Skip to main content
If you’re using a language Inviolet doesn’t ship an SDK for (yet), or want fine-grained control, the REST API is fully documented.

Authentication

Authorization: Bearer <INVIOLET_API_KEY>

Evaluate an intent

POST /v1/intents/evaluate
Content-Type: application/json

{
  "user_id": "user_2pX9...",
  "tool_name": "lookup_customer",
  "tool_input": { "customer_id": "12345" },
  "context": {
    "session_id": "sess_2pX9...",
    "purpose_hint": "customer_support_lookup"
  }
}

Response

{
  "outcome": "allow",
  "purpose": {
    "id": "customer_support_lookup",
    "elements": ["customer.name", "customer.email", "customer.order_history"]
  },
  "intent_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_at": "2026-04-26T12:30:00Z"
}
Possible outcome values:
  • allow — proceed with the call; use the intent_token for downstream systems
  • deny — call rejected; see reason field for details
  • approval_required — human approval needed; use the approval_id to poll status

Verify an intent token

POST /v1/intents/verify
Content-Type: application/json

{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
Returns the decoded claims or a structured error.

Decision feed

GET /v1/decisions?since=2026-04-25T00:00:00Z&limit=100
Returns paginated decision-feed entries.

Full OpenAPI spec

A full OpenAPI 3.1 spec is published at gateway.inviolet.ai/openapi.json. Use it to auto-generate clients in any language.