Docs / API Reference

API Reference

The LogiRoot governance API is REST-over-HTTPS. The full machine-readable OpenAPI 3.1 specification is published at /openapi.json on each API host. This page summarizes the endpoints customers use most.

Authentication

All requests require an X-API-Key header containing the API key issued at fulfillment.

Base URL

https://api.logirootai.com

Endpoints

POST /v1/governance/evaluate

Evaluate a single AI tool call against the configured policy framework. Returns a decision and a compliance receipt.

Request
{
  "tool_name": "send_email",
  "args":      { ... arbitrary JSON ... },
  "context":   { "session_id": "...", "actor": "..." }
}

Response
{
  "decision":     "APPROVE" | "REJECT" | "ESCALATE",
  "policy_ids":   [ "..." ],
  "receipt_id":   "...",
  "evaluated_at": "2026-04-25T18:00:00Z"
}

POST /v1/governance/simulate

Run a policy check without producing a billed action or persisted receipt. Useful for testing policy changes against historical inputs.

GET /v1/governance/receipts/{receipt_id}

Retrieve a persisted compliance receipt by id. Returns the metadata, decision, policies that fired, and the verifier signature material.

GET /health

Service health probe. Returns provider availability and basic counters. Unauthenticated.

Errors

Standard HTTP status codes. Error bodies are { "detail": "..." }. 401 means missing or invalid API key. 403 means valid key but insufficient entitlement. 429 means tier quota exceeded.

Rate limits

Tier quotas are enforced at the dimension level (Actions, Simulations, ActiveTenants) and reset on the AWS Marketplace billing cycle. Exceeding a quota returns 429 with Retry-After.

For the full machine-readable spec, fetch /openapi.json from your provisioned API host.