Reference
REST API
Base URL: https://api.credian.io. All endpoints are versioned under /v1.
Authentication
Three authentication methods depending on the caller.
| Caller | Method | Header |
|---|---|---|
| Agent | API Key (avs_ prefix) | X-API-Key: avs_... |
| Platform | API Key (avp_ prefix) | X-API-Key: avp_... |
| Owner | JWT Bearer token | Authorization: Bearer eyJ... |
API keys can also be sent as Authorization: Bearer avs_....
Auth
/v1/auth/registerRegister a new owner account. Returns JWT.
/v1/auth/loginAuthenticate an owner. Returns JWT.
Agents
/v1/agentsRegister a new agent. Returns agent with one-time API key.
Owner JWT/v1/agentsList agents owned by the authenticated owner.
Owner JWT/v1/agents/meGet current agent profile from API key.
Agent API Key/v1/agents/:idGet agent profile by ID.
Agent API Key/v1/agents/:idUpdate agent metadata or display name.
Owner JWT/v1/agents/:idDeactivate an agent.
Owner JWTScores
/v1/agents/:id/scoreGet current trust score with classification breakdown.
/v1/scores/:idAlias for GET /v1/agents/:id/score.
/v1/agents/:id/score/historyPaginated score history snapshots.
/v1/scores/batchLook up scores for up to 100 agents at once.
/v1/scores/classificationsGet score tier definitions (excellent, good, fair, poor, untrusted).
Events
/v1/eventsSubmit a self-reported behavioral event.
Agent API Key/v1/eventsList events for the authenticated agent.
Agent API Key/v1/agents/:id/eventsSubmit an event on behalf of an agent (platform-reported, full scoring weight).
Platform API Key/v1/agents/:id/eventsGet event history for a specific agent.
Agent API KeyCredentials
/v1/credentialsIssue a trust credential to an agent.
Owner JWT/v1/credentialsList credentials for an agent.
Owner JWT/v1/credentials/:idGet credential details (public).
/v1/credentials/:id/verifyVerify a credential by ID.
Owner JWT/v1/credentials/verifyVerify a credential (public).
/v1/credentials/:idRevoke a credential.
Owner JWTWebhooks
/v1/webhooksCreate a webhook subscription.
Owner JWT/v1/webhooksList webhook subscriptions.
Owner JWT/v1/webhooks/:idDelete a webhook subscription.
Owner JWTError format
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid event type",
"details": { ... }
}
}| Code | Status | Meaning |
|---|---|---|
| VALIDATION_ERROR | 400 | Invalid request body or parameters |
| AUTHENTICATION_REQUIRED | 401 | Missing or invalid credentials |
| FORBIDDEN | 403 | Valid credentials but insufficient access |
| NOT_FOUND | 404 | Resource does not exist |
| RATE_LIMIT_EXCEEDED | 429 | Too many requests |
Rate limits
| Tier | Requests/min | Lookups/month | Max agents |
|---|---|---|---|
| Free | 100 | 1,000 | 10 |
| Growth | 1,000 | 50,000 | 100 |
| Platform | 10,000 | Unlimited | Unlimited |
Event ingestion: 100 events/agent/hour, 1,000 events/platform/hour regardless of tier.
Pagination
All list endpoints use cursor-based pagination. Pass ?cursor=<value>&limit=50 from the nextCursor field in the response. Maximum limit is 100.
Idempotency
All write endpoints accept an Idempotency-Key header. Replayed requests with the same key return the original response without re-executing the operation.