API Reference
The AEGIS platform exposes a REST and GraphQL API for governance operations, policy management, audit queries, and system administration. This API is the programmatic interface consumed by the AEGIS SDK and third-party integrations.
Base URL
https://api.aegissystems.live/api/v1/All API routes are versioned under /api/v1/. OpenAPI specifications are maintained in the aegis-platform repository.
Authentication
All API requests require authentication. The platform supports:
| Method | Use Case |
|---|---|
| API Key | Server-to-server integrations, SDK usage |
| Bearer Token (JWT) | User sessions, dashboard interactions |
| Mutual TLS | High-security deployments, service mesh integrations |
API keys are provisioned through the operator dashboard at aegissystems.live. Include the key in the Authorization header:
Authorization: Bearer <your-api-key>Core Endpoints
Governance
| Method | Path | Description |
|---|---|---|
POST | /api/v1/governance/propose | Submit an action proposal for governance evaluation |
GET | /api/v1/governance/decisions/:id | Retrieve a specific governance decision by ID |
GET | /api/v1/governance/decisions | List recent governance decisions (paginated) |
Capabilities
| Method | Path | Description |
|---|---|---|
GET | /api/v1/capabilities | List registered capabilities |
POST | /api/v1/capabilities | Register a new capability |
GET | /api/v1/capabilities/:id | Get capability details |
Policies
| Method | Path | Description |
|---|---|---|
GET | /api/v1/policies | List active policies |
POST | /api/v1/policies | Create a new policy |
PUT | /api/v1/policies/:id | Update an existing policy |
Audit
| Method | Path | Description |
|---|---|---|
GET | /api/v1/audit/log | Query the audit log (paginated, filterable) |
GET | /api/v1/audit/log/:decision_id | Get full audit trail for a specific decision |
Response Format
All responses use JSON. Governance decisions follow a consistent structure:
{
"decision_id": "dec_abc123",
"outcome": "ALLOW",
"reason": "Policy 'default-allow-read' matched",
"risk_score": 0.12,
"constraints": {},
"timestamp": "2026-03-23T12:00:00Z"
}Rate Limits
API rate limits are configured per API key and depend on the subscription tier. Rate limit headers are included in every response:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 997
X-RateLimit-Reset: 1711195200SDKs
Rather than calling the API directly, most integrations should use the official SDKs:
The SDKs handle authentication, retries, error handling, and response parsing.
Further Reading
- Governance Endpoint — Detailed documentation for the governance proposal endpoint
- Authentication — Full authentication guide
- Audit API — Querying the audit log
Note: The AEGIS platform API is under active development. Endpoint signatures may evolve as the platform approaches general availability. See the aegis-platform repository for current status.