Developer API

Identity as an API.

REST with OpenAPI 3.1 contracts. Create entities, link identifiers, record lifecycle events, attach evidence, and reconstruct any record for any historical date.

Core endpoints · v1

Everything is an entity, an assertion, an event, or evidence.

Entities & identifiers

POST/v1/entities
GET/v1/entities/{id}
PATCH/v1/entities/{id}
POST/v1/entities/{id}/identifiers

Relationships & assertions

POST/v1/entities/{id}/relationships
GET/v1/entities/{id}/relationships
POST/v1/entities/{id}/assertions

Events & evidence

POST/v1/entities/{id}/events
GET/v1/entities/{id}/events
POST/v1/evidence
GET/v1/evidence/{id}

Records & history

GET/v1/entities/{id}/record
GET/v1/entities/{id}/record/history
GET/v1/entities/{id}/export

Example

Record a lifecycle event.

Every event carries effective time, recorded time, a reporting party, evidence references, and an idempotency key—so retries never duplicate history.

  • Append-only events are superseded, never edited
  • Every privileged action creates an audit event
  • Versioned schemas enable replayable projections
POST /v1/entities/019b8df2…/events
{
  "event_type": "software_updated",
  "effective_time": "2026-07-11T04:12:00Z",
  "reporting_party": "org:meridian-robotics",
  "detail": { "from": "4.2.0", "to": "4.2.1" },
  "evidence_refs": ["evd_8f31…"],
  "idempotency_key": "ota-8812-4.2.1"
}

Built to be depended on.

Tenant isolation

Scoped OAuth tokens, RBAC, and field-level access policy.

Idempotency

Safe retries on every write.

Audit correlation

Request and correlation IDs tie every change to its trail.

No broken links

Retired entities resolve to controlled tombstones.

Integrate where it supports the operational record.

API access and integration scope are agreed as part of a paid pilot or ongoing customer implementation.

Discuss a paid pilot