Enterprise API — v1
The v1 enterprise API enables contracted organisations to create governed case intake records, retrieve case summaries, and read the provenance chain — programmatically. Access requires an enterprise API key, issued by agreement.
API boundary. API responses expose structured records from the governed case registry. No response constitutes legal, financial, investment, or professional advice. Case summaries and provenance records reflect submitted evidence only — they are not independently audited or certified.
Authentication
All v1 endpoints require an enterprise API key passed in the x-api-key request header. Keys are issued by Abraham of London upon enterprise agreement. Keys are SHA-256 hashed at rest — they cannot be recovered after issuance.
POST /api/v1/cases HTTP/1.1
Host: abrahamoflondon.com
x-api-key: aol_live_your_enterprise_key_here
Content-Type: application/jsonRate limit: 60 requests/minute per key. Exceeding this returns HTTP 429. Keys can be revoked at any time. Contact us to rotate or revoke keys.
Endpoint
Creates a governed case intake record. The case is registered in the governed case registry with a stable caseId. No analysis is run at intake — a governed finding requires a human-initiated assessment session.
REQUEST BODY
| title* | string | Short label for the case (max 200 chars) |
| decisionText* | string | Plain-language description of the decision or issue (max 4000 chars) |
| constraintText | string | Known constraints on the decision |
| costOfDelayText | string | Commercial or operational cost of inaction |
| stakeholderText | string | Key stakeholders involved |
| externalRef | string | Your reference ID for this case (returned in summary) |
| subjectEmail | string | Email of the subject (stored encrypted, not exposed in API) |
| organisation | string | Organisation name |
// Example request
{
"title": "Q3 resource allocation decision",
"decisionText": "Whether to reallocate engineering capacity from Platform to Growth for Q3.",
"constraintText": "Platform team committed to two critical compliance deliverables by end of Q3.",
"costOfDelayText": "Growth roadmap delay estimated at 6 weeks per month of inaction.",
"externalRef": "JIRA-4821"
}RESPONSE — 201 Created
{
"ok": true,
"caseId": "tz4k8m2nq1f9r5p0",
"message": "Governed case intake record created. ...",
"summaryUrl": "/api/v1/cases/tz4k8m2nq1f9r5p0/summary",
"provenanceUrl": "/api/v1/cases/tz4k8m2nq1f9r5p0/provenance"
}Endpoint
Returns a client-safe structured summary of the governed case record. Includes decision objects, evidence nodes, stage count, and record timestamps. Only accessible for cases created via the enterprise API by the calling key.
// Example response
{
"ok": true,
"caseId": "tz4k8m2nq1f9r5p0",
"status": "active",
"diagnosticType": "api_intake",
"organisation": "Acme Corp",
"decisionObjects": [
{
"decisionText": "Whether to reallocate engineering capacity...",
"constraintText": "Platform team committed to two critical...",
"costOfDelayText": "Growth roadmap delay estimated at 6 weeks...",
"stakeholderText": null,
"affectedDomain": null,
"confidence": 0.5,
"recordedAt": "2026-05-16T09:00:00.000Z"
}
],
"evidenceNodes": [],
"stageCount": 0,
"createdAt": "2026-05-16T09:00:00.000Z",
"updatedAt": "2026-05-16T09:00:00.000Z",
"boundaryNote": "This summary reflects evidence submitted to the governed case record. ..."
}Endpoint
Returns the ordered chronological chain of nodes that constitute the governed record of this case — stage records, evidence nodes, and decision objects. Each node includes its kind, source stage, summary, confidence, and creation timestamp. No PII is exposed.
// Example response (abbreviated)
{
"ok": true,
"caseId": "tz4k8m2nq1f9r5p0",
"totalNodes": 3,
"chain": [
{
"nodeId": "cm4a...",
"kind": "decision",
"sourceStage": "api_intake_v1",
"label": "Decision record",
"summary": "Whether to reallocate engineering capacity from Platform to Growth...",
"confidence": 0.5,
"recordedAt": "2026-05-16T09:00:00.000Z"
}
],
"integrityNote": "Each node in this chain represents a discrete governed record event. ...",
"boundaryNote": "This provenance record is produced from user-submitted and system-recorded data. ..."
}Error reference
| HTTP | code | Description |
|---|---|---|
| 401 | — | Missing, malformed, or invalid x-api-key header |
| 400 | VALIDATION_ERROR | Required fields missing or exceeding limits |
| 400 | INVALID_BODY | Request body could not be parsed as JSON |
| 403 | ACCESS_DENIED | API key valid, but not authorised for this resource |
| 404 | NOT_FOUND | Case does not exist |
| 405 | — | HTTP method not allowed on this endpoint |
| 429 | — | Rate limit exceeded (60 req/min per key) |
| 500 | INTERNAL_ERROR | Server-side failure — contact support |
Access
Enterprise API access is not self-serve. Keys are issued to contracted organisations following a brief onboarding call. To request access, contact us with a description of your integration use case.
Request enterprise access