API Reference

Interface with Authority.

Programmatic execution control and cryptographic verification via REST. Standardized JSON payloads, Ed25519 signatures, and deterministic responses.

Authentication

The public authority surface (discovery, verification helpers) is unauthenticated. API keys are required only for the private execution gateway - include them in the authorization header.

HTTP - execution gateway only

Authorization: Bearer tg_live_...

Environments

Public authority endpoints are served from trigguardai.com without credentials. The private execution gateway (api.trigguardai.com) requires an API key and is provisioned on request.

Surface	Base URL	Auth
Public authority	`https://trigguardai.com`	None
Execution gateway	`https://api.trigguardai.com/v1`	Bearer key

POST /execute

Execution Authorization

The primary authorization hook. Submit an execution request to the Gate and receive a PERMIT, DENY, or SILENCE decision with a signed receipt.

JSON Request

{
  "surface_id": "sur_827f",
  "action": "TRANSFER",
  "payload": { "amount": 5000, "currency": "USD" },
  "context": { "user_id": "usr_9912" }
}

POST /protocol/verify-receipt

Receipt Verification

Stateless shape verification of a TrigGuard receipt - checks that the decision and timestamp fields are present. No credentials required. For full Ed25519 signature verification use POST /protocol/verify-signature or the offline CLI.

Canonical path Prefer offline verification via /.well-known/trigguard-keys.json + the trigguard verify-receipt CLI or the /verify tool. No callback to TrigGuard is required after a receipt is issued.

Error Codes

Code	Status
401	Unauthorized
403	Policy Violation
429	Rate Limited

Rate Limits

Standard tier limits ensure authority availability.

5,000 req/min Burst capacity allowed up to 10k for enterprise accounts.

Official SDKs

Native implementations for secure execution governance.

Python Node.js Go Rust