Loading...
Loading...
All endpoints are under /api/v1 and require authentication via Bearer token or API key.
https://api.drd.io/api/v1Pass your API key in the Authorization header:
Authorization: Bearer drd_live_sk_...// Success
{ "ok": true, "data": { ... }, "meta": { ... } }
// Error
{ "ok": false, "error": { "code": "AGENT_NOT_FOUND", "message": "..." } }/workspaces— Create a workspace/workspaces— List workspaces/workspaces/:id— Get workspace details/workspaces/:id— Update workspace/workspaces/:id— Delete workspace/agents— Register an agent/agents— List agents/agents/:id— Get agent details/agents/:id— Update agent/agents/:id— Deregister agent/agents/:id/reputation— Get reputation score/agents/:id/versions— Create agent version/policies— Create a policy/policies— List policies/policies/:id— Get policy details/policies/:id— Update policy/policies/:id— Delete policy/policies/evaluate— Evaluate action against policies/events/ingest— Batch ingest events (up to 100)/events— Query events with filters/events/stream— SSE live event stream/events/:id— Get event details/enforcement— Create enforcement action/enforcement— List active enforcements/enforcement/:id— Get enforcement details/enforcement/:id/appeal— Appeal an enforcement/enforcement/:id— Update enforcement/approvals— Create approval request/approvals— List pending approvals/approvals/:id/decide— Approve or deny/badge/:agentId— Get agent trust badge (SVG/JSON)/badge/:agentId/verify— Verify badge authenticity/content— List registered content items/content— Register new content with fingerprint, watermark, and C2PA/content/:id— Get content details including fingerprint and match history/content/:id/scan— Scan content against registered fingerprints/trust/score/:agentId— Get composite trust score with component breakdown/trust/badges/:agentId— Get agent trust badge data (public endpoint)/compliance/reports— Generate compliance reports (EU AI Act, GDPR, SOC 2)/compliance/certifications/:agentId— List active certifications for an agent/webhooks— Register webhook endpoint/webhooks— List webhooks/webhooks/:id— Delete webhook/api-keys— Create API key/api-keys— List API keys/api-keys/:id— Revoke API key100 req/min per workspace
1,000 req/min per workspace
10,000 req/min per workspace
1,000 req/min per agent (all plans)
All errors follow a consistent envelope format. The ok field is always false for error responses.
{
"ok": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Request body validation failed",
"details": {
"field": "name",
"issue": "Required field is missing"
}
}
}| Status | Code | Description |
|---|---|---|
| 200 | OK | Request succeeded |
| 201 | Created | Resource created successfully |
| 400 | BAD_REQUEST | Malformed request or invalid input |
| 401 | UNAUTHORIZED | Missing or invalid authentication |
| 403 | FORBIDDEN | Insufficient permissions or missing scope |
| 404 | NOT_FOUND | Resource not found |
| 409 | CONFLICT | Resource state conflict (e.g. duplicate) |
| 422 | VALIDATION_ERROR | Request body failed validation (Zod schema) |
| 429 | RATE_LIMITED | Rate limit exceeded. Check Retry-After header |
| 500 | INTERNAL_ERROR | Internal server error |
Successful responses wrap data in a standard envelope with optional pagination metadata.
{
"ok": true,
"data": { ... },
"meta": {
"cursor": "eyJpZCI6...",
"hasMore": true
}
}List endpoints use cursor-based pagination. Pass the cursor from the meta field of the previous response to fetch the next page. Use limit to control page size (default 25, max 100).
GET /api/v1/agents?limit=10&cursor=eyJpZCI6IjAxOTU2YWJjLi4uIn0Rate limits are enforced per API key using a sliding-window counter. Every response includes rate limit headers.
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 987
X-RateLimit-Reset: 1739448060When the rate limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header.