuth callback
POST	/api/v1/integration-fabric/connectors/{id}/auth/disconnect	Disconnect an integration
POST	/api/v1/integration-fabric/connectors/{id}/sync	Queue a data sync job
GET	/api/v1/integration-fabric/connectors/{id}/manifest	Preview auto-generated manifest
POST	/api/v1/integration-fabric/connectors/{id}/publish	Publish connector to protocol registry
POST	/api/webhooks/nango	Receive Nango connect webhooks

Connect a Tool in Three Steps

// Step 1: Start the OAuth flow
const startRes = await fetch("/api/v1/integration-fabric/connectors/github/auth/start", {
  method: "POST",
  headers: { "X-API-Key": "ak_live_7f3a9b2c..." }
});
const { auth_url } = await startRes.json();
// Redirect user to auth_url...

// Step 2: User authorizes in GitHub, callback fires

// Step 3: Complete the connection
await fetch("/api/v1/integration-fabric/connectors/github/auth/complete", {
  method: "POST",
  headers: { "X-API-Key": "ak_live_7f3a9b2c..." }
});
// Connector is now active and syncable

Measure Everything That Matters

Protocol performance, training quality, and self-optimizing learning pipelines

Observability Metrics

GET

/api/v1/metrics/overview

Combined protocol + training metrics

GET

/api/v1/metrics/protocol

Execution latency, approvals, PII events

GET

/api/v1/metrics/training

Job completion, quality, cost

GET

/api/v1/metrics/targets

Tenant metric targets

PUT

/api/v1/metrics/targets

Update metric targets

Self-Optimization (Learning Plane)

GET

/api/v1/learning

Latest learning snapshot

POST

/api/v1/learning/run

Compute fresh learning snapshot

GET

/api/v1/learning/pipeline

Recent pipeline runs

POST

/api/v1/learning/pipeline/run

Trigger new pipeline run

GET

/api/v1/learning/routing-updates

Queued routing/model updates

POST

/api/v1/learning/routing-updates

Propose a routing update

POST

/api/v1/learning/routing-updates/{id}/apply

Apply an approved update

Billing, Plans, and Usage Metering

Stripe-powered subscription management, usage tracking, and invoice retrieval

Billing Endpoints

7 endpoints

Method	Endpoint	Description
GET	/api/v1/billing/plans	List plans (Free, Team, Business, Enterprise)
GET	/api/v1/billing/usage	Current usage: tokens, requests, storage
POST	/api/v1/billing/checkout	Create Stripe checkout session for upgrade
POST	/api/v1/billing/portal	Open Stripe customer portal
GET	/api/v1/billing/invoices	List invoices for the tenant
GET	/api/v1/billing/subscription	Current subscription details
POST	/api/v1/billing/webhooks/stripe	Stripe webhook receiver

Upgrade a Subscription

curl -X POST https://api.arqera.io/api/v1/billing/checkout \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "plan_id": "business",
    "success_url": "https://app.acme.co/billing/success",
    "cancel_url": "https://app.acme.co/billing/cancel"
  }'

# Response: { "checkout_url": "https://checkout.stripe.com/c/pay/cs_live_..." }

Define SLOs, Track Error Budgets

Service level objectives, alert rules, incident management, and runbooks

Operations Endpoints

14 endpoints

Method	Endpoint	Description
GET	/api/v1/operations/slos	List SLO definitions
POST	/api/v1/operations/slos	Create an SLO
GET	/api/v1/operations/slos/{id}	Get SLO details
GET	/api/v1/operations/slos/{id}/error-budget	Current error budget status
GET	/.../{tenant_id}/alert-rules	List alert rules
POST	/.../{tenant_id}/alert-rules	Create an alert rule
GET	/.../{tenant_id}/alerts	List alerts (firing, acked, resolved)
POST	/.../{tenant_id}/alerts/{id}/acknowledge	Acknowledge an alert
POST	/.../{tenant_id}/alerts/{id}/resolve	Resolve an alert
GET	/api/v1/operations/runbooks	List runbooks
POST	/api/v1/operations/runbooks	Create a runbook
GET	/api/v1/operations/incidents	List incidents
POST	/api/v1/operations/incidents	Create an incident

Monitor Error Budget Burn Rate

GET /api/v1/operations/slos/slo_api_latency/error-budget

{
  "slo_id": "slo_api_latency",
  "name": "API Latency P99",
  "target_percent": 99.0,
  "budget_remaining_percent": 0.85,
  "budget_consumed_percent": 15.0,
  "projected_burn_rate": 0.5,
  "measurement_window": "rolling-7d",
  "current_value": 98.5,
  "status": "healthy"
}

React to Events in Real Time

HMAC-SHA256 signed payloads delivered to your endpoints within seconds

Event Categories

artifact.createdartifact.sharedcompliance.check.completedevidence.emitteduser.createduser.deprovisionedsubscription.updatedsubscription.cancelledintegration.connectedintegration.disconnectedprotocol.executedprotocol.approval.requested

Verify Webhook Signatures

Every webhook includes an X-Arqera-Signature header. Compute HMAC-SHA256 of the raw request body with your webhook secret and compare.

import hmac, hashlib

def verify_webhook(payload: bytes, signature: str, secret: str) -> bool:
    expected = hmac.new(
        secret.encode(),
        payload,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", signature)

Example Webhook Payload

POST https://hooks.acme.co/arqera
X-Arqera-Signature: sha256=d7a8fbb307d7809469ca...
Content-Type: application/json

{
  "event": "protocol.executed",
  "timestamp": "2026-02-19T15:42:11Z",
  "tenant_id": "t_acme",
  "data": {
    "request_id": "req_8k2m4n6p",
    "node_id": "ara.connectors.salesforce",
    "action_id": "lead.create",
    "tier": "HARD",
    "status": "approved",
    "latency_ms": 142,
    "evidence_hash": "sha256:ab12cd34..."
  }
}

Health Checks and System Diagnostics

Readiness probes, liveness probes, and detailed component health for orchestrators

Health Endpoints

Method	Endpoint	Auth	Description
GET	/api/health	None	Basic health check (DB, Redis, system)
GET	/api/health/live	None	Liveness probe for service heartbeat
GET	/api/health/ready	None	Readiness probe with dependency checks
GET	/api/health/detailed	Required	Full component health with system metrics

Rate Limiting

All API requests are rate-limited per tenant. Limits scale with your plan.

Plan	Rate Limit	Burst
Free	100 req/min	20 req/sec
Team	500 req/min	50 req/sec
Business	2,000 req/min	200 req/sec
Enterprise	Custom	Custom

Rate Limit Headers

Every response includes rate limit headers so you can implement client-side throttling.

HTTP/1.1 200 OK
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 487
X-RateLimit-Reset: 1708358400

# When rate limited:
HTTP/1.1 429 Too Many Requests
Retry-After: 12
{
  "detail": "Rate limit exceeded. Retry after 12 seconds."
}

Pagination

Cursor-based and offset-based pagination across all list endpoints

Cursor-Based (Recommended)

Best for real-time data. Use the next_cursor from each response to fetch the next page.

GET /api/v1/work/tasks?limit=25

{
  "items": [...],
  "total": 142,
  "next_cursor": "eyJpZCI6MTI1fQ==",
  "has_more": true
}

# Next page:
GET /api/v1/work/tasks?limit=25&cursor=eyJpZCI6MTI1fQ==

Offset-Based

For stable datasets where page jumping is needed. Use offset and limit.

GET /api/v1/ai-training/jobs?limit=10&offset=20

{
  "items": [...],
  "total": 87,
  "limit": 10,
  "offset": 20
}

Error Handling

Consistent error format across all endpoints with actionable messages

Code	Status	When You Will See This
400	Bad Request	Invalid request body, missing required fields, or malformed parameters.
401	Unauthorized	Missing or invalid API key. Check the X-API-Key header.
403	Forbidden	Valid credentials but insufficient permissions for this resource.
404	Not Found	The requested resource does not exist or belongs to another tenant.
409	Conflict	Resource already exists or version conflict on concurrent update.
422	Unprocessable Entity	Request body is well-formed but fails validation rules.
429	Too Many Requests	Rate limit exceeded. Back off and retry using the X-RateLimit-Reset header.
500	Internal Server Error	Unexpected failure. Includes a trace_id for support escalation.

Error Response Format

All errors return a consistent JSON structure with a human-readable message and optional trace ID for support.

{
  "detail": "Manifest version 1.0.3 already exists for node ara.connectors.salesforce.",
  "trace_id": "tr_a1b2c3d4e5f6"
}

Validation Errors (422)

Validation errors include field-level detail so you can highlight specific form inputs.

{
  "detail": [
    {
      "loc": ["body", "manifest", "node", "id"],
      "msg": "Node ID must match pattern: namespace.category.name",
      "type": "value_error"
    }
  ]
}

Quick Start

Get up and running with the ARQERA API in under 5 minutes

curl

# 1. Register a manifest
curl -X POST https://api.arqera.io/api/v1/protocol/manifest \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "manifest": {
      "protocol_version": "1.0",
      "node": {
        "id": "myapp.actions.notify",
        "name": "User Notification",
        "version": "1.0.0",
        "owner": "acme",
        "category": "notification",
        "endpoints": [{
          "action_id": "send",
          "description": "Send user notification",
          "approval_required": false,
          "idempotency": true
        }]
      }
    },
    "registry": { "listing_tier": "development" }
  }'

# 2. Execute the action
curl -X POST https://api.arqera.io/api/v1/protocol/execute \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "node_id": "myapp.actions.notify",
    "action_id": "send",
    "payload": {
      "user_id": "usr_42",
      "message": "Your report is ready"
    }
  }'

TypeScript

Using the ARQERA SDK

import { Arqera } from "@arqera/sdk";

const client = new Arqera({
  apiKey: process.env.ARQERA_API_KEY,
  baseUrl: "https://api.arqera.io",
});

// Register a manifest
await client.protocol.manifest.create({
  manifest: {
    protocol_version: "1.0",
    node: {
      id: "myapp.actions.notify",
      name: "User Notification",
      version: "1.0.0",
      owner: "acme",
      category: "notification",
      endpoints: [{
        action_id: "send",
        description: "Send user notification",
        approval_required: false,
      }],
    },
  },
  registry: { listing_tier: "development" },
});

// Execute with governance
const result = await client.protocol.execute({
  node_id: "myapp.actions.notify",
  action_id: "send",
  payload: {
    user_id: "usr_42",
    message: "Your report is ready",
  },
});

console.log(result.receipt.trace_id);
// "tr_a1b2c3d4e5f6"
console.log(result.receipt.routing_decision.tier);
// "AUTO" — executed immediately

Start building with the ARQERA API

Create your free account, generate an API key, and execute your first governed action in minutes.

Get API Key Back to Docs

200+ Endpoints

API Reference

Build governed AI applications with 200+ REST endpoints. Full OpenAPI spec, tenant-scoped, versioned, and rate-limited.

Get API Key Back to Docs

Explore the API

Every endpoint is tenant-scoped, authenticated, and emits evidence. Pick a domain to dive in.

Governance & Protocol

Agents & Ara

Deploy AI agents, manage personas, execute actions through the Ara orchestration layer with approval workflows.

Evidence & Audit

Emit, query, and verify tamper-proof evidence artifacts. Every action leaves an auditable trail.

Compliance

Enable SOC 2, GDPR, HIPAA, and ISO 27001 frameworks. Track controls, posture scores, and audit exports.

Users & Teams

Manage users, roles, tenants, SSO configuration, and SCIM provisioning for enterprise identity.

Integrations

Connect 100+ tools via OAuth. Start auth flows, manage connector lifecycle, and sync data.

Analytics & Metrics

Protocol latency, training quality, approval rates, and custom metric targets with time-series data.

Billing & Usage

Stripe-powered checkout, subscription management, usage metering, and invoice retrieval.

Operations & SLOs

Define SLOs, track error budgets, manage alert rules, incidents, and runbooks.

Webhooks & Events

Receive real-time HMAC-signed event notifications for artifacts, compliance, users, and billing.

Authentication

Two methods: API keys for server-to-server, OAuth for user-facing apps

API Key Authentication

Generate scoped API keys from Settings. Pass the key in every request header.

curl -X GET https://api.arqera.io/api/v1/protocol/manifest \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json"

Session Authentication

For browser-based apps. Authenticate via login, then use the session token.

// Login and receive tokens
const res = await fetch("https://api.arqera.io/api/v1/auth/login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    email: "[email protected]",
    password: "********"
  })
});

const { access_token, refresh_token } = await res.json();

// Use access token for subsequent requests
fetch("/api/v1/protocol/manifest", {
  headers: { "Authorization": `Bearer ${access_token}` }
});

Auth Endpoints

Method	Endpoint	Description
POST	/api/v1/auth/login	Authenticate with email + password
POST	/api/v1/auth/register	Register a new user account
POST	/api/v1/auth/logout	Invalidate the current session
GET	/api/v1/auth/me	Return the current user profile
POST	/api/v1/auth/refresh	Rotate access/refresh tokens
POST	/api/v1/auth/password/forgot	Request a password reset email
POST	/api/v1/auth/password/reset	Reset password with a reset token
GET	/api/v1/auth/verify-email	Verify email with one-time token
POST	/api/v1/auth/resend-verification	Resend verification email

Govern Every AI Action

Action Tier System

Every protocol execution is classified into one of three tiers. The governance engine evaluates risk, policy, and trust before routing each action.

AUTO

Read operations, searches, diagnostics. Executed immediately with no approval required.

SOFT

Notifications, non-destructive writes. Execute with a 30-second undo window.

HARD

Emails, deletions, payments. Requires explicit human approval before execution.

Protocol Endpoints

12 endpoints

Method	Endpoint	Description
POST	/api/v1/protocol/manifest/validate	Validate a manifest without storing it
POST	/api/v1/protocol/manifest	Register a new protocol manifest
GET	/api/v1/protocol/manifest	List all registered manifests
GET	/api/v1/protocol/manifest/{node_id}	Fetch manifest by node ID (latest or specific version)
GET	/api/v1/protocol/manifest/{node_id}/versions	List all available versions of a manifest
POST	/api/v1/protocol/execute	Execute a governed protocol action
GET	/api/v1/work/approvals	List pending approval requests
POST	/api/v1/work/approvals/{id}/approve	Approve a pending action
POST	/api/v1/work/approvals/{id}/reject	Reject a pending action
GET	/api/v1/security/tenants/{tenant_id}/policies	List security policies for a tenant
POST	/api/v1/security/tenants/{tenant_id}/policies	Create a security policy
GET	/api/v1/security/tenants/{tenant_id}/audit-logs	Query audit logs with filtering

Execute a Governed Action

Send an action through the governance engine. The system evaluates policies, classifies the action tier, and either executes immediately or queues for approval.

Request

POST /api/v1/protocol/execute
Content-Type: application/json
X-API-Key: ak_live_7f3a9b2c...

{
  "node_id": "ara.connectors.salesforce",
  "action_id": "lead.create",
  "decision_contract_id": 101,
  "payload": {
    "email": "[email protected]",
    "company": "Northwind Traders",
    "source": "inbound_demo"
  },
  "routing_hints": {
    "latency_budget_ms": 500
  },
  "policy_context": {
    "require_approval": true
  }
}

Response

{
  "status": "pending_approval",
  "result": {
    "status": "queued",
    "message": "Approval required before execution.",
    "payload_echo": {
      "email": "[email protected]"
    }
  },
  "receipt": {
    "request_id": "req_8k2m4n6p",
    "trace_id": "tr_a1b2c3d4e5f6",
    "correlation_id": "cor_9x8y7z",
    "node_id": "ara.connectors.salesforce",
    "action_id": "lead.create",
    "version": "1.0.0",
    "policy_evaluations": [
      { "policy_id": "pii_local_only", "result": "pass" }
    ],
    "routing_decision": {
      "strategy": "manifest",
      "tier": "HARD"
    },
    "latency_ms": 1.2,
    "retries": 0
  }
}

Deploy and Orchestrate AI Agents

Manage agent personas, training pipelines, A/B tests, and the Ara execution engine

AI Training & Agent Endpoints

24 endpoints

Method	Endpoint	Description
GET	/api/v1/ai-training/jobs	List training jobs with status and metrics
POST	/api/v1/ai-training/jobs	Create a new training job
POST	/api/v1/ai-training/jobs/{job_id}/cancel	Cancel a running training job
GET	/api/v1/ai-training/datasets	List training datasets
POST	/api/v1/ai-training/datasets	Create a training dataset
POST	/api/v1/ai-training/datasets/generate	Auto-generate dataset from protocol executions
GET	/api/v1/ai-training/models	List deployed model versions
POST	/api/v1/ai-training/models	Register a new model version
POST	/api/v1/ai-training/models/{model_id}/deploy	Queue model deployment (approval required)
POST	/api/v1/ai-training/models/{model_id}/rollback	Rollback to a previous model version
GET	/api/v1/ai-training/personas	List agent persona profiles
GET	/api/v1/ai-training/personas/{persona_key}	Fetch a persona by key
PUT	/api/v1/ai-training/personas/{persona_key}	Update persona configuration
POST	/api/v1/ai-training/ab-tests	Create an A/B test between model versions
POST	/api/v1/ai-training/ab-tests/{id}/start	Start an A/B test
POST	/api/v1/ai-training/ab-tests/{id}/complete	Complete and declare a winner
GET	/api/v1/ai-training/feedback	List training feedback entries
POST	/api/v1/ai-training/feedback	Submit training feedback
GET	/api/v1/ai-training/infrastructure	List training infrastructure
GET	/api/v1/ai-training/infrastructure/health	Infrastructure health summary
GET	/api/v1/ai-training/stats	Training telemetry and statistics

Generate a Training Dataset from Live Traffic

ARQERA can auto-generate SFT and DPO training pairs from your protocol execution history. Approved actions become "chosen" samples; rejected actions become "rejected" samples.

curl -X POST https://api.arqera.io/api/v1/ai-training/datasets/generate \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "q1-governance-pairs",
    "source": "protocol_executions",
    "format": "dpo",
    "filters": {
      "start_date": "2026-01-01T00:00:00Z",
      "end_date": "2026-03-31T23:59:59Z",
      "min_confidence": 0.8
    }
  }'

Prove Every Decision

Tamper-proof evidence chain with hash verification, cryptographic signatures, and audit exports

Evidence & Claims Endpoints

8 endpoints

Method	Endpoint	Description
GET	/api/claims	Public claims snapshot (benchmarks, runtime spec, inventory)
GET	/api/evidence/latest	Latest evidence artifacts, filterable by type
GET	/api/evidence/verify	Verify evidence hash-chain integrity and signatures
POST	/api/v1/compliance/tenants/{tenant_id}/evidence	Submit compliance evidence
GET	/api/v1/exports/receipts	Export protocol execution receipts
GET	/api/v1/exports/approvals	Export approval decisions
GET	/api/v1/exports/usage	Export usage records (API calls, tokens, storage)
GET	/api/v1/exports/training	Export training jobs and outcomes

Verify the Evidence Chain

Every action emits an evidence artifact with a cryptographic hash linked to the previous artifact. Auditors can verify the entire chain has not been tampered with.

curl

curl https://api.arqera.io/api/evidence/verify \
  -H "X-API-Key: ak_live_7f3a9b2c..."

Response

{
  "chain_valid": true,
  "total_artifacts": 14832,
  "first_artifact": "2025-11-02T08:14:00Z",
  "latest_artifact": "2026-02-19T15:42:11Z",
  "signature_status": "all_verified",
  "broken_links": 0
}

Export Data for Auditors

All export endpoints support ISO timestamp filtering with start_at, end_at, and a window_days fallback.

curl "https://api.arqera.io/api/v1/exports/receipts?start_at=2026-01-01T00:00:00Z&end_at=2026-02-01T00:00:00Z" \
  -H "X-API-Key: ak_live_7f3a9b2c..."

Automate Compliance Across Frameworks

Enable SOC 2, GDPR, HIPAA, and ISO 27001. Track controls, measure posture, generate audit exports.

Compliance Endpoints

6 endpoints

Method	Endpoint	Description
GET	/api/v1/compliance/tenants/{tenant_id}/frameworks	List available compliance frameworks
POST	/api/v1/compliance/tenants/{tenant_id}/frameworks/{id}/enable	Enable a framework for the tenant
GET	/api/v1/compliance/tenants/{tenant_id}/frameworks/{id}/controls	List controls and their status
GET	/api/v1/compliance/tenants/{tenant_id}/posture	Get overall compliance posture score
POST	/api/v1/compliance/tenants/{tenant_id}/evidence	Submit compliance evidence artifact
POST	/api/v1/compliance/tenants/{tenant_id}/frameworks/{id}/export	Generate audit-ready export

Check Your Compliance Posture

Get a single score that reflects your compliance health across all enabled frameworks.

GET /api/v1/compliance/tenants/t_acme/posture

{
  "overall_score": 87.5,
  "frameworks": [
    {
      "id": "soc2",
      "status": "compliant",
      "controls_met": 45,
      "controls_total": 50
    },
    {
      "id": "gdpr",
      "status": "compliant",
      "controls_met": 32,
      "controls_total": 35
    },
    {
      "id": "iso27001",
      "status": "in_progress",
      "controls_met": 78,
      "controls_total": 114
    }
  ]
}

Manage Users, Roles, and Tenants

Enterprise identity with SSO, SCIM provisioning, IP allowlists, and customer-managed encryption keys

Workforce & Tasks

GET

/api/v1/work/tasks

List tasks (filter by status, assignee, priority)

POST

/api/v1/work/tasks

Create a task

PATCH

/api/v1/work/tasks/{id}

Update task status or assignee

GET

/api/v1/work/workers

List workers (human + AI)

POST

/api/v1/work/workers

GET

/api/v1/work/sla-policies

List SLA policies

Security & Identity

GET

/.../{tenant_id}/sso

Get SSO configuration

POST

/.../{tenant_id}/sso

Configure SAML or OIDC

GET

/.../{tenant_id}/ip-allowlist

List IP allowlist rules

POST

/.../{tenant_id}/ip-allowlist

Add IP allowlist rule (CIDR)

GET

/.../{tenant_id}/kms

Get encryption key config

POST

/.../{tenant_id}/kms

Configure customer-managed keys

Verify a Custom Domain

Prove domain ownership via DNS TXT record verification. Required for SSO and custom branding.

# 1. Request a verification token
POST /api/v1/tenants/t_acme/domain/verification

# 2. Add the TXT record to your DNS:
#    _arqera-verify.acme.co -> arq_verify_8k2m4n6p

# 3. Confirm verification
POST /api/v1/tenants/t_acme/domain/verification/confirm

# Response:
{ "domain": "acme.co", "verified": true, "verified_at": "2026-02-19T12:00:00Z" }

Connect Your Entire Stack

100+ connectors via OAuth. Manage lifecycle, sync data, and auto-generate protocol manifests.

Integration Fabric Endpoints

10 endpoints

Method	Endpoint	Description
GET	/api/v1/integration-fabric/connectors	List available connectors
GET	/api/v1/integration-fabric/connectors/{id}	Get connector details
GET	/api/v1/integration-fabric/connectors/{id}/scopes	List required OAuth scopes
POST	/api/v1/integration-fabric/connectors/{id}/auth/start	Start OAuth flow
POST	/api/v1/integration-fabric/connectors/{id}/auth/complete	Complete OAuth callback
POST	/api/v1/integration-fabric/connectors/{id}/auth/disconnect	Disconnect an integration
POST	/api/v1/integration-fabric/connectors/{id}/sync	Queue a data sync job
GET	/api/v1/integration-fabric/connectors/{id}/manifest	Preview auto-generated manifest
POST	/api/v1/integration-fabric/connectors/{id}/publish	Publish connector to protocol registry
POST	/api/webhooks/nango	Receive Nango connect webhooks

Connect a Tool in Three Steps

// Step 1: Start the OAuth flow
const startRes = await fetch("/api/v1/integration-fabric/connectors/github/auth/start", {
  method: "POST",
  headers: { "X-API-Key": "ak_live_7f3a9b2c..." }
});
const { auth_url } = await startRes.json();
// Redirect user to auth_url...

// Step 2: User authorizes in GitHub, callback fires

// Step 3: Complete the connection
await fetch("/api/v1/integration-fabric/connectors/github/auth/complete", {
  method: "POST",
  headers: { "X-API-Key": "ak_live_7f3a9b2c..." }
});
// Connector is now active and syncable

Measure Everything That Matters

Protocol performance, training quality, and self-optimizing learning pipelines

Observability Metrics

GET

/api/v1/metrics/overview

Combined protocol + training metrics

GET

/api/v1/metrics/protocol

Execution latency, approvals, PII events

GET

/api/v1/metrics/training

Job completion, quality, cost

GET

/api/v1/metrics/targets

Tenant metric targets

PUT

/api/v1/metrics/targets

Update metric targets

Self-Optimization (Learning Plane)

GET

/api/v1/learning

Latest learning snapshot

POST

/api/v1/learning/run

Compute fresh learning snapshot

GET

/api/v1/learning/pipeline

Recent pipeline runs

POST

/api/v1/learning/pipeline/run

Trigger new pipeline run

GET

/api/v1/learning/routing-updates

Queued routing/model updates

POST

/api/v1/learning/routing-updates

Propose a routing update

POST

/api/v1/learning/routing-updates/{id}/apply

Apply an approved update

Billing, Plans, and Usage Metering

Stripe-powered subscription management, usage tracking, and invoice retrieval

Billing Endpoints

7 endpoints

Method	Endpoint	Description
GET	/api/v1/billing/plans	List plans (Free, Team, Business, Enterprise)
GET	/api/v1/billing/usage	Current usage: tokens, requests, storage
POST	/api/v1/billing/checkout	Create Stripe checkout session for upgrade
POST	/api/v1/billing/portal	Open Stripe customer portal
GET	/api/v1/billing/invoices	List invoices for the tenant
GET	/api/v1/billing/subscription	Current subscription details
POST	/api/v1/billing/webhooks/stripe	Stripe webhook receiver

Upgrade a Subscription

curl -X POST https://api.arqera.io/api/v1/billing/checkout \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "plan_id": "business",
    "success_url": "https://app.acme.co/billing/success",
    "cancel_url": "https://app.acme.co/billing/cancel"
  }'

# Response: { "checkout_url": "https://checkout.stripe.com/c/pay/cs_live_..." }

Define SLOs, Track Error Budgets

Service level objectives, alert rules, incident management, and runbooks

Operations Endpoints

14 endpoints

Method	Endpoint	Description
GET	/api/v1/operations/slos	List SLO definitions
POST	/api/v1/operations/slos	Create an SLO
GET	/api/v1/operations/slos/{id}	Get SLO details
GET	/api/v1/operations/slos/{id}/error-budget	Current error budget status
GET	/.../{tenant_id}/alert-rules	List alert rules
POST	/.../{tenant_id}/alert-rules	Create an alert rule
GET	/.../{tenant_id}/alerts	List alerts (firing, acked, resolved)
POST	/.../{tenant_id}/alerts/{id}/acknowledge	Acknowledge an alert
POST	/.../{tenant_id}/alerts/{id}/resolve	Resolve an alert
GET	/api/v1/operations/runbooks	List runbooks
POST	/api/v1/operations/runbooks	Create a runbook
GET	/api/v1/operations/incidents	List incidents
POST	/api/v1/operations/incidents	Create an incident

Monitor Error Budget Burn Rate

GET /api/v1/operations/slos/slo_api_latency/error-budget

{
  "slo_id": "slo_api_latency",
  "name": "API Latency P99",
  "target_percent": 99.0,
  "budget_remaining_percent": 0.85,
  "budget_consumed_percent": 15.0,
  "projected_burn_rate": 0.5,
  "measurement_window": "rolling-7d",
  "current_value": 98.5,
  "status": "healthy"
}

React to Events in Real Time

HMAC-SHA256 signed payloads delivered to your endpoints within seconds

Event Categories

Verify Webhook Signatures

Every webhook includes an X-Arqera-Signature header. Compute HMAC-SHA256 of the raw request body with your webhook secret and compare.

import hmac, hashlib

def verify_webhook(payload: bytes, signature: str, secret: str) -> bool:
    expected = hmac.new(
        secret.encode(),
        payload,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", signature)

Example Webhook Payload

POST https://hooks.acme.co/arqera
X-Arqera-Signature: sha256=d7a8fbb307d7809469ca...
Content-Type: application/json

{
  "event": "protocol.executed",
  "timestamp": "2026-02-19T15:42:11Z",
  "tenant_id": "t_acme",
  "data": {
    "request_id": "req_8k2m4n6p",
    "node_id": "ara.connectors.salesforce",
    "action_id": "lead.create",
    "tier": "HARD",
    "status": "approved",
    "latency_ms": 142,
    "evidence_hash": "sha256:ab12cd34..."
  }
}

Health Checks and System Diagnostics

Readiness probes, liveness probes, and detailed component health for orchestrators

Health Endpoints

Method	Endpoint	Auth	Description
GET	/api/health	None	Basic health check (DB, Redis, system)
GET	/api/health/live	None	Liveness probe for service heartbeat
GET	/api/health/ready	None	Readiness probe with dependency checks
GET	/api/health/detailed	Required	Full component health with system metrics

Rate Limiting

All API requests are rate-limited per tenant. Limits scale with your plan.

Plan	Rate Limit	Burst
Free	100 req/min	20 req/sec
Team	500 req/min	50 req/sec
Business	2,000 req/min	200 req/sec
Enterprise	Custom	Custom

Rate Limit Headers

Every response includes rate limit headers so you can implement client-side throttling.

HTTP/1.1 200 OK
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 487
X-RateLimit-Reset: 1708358400

# When rate limited:
HTTP/1.1 429 Too Many Requests
Retry-After: 12
{
  "detail": "Rate limit exceeded. Retry after 12 seconds."
}

Pagination

Cursor-based and offset-based pagination across all list endpoints

Cursor-Based (Recommended)

Best for real-time data. Use the next_cursor from each response to fetch the next page.

GET /api/v1/work/tasks?limit=25

{
  "items": [...],
  "total": 142,
  "next_cursor": "eyJpZCI6MTI1fQ==",
  "has_more": true
}

# Next page:
GET /api/v1/work/tasks?limit=25&cursor=eyJpZCI6MTI1fQ==

Offset-Based

For stable datasets where page jumping is needed. Use offset and limit.

GET /api/v1/ai-training/jobs?limit=10&offset=20

{
  "items": [...],
  "total": 87,
  "limit": 10,
  "offset": 20
}

Error Handling

Consistent error format across all endpoints with actionable messages

Code	Status	When You Will See This
400	Bad Request	Invalid request body, missing required fields, or malformed parameters.
401	Unauthorized	Missing or invalid API key. Check the X-API-Key header.
403	Forbidden	Valid credentials but insufficient permissions for this resource.
404	Not Found	The requested resource does not exist or belongs to another tenant.
409	Conflict	Resource already exists or version conflict on concurrent update.
422	Unprocessable Entity	Request body is well-formed but fails validation rules.
429	Too Many Requests	Rate limit exceeded. Back off and retry using the X-RateLimit-Reset header.
500	Internal Server Error	Unexpected failure. Includes a trace_id for support escalation.

Error Response Format

All errors return a consistent JSON structure with a human-readable message and optional trace ID for support.

{
  "detail": "Manifest version 1.0.3 already exists for node ara.connectors.salesforce.",
  "trace_id": "tr_a1b2c3d4e5f6"
}

Validation Errors (422)

Validation errors include field-level detail so you can highlight specific form inputs.

{
  "detail": [
    {
      "loc": ["body", "manifest", "node", "id"],
      "msg": "Node ID must match pattern: namespace.category.name",
      "type": "value_error"
    }
  ]
}

Quick Start

Get up and running with the ARQERA API in under 5 minutes

curl

# 1. Register a manifest
curl -X POST https://api.arqera.io/api/v1/protocol/manifest \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "manifest": {
      "protocol_version": "1.0",
      "node": {
        "id": "myapp.actions.notify",
        "name": "User Notification",
        "version": "1.0.0",
        "owner": "acme",
        "category": "notification",
        "endpoints": [{
          "action_id": "send",
          "description": "Send user notification",
          "approval_required": false,
          "idempotency": true
        }]
      }
    },
    "registry": { "listing_tier": "development" }
  }'

# 2. Execute the action
curl -X POST https://api.arqera.io/api/v1/protocol/execute \
  -H "X-API-Key: ak_live_7f3a9b2c..." \
  -H "Content-Type: application/json" \
  -d '{
    "node_id": "myapp.actions.notify",
    "action_id": "send",
    "payload": {
      "user_id": "usr_42",
      "message": "Your report is ready"
    }
  }'

TypeScript

Using the ARQERA SDK

import { Arqera } from "@arqera/sdk";

const client = new Arqera({
  apiKey: process.env.ARQERA_API_KEY,
  baseUrl: "https://api.arqera.io",
});

// Register a manifest
await client.protocol.manifest.create({
  manifest: {
    protocol_version: "1.0",
    node: {
      id: "myapp.actions.notify",
      name: "User Notification",
      version: "1.0.0",
      owner: "acme",
      category: "notification",
      endpoints: [{
        action_id: "send",
        description: "Send user notification",
        approval_required: false,
      }],
    },
  },
  registry: { listing_tier: "development" },
});

// Execute with governance
const result = await client.protocol.execute({
  node_id: "myapp.actions.notify",
  action_id: "send",
  payload: {
    user_id: "usr_42",
    message: "Your report is ready",
  },
});

console.log(result.receipt.trace_id);
// "tr_a1b2c3d4e5f6"
console.log(result.receipt.routing_decision.tier);
// "AUTO" — executed immediately

Start building with the ARQERA API

Create your free account, generate an API key, and execute your first governed action in minutes.

Get API Key Back to Docs