The ARIAA public API.

Why a rate-limited public API

Institutions that evaluate ARIAA want to integrate verdicts into their own systems — alerting, war-rooms, decision cockpits, Slack and Teams surfaces, IR workflows. They also want to prove to themselves that the wire format is stable and the platform is real before committing to a pilot. The public API exists for those reasons. It is explicitly rate-limited to prevent bulk extraction and is not a substitute for the full platform.

Authentication

Two auth modes, both carried over HTTPS with TLS 1.3:

• API key — header X-API-Key. SHA-256 hashed at rest. Rotate via the console; all rotations audit-logged.
• Bearer JWT — header Authorization: Bearer <token>. RS256-signed. Use JWT when you need per-user scoping; use API keys for machine-to- machine.

Base URL and versioning

Base: https://api.ariaa.ai/v1. Versioning is via URL segment — we will publish /v2 before deprecating /v1 and keep the older version available for at least 12 months after deprecation notice.

Rate limits (free tier)

• 60 requests per minute, burst of 120, enforced per API key.
• 10,000 requests per month across the key.
• Response header X-RateLimit-Remaining on every call.
• When the limit is hit, we return 429 Too Many Requests with Retry-After.

Paid tiers lift the limits and add webhooks, larger request bodies, and customer-scoped domain packs. Contact sales for limits.

Core endpoints (wire format)

The full OpenAPI spec is not published publicly — it is delivered to authenticated customers on request. The essentials below are stable and documented for integration planning.

Feasibility verdict

POST /v1/feasibility/analyses — request a verdict for a decision domain with current state and target bounds.

Request includes domainConfigId, state (object), targetSet (bounds), and optional analysisTypes. Response includes verdict (feasible / infeasible / marginal), margin (percent), confidence (0–1), assumptions, and a correlationId you can quote back in a support ticket.

Ask ARIAA

POST /v1/ask — natural-language query against the solver. Returns a parsed structured query, the solver verdict, a template- explained summary, and suggested follow-ups.

Signals

POST /v1/signal-intel/ingest — push a structured signal into your tenant's feed. GET /v1/signal-intel/readings — pull recent readings with filters.

Calibration

GET /v1/calibration/metrics — aggregate Brier score, verdict accuracy, and verdict-class breakdown. Use this to self-audit the platform against your own record before you operationalise.

Webhooks

Paid-tier customers receive HMAC-SHA256 signed webhooks on: feasibility.verdict_ready, signal.threshold_breached, calibration.recorded, and domain.activated. Verify the X-ARIAA-Signature header with your webhook secret. We retry with exponential backoff up to 24 hours.

SDKs

TypeScript and Python SDKs are generated from our internal OpenAPI spec and distributed to authenticated customers through private package registries. The SDKs wrap auth, retries, and typed responses; they do not embed engine logic. Contact sales for distribution credentials.

What we don't ship

• Solver source code (closed-source forever).
• Domain-pack internals (YAML specs are private to each customer).
• Training corpora or calibration records in bulk.
• Self-hostable server images outside contracted on-prem deployments.

Request API credentials →