Docs

API and webhook guide.

How integrations should authenticate, send idempotent requests, subscribe to events, and recover from failures.

Authentication

Keys and sessions must be scoped.

API keys

Scopes

Reveal once

Revocation

Tenant ID

Audit

Requests that affect business state need validation.

Idempotency

Validation errors

Rate limits

JSON payloads

Status codes

Retries

Event delivery should be verifiable and recoverable.

Signed payload

Delivery log

Retry policy

Event types

Endpoint status

Failures