Base URL
Authentication
/decide, /rulesets/{id}/schema, /rulesets/{id}/explain) require no authentication. Safe to call client-side from a browser or mobile app.
Authoring endpoints (/projects/, /generate-and-test, /publish, /guidance) require an x-api-key header. Call from your server — never expose API keys to client-side code.
Get an API key →
Endpoint groups
Decision
Evaluate eligibility against a published ruleset. No auth required. Under 5ms.
POST /decideGET /rulesets/{id}/schemaGET /rulesets/{id}/explain
Projects
Author rules from source text using a test-driven workflow. API key required.
POST /projects/POST /projects/{id}/generate-and-testPOST /projects/{id}/publishPOST /projects/{id}/guidance
Rulesets
Inspect, list, and manage published rule rulesets.
GET /rulesets/GET /rulesets/{id}/schemaGET /rulesets/{id}/explainPATCH /rulesets/{id}/visibilityPOST /rulesets/{id}/archive
Rulebooks
Compose multiple section rulesets into a single rulebook with outcome logic.
POST /rulebooks/GET /rulebooks/{id}GET /rulebooks/{id}/schemaPOST /rulebooks/{id}/activatePOST /rulebooks/{id}/archive
Quick example
Response codes
| Code | Meaning |
|---|---|
200 | OK |
201 | Created (project or ruleset) |
202 | Accepted — generation queued, poll /status |
404 | Ruleset or project not found |
422 | Validation error — wrong field type, missing required field, invalid ruleset ID |
429 | Rate limit exceeded |
For higher-level interfaces — CLI, MCP server, Python SDK — see Which interface?. Select an endpoint from the sidebar to view its full parameter schema and example responses.