Platform API
The cross-cutting surface every product shares: identity, tenant configuration, and administration. These endpoints sit under the Trust Engine, Docs, and Capture products and handle who you are, which workspace you act in, and how that workspace is set up.
Overview
The Platform API is the common layer behind all Rasepi products. It covers sign-in and tenant selection, users and groups, tenant Trust API keys, workspace provisioning and plugins, admin configuration (languages, glossaries, style rules, taxonomy, notifications, review checklists, audit), and webhooks. Everything is tenant-scoped once you have selected a tenant.
Authentication
Most platform endpoints are user-scoped: they act as the signed-in user, so they use a normal user session or OAuth access token presented as a Bearer token. Machine integrations call /connect/token with their API key credentials to mint a token, then present that token the same way.
Authorization: Bearer <access token>
Sign-in starts at /auth/login/{provider} (OAuth), then the user picks a tenant with /auth/select-tenant. Tokens for API keys come from /connect/token using the client-credentials grant.
GET /auth/login/{provider}
Begin the OAuth sign-in flow for the given identity provider (for example microsoft or google). Redirects to the provider and back to the app once the user has authenticated.
GET /auth/tenants
List the tenants (workspaces) the authenticated user belongs to, so the client can offer a picker.
POST /auth/select-tenant
Select the active tenant for the session. Subsequent calls are scoped to that tenant. Send the tenant id in the body.
POST /connect/token
The OAuth token endpoint. Issues access tokens, including the client-credentials grant used by machine API keys. Use this to exchange an API key client id and secret for a Bearer token.
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<api key id>
&client_secret=<api key secret>
&scope=trust:evaluate trust:read
Users
Identity and membership for the current tenant. /users/me returns the signed-in user; the rest are tenant-admin operations.
| Method | Path | Description |
|---|---|---|
| GET | /users/me | The signed-in user's profile and tenant role. |
| GET | /users | List users in the current tenant. |
| PUT | /users/me/preferred-language | Set the current user's preferred UI language. |
| POST | /users/invite | Invite a user to the tenant by email. |
| DELETE | /users/{id} | Remove a user from the tenant. |
Groups
Tenant groups bundle users for sharing and access control. Members are managed through the membership endpoints.
| Method | Path | Description |
|---|---|---|
| GET | /groups | List groups in the current tenant. |
| POST | /groups | Create a group. |
| POST | /groups/{id}/members | Add a user to a group. |
| DELETE | /groups/{id}/members/{userId} | Remove a user from a group. |
POST /groups
{ "name": "Compliance reviewers" }
201 Created
{ "id": "2d4b…", "name": "Compliance reviewers", "memberCount": 0 }API Keys
Tenant Trust API keys authenticate machine clients against the Trust API. Create a key with the scopes it needs, then exchange it for a token at /connect/token. The secret is shown once at creation.
| Method | Path | Description |
|---|---|---|
| GET | /apikeys | List the tenant's API keys (metadata only, never the secret). |
| POST | /apikeys | Create a key with scopes trust:evaluate, trust:read, trust:usage. |
| DELETE | /apikeys/{id} | Revoke a key. Existing tokens stop working at expiry. |
POST /apikeys
{
"name": "CI evaluation key",
"scopes": ["trust:evaluate", "trust:read"]
}
201 Created
{
"id": "ak_8f31…",
"clientId": "ak_8f31…",
"clientSecret": "shown once — store it now",
"scopes": ["trust:evaluate", "trust:read"]
}These are tenant-level keys. App-bound keys that identify a specific AI application live in the Trust API's AI App Registry. See the Trust API.
Tenant
Provision a workspace and manage the plugins installed into it.
| Method | Path | Description |
|---|---|---|
| POST | /tenant/create | Provision a new workspace. |
| GET | /tenant/plugins/available | Plugins available to install into the tenant. |
| POST | /tenant/plugins/{id}/install | Install a plugin into the tenant. |
GET /plugins
List the plugins currently installed and active in the tenant.
Languages
Configure the languages content can be authored and translated into, and which one is the tenant default.
| Method | Path | Description |
|---|---|---|
| GET | /admin/languages | List configured languages. |
| POST | /admin/languages | Add a language. |
| PUT | /admin/languages/{code}/set-default | Set the tenant default language. |
Glossaries
Term glossaries steer translation. Sync pushes a glossary to DeepL so machine translation respects it.
| Method | Path | Description |
|---|---|---|
| GET | /admin/glossaries | List glossaries. |
| POST | /admin/glossaries | Create a glossary. |
| POST | /admin/glossaries/{id}/sync | Sync the glossary to DeepL. |
Style Rules
Tenant writing-style rules applied during authoring and AI assistance.
| Method | Path | Description |
|---|---|---|
| GET | /admin/style-rules | List style rules. |
| POST | /admin/style-rules | Create a style rule. |
Categories & Tags
The tenant taxonomy used to classify content. Tags support a typeahead search.
| Method | Path | Description |
|---|---|---|
| GET | /categories | List categories. |
| POST | /categories | Create a category. |
| GET | /tags | List tags. |
| POST | /tags | Create a tag. |
| GET | /tags/search?q= | Search tags by prefix. |
Notification Channels
Outbound channels (email, chat, webhook targets) the tenant delivers notifications to. Test sends a probe message.
| Method | Path | Description |
|---|---|---|
| GET | /notification-channels | List notification channels. |
| POST | /notification-channels | Create a channel. |
| POST | /notification-channels/{id}/test | Send a test notification. |
Review Checklists & Heuristics
Review checklists drive structured content review; block-type heuristics tune how content blocks are classified.
| Method | Path | Description |
|---|---|---|
| GET | /review-checklists | List review checklists. |
| POST | /review-checklists | Create a review checklist. |
| GET | /block-type-heuristics | List block-type heuristics. |
| POST | /block-type-heuristics | Create a block-type heuristic. |
GET /admin/audit
The tenant audit log: a record of administrative and security-relevant actions. Filterable by actor, action, and time range.
Webhooks
Register HTTP endpoints to receive tenant events. Each webhook subscribes to one or more event types.
| Method | Path | Description |
|---|---|---|
| GET | /webhooks | List registered webhooks. |
| POST | /webhooks | Register a webhook. |