Platform

Platform API

The cross-cutting surface every product shares: identity, tenant configuration, and administration. These endpoints sit under the Trust Engine, Docs, and Capture products and handle who you are, which workspace you act in, and how that workspace is set up.

Overview

The Platform API is the common layer behind all Rasepi products. It covers sign-in and tenant selection, users and groups, tenant Trust API keys, workspace provisioning and plugins, admin configuration (languages, glossaries, style rules, taxonomy, notifications, review checklists, audit), and webhooks. Everything is tenant-scoped once you have selected a tenant.

Authentication

Most platform endpoints are user-scoped: they act as the signed-in user, so they use a normal user session or OAuth access token presented as a Bearer token. Machine integrations call /connect/token with their API key credentials to mint a token, then present that token the same way.

Authorization: Bearer <access token>

Sign-in starts at /auth/login/{provider} (OAuth), then the user picks a tenant with /auth/select-tenant. Tokens for API keys come from /connect/token using the client-credentials grant.

GET /auth/login/{provider}

Begin the OAuth sign-in flow for the given identity provider (for example microsoft or google). Redirects to the provider and back to the app once the user has authenticated.

GET /auth/tenants

List the tenants (workspaces) the authenticated user belongs to, so the client can offer a picker.

POST /auth/select-tenant

Select the active tenant for the session. Subsequent calls are scoped to that tenant. Send the tenant id in the body.

POST /connect/token

The OAuth token endpoint. Issues access tokens, including the client-credentials grant used by machine API keys. Use this to exchange an API key client id and secret for a Bearer token.

POST /connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=<api key id>
&client_secret=<api key secret>
&scope=trust:evaluate trust:read

Users

Identity and membership for the current tenant. /users/me returns the signed-in user; the rest are tenant-admin operations.

MethodPathDescription
GET/users/meThe signed-in user's profile and tenant role.
GET/usersList users in the current tenant.
PUT/users/me/preferred-languageSet the current user's preferred UI language.
POST/users/inviteInvite a user to the tenant by email.
DELETE/users/{id}Remove a user from the tenant.

Groups

Tenant groups bundle users for sharing and access control. Members are managed through the membership endpoints.

MethodPathDescription
GET/groupsList groups in the current tenant.
POST/groupsCreate a group.
POST/groups/{id}/membersAdd a user to a group.
DELETE/groups/{id}/members/{userId}Remove a user from a group.
POST /groups

{ "name": "Compliance reviewers" }

201 Created
{ "id": "2d4b…", "name": "Compliance reviewers", "memberCount": 0 }

API Keys

Tenant Trust API keys authenticate machine clients against the Trust API. Create a key with the scopes it needs, then exchange it for a token at /connect/token. The secret is shown once at creation.

MethodPathDescription
GET/apikeysList the tenant's API keys (metadata only, never the secret).
POST/apikeysCreate a key with scopes trust:evaluate, trust:read, trust:usage.
DELETE/apikeys/{id}Revoke a key. Existing tokens stop working at expiry.
POST /apikeys

{
  "name": "CI evaluation key",
  "scopes": ["trust:evaluate", "trust:read"]
}

201 Created
{
  "id": "ak_8f31…",
  "clientId": "ak_8f31…",
  "clientSecret": "shown once — store it now",
  "scopes": ["trust:evaluate", "trust:read"]
}

These are tenant-level keys. App-bound keys that identify a specific AI application live in the Trust API's AI App Registry. See the Trust API.

Tenant

Provision a workspace and manage the plugins installed into it.

MethodPathDescription
POST/tenant/createProvision a new workspace.
GET/tenant/plugins/availablePlugins available to install into the tenant.
POST/tenant/plugins/{id}/installInstall a plugin into the tenant.

GET /plugins

List the plugins currently installed and active in the tenant.

Languages

Configure the languages content can be authored and translated into, and which one is the tenant default.

MethodPathDescription
GET/admin/languagesList configured languages.
POST/admin/languagesAdd a language.
PUT/admin/languages/{code}/set-defaultSet the tenant default language.

Glossaries

Term glossaries steer translation. Sync pushes a glossary to DeepL so machine translation respects it.

MethodPathDescription
GET/admin/glossariesList glossaries.
POST/admin/glossariesCreate a glossary.
POST/admin/glossaries/{id}/syncSync the glossary to DeepL.

Style Rules

Tenant writing-style rules applied during authoring and AI assistance.

MethodPathDescription
GET/admin/style-rulesList style rules.
POST/admin/style-rulesCreate a style rule.

Categories & Tags

The tenant taxonomy used to classify content. Tags support a typeahead search.

MethodPathDescription
GET/categoriesList categories.
POST/categoriesCreate a category.
GET/tagsList tags.
POST/tagsCreate a tag.
GET/tags/search?q=Search tags by prefix.

Notification Channels

Outbound channels (email, chat, webhook targets) the tenant delivers notifications to. Test sends a probe message.

MethodPathDescription
GET/notification-channelsList notification channels.
POST/notification-channelsCreate a channel.
POST/notification-channels/{id}/testSend a test notification.

Review Checklists & Heuristics

Review checklists drive structured content review; block-type heuristics tune how content blocks are classified.

MethodPathDescription
GET/review-checklistsList review checklists.
POST/review-checklistsCreate a review checklist.
GET/block-type-heuristicsList block-type heuristics.
POST/block-type-heuristicsCreate a block-type heuristic.

GET /admin/audit

The tenant audit log: a record of administrative and security-relevant actions. Filterable by actor, action, and time range.

Webhooks

Register HTTP endpoints to receive tenant events. Each webhook subscribes to one or more event types.

MethodPathDescription
GET/webhooksList registered webhooks.
POST/webhooksRegister a webhook.