v1.0

TRST RESTful API

Download OpenAPI Document

JSON

Download OpenAPI Document

YAML

RESTful API for application and project management. Used for querying data, managing projects, members, and accessing analytics.

Contact

support@trstinc.ca

Servers

https://api.prod.trstinc.ca/v1

---

Org: API Keys

Operations

GET/organization/{org_id}/api-keysPOST/organization/{org_id}/api-keysDELETE/organization/{org_id}/api-keys/{key_id}

---

List Organization API Keys

GET

/organization/{org_id}/api-keys

Returns all API keys for the organization, including:

• Organization-wide keys
• Project-scoped keys

Note: Plaintext keys are never included in list responses.

Authentication: Requires Firebase token (organization admin only)

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

Parameters

Path Parameters

org_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

[

{

"id": "string",

"prefix": "string",

"organization_id": "string",

"name": "string",

"created_by_user_id": "string",

"project_ids": [

"string"

],

"created_at": "string",

"last_used_at": "string",

"revoked_at": "string"

}

]

GET

/organization/{org_id}/api-keys

Playground

Authorization

FirebaseAuth

Variables

Key

Value

org_id*

Samples

---

Create Organization API Key

POST

/organization/{org_id}/api-keys

Creates a new API key for the organization. The key can be:

• Organization-wide: Set project_ids to null (can access all projects)
• Project-scoped: Set project_ids to an array of project UUIDs

IMPORTANT: The plaintext API key is only shown once in the response!
Make sure to save it securely - it cannot be retrieved again.

Authentication: Requires Firebase token (organization admin only)

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

Parameters

Path Parameters

org_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"name": "string",

"project_ids": [

"string"

]

}

Responses

Content-Type

application/json; charset=utf-8

{

"id": "string",

"prefix": "string",

"name": "string",

"key": "string",

"project_ids": [

"string"

],

"created_at": "string"

}

POST

/organization/{org_id}/api-keys

Playground

Authorization

FirebaseAuth

Variables

Key

Value

org_id*

Body

Samples

---

Revoke Organization API Key

DELETE

/organization/{org_id}/api-keys/{key_id}

Revokes (soft deletes) an API key. The key will immediately stop working.
This operation cannot be undone.

Authentication: Requires Firebase token (organization admin only)

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

Parameters

Path Parameters

org_id*

Typestring

Required

Format"uuid"

key_id*

Typestring

Required

Format"uuid"

Responses

DELETE

/organization/{org_id}/api-keys/{key_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

org_id*

key_id*

Samples

---

Projects: API Keys

Operations

GET/projects/{project_id}/api-keysPOST/projects/{project_id}/api-keys

---

List Project API Keys

GET

/projects/{project_id}/api-keys

Returns all API keys that can access this project, including:

• Organization-wide keys
• Keys specifically scoped to this project

Note: Plaintext keys are never included in list responses.

Authentication: Requires Firebase token (organization admin only)

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

[

{

"id": "string",

"prefix": "string",

"organization_id": "string",

"name": "string",

"created_by_user_id": "string",

"project_ids": [

"string"

],

"created_at": "string",

"last_used_at": "string",

"revoked_at": "string"

}

]

GET

/projects/{project_id}/api-keys

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Samples

---

Create Project-Scoped API Key

POST

/projects/{project_id}/api-keys

Creates a new API key scoped to THIS project only.
The key will not be able to access other projects in the organization.

IMPORTANT: The plaintext API key is only shown once in the response!
Make sure to save it securely - it cannot be retrieved again.

Authentication: Requires Firebase token for an organization admin

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"name": "string"

}

Responses

Content-Type

application/json; charset=utf-8

{

"id": "string",

"prefix": "string",

"name": "string",

"key": "string",

"project_ids": [

"string"

],

"created_at": "string"

}

POST

/projects/{project_id}/api-keys

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Body

Samples

---

Projects: Biometrics

Operations

POST/projects/{project_id}/biometrics/identifyPOST/projects/{project_id}/biometrics/enroll

---

Identify User by Palm Biometric

POST

/projects/{project_id}/biometrics/identify

Identifies a user by their palm biometric data and returns their member_id.
This endpoint only works for tenant-managed environments.

Authorizations

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"palm": {

"identify_capture": "string",

"silhouette": "string",

"palm_position": {

"x": 0,

"y": 0,

"z": 0,

"pitch": 0,

"roll": 0,

"yaw": 0

}

}

}

Responses

Content-Type

application/json; charset=utf-8

{

"status": "Found",

"member_id": "string",

"match_score": 0

}

POST

/projects/{project_id}/biometrics/identify

Playground

Authorization

ApiKeyAuth

Variables

Key

Value

project_id*

Body

Samples

---

Enroll Member's Palm Biometric

POST

/projects/{project_id}/biometrics/enroll

Enrolls a member's palm biometric data in the biometric system.
This endpoint only works for tenant-managed environments.

Authorizations

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"member_id": "string",

"left_hand": {

"enroll_capture": "string",

"identify_capture": "string",

"silhouette": "string",

"palm_position": {

"x": 0,

"y": 0,

"z": 0,

"pitch": 0,

"roll": 0,

"yaw": 0

}

},

"right_hand": {

"enroll_capture": "string",

"identify_capture": "string",

"silhouette": "string",

"palm_position": {

"x": 0,

"y": 0,

"z": 0,

"pitch": 0,

"roll": 0,

"yaw": 0

}

}

}

Responses

Content-Type

application/json; charset=utf-8

{

"member_id": "string"

}

POST

/projects/{project_id}/biometrics/enroll

Playground

Authorization

ApiKeyAuth

Variables

Key

Value

project_id*

Body

Samples

---

Projects: Device Management

Operations

GET/projects/{project_id}/devicesPOST/projects/{project_id}/device/android/complete_registrationPATCH/device/{device_id}

---

List Devices

GET

/projects/{project_id}/devices

Returns a paginated list of devices for the project.

Pagination:

• page: Page number (minimum 1)
• per_page: Results per page (minimum 10, maximum 100)

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Query Parameters

page*

Typeinteger

Required

Format"uint32"

Minimum1

per_page*

Typeinteger

Required

Format"uint32"

Maximum100

Minimum10

Responses

Content-Type

application/json; charset=utf-8

{

"devices": [

{

"id": "string",

"name": "string",

"address_city": "string",

"address_state": "string",

"address_country": "string",

"last_auth_at": "string",

"last_activity_at": "string",

"mode": "string",

"hardware_platform": "string",

"enabled": true

}

],

"total": 0

}

GET

/projects/{project_id}/devices

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

page*

per_page*

Samples

---

Complete Android terminal registration

POST

/projects/{project_id}/device/android/complete_registration

Connect a proto-terminal to a merchant using the registration code.
Requires Firebase authentication. Merchant must be in a sandbox.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"registration_code": "string",

"device_name": "string",

"device_mode": "string"

}

Responses

Content-Type

application/json; charset=utf-8

{

}

POST

/projects/{project_id}/device/android/complete_registration

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Body

Samples

---

Update device properties

PATCH

/device/{device_id}

Update properties of a device such as name and enabled status. Requires authentication and access to the device.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

device_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"name": "string",

"enabled": true

}

Responses

Content-Type

application/json; charset=utf-8

{

"id": "string",

"name": "string",

"address_city": "string",

"address_state": "string",

"address_country": "string",

"last_auth_at": "string",

"last_activity_at": "string",

"mode": "string",

"hardware_platform": "string",

"enabled": true

}

PATCH

/device/{device_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

device_id*

Body

Samples

---

Projects: Device Enrollment Management

Operations

POST/devices/{device_id}/enroll/member/startGET/devices/{device_id}/enroll/statusPOST/devices/{device_id}/enroll/statusDELETE/devices/{device_id}/enroll/cancel

---

Start Member Enrollment

POST

/devices/{device_id}/enroll/member/start

Initiates a palm enrollment session for a member on a specific device.
The device polling should have it immediately start accepting the end-users
palm for enrollment.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

device_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"member_id": "string"

}

Responses

Content-Type

application/json; charset=utf-8

{

"device_id": "string",

"session": {

"enroll_id": "string",

"state": "string",

"nbf": 0,

"iat": 0,

"exp": 0,

"user_id": "string",

"challenge": "string",

"mobile_challenge_response": true,

"terminal_challenge_response": true

}

}

POST

/devices/{device_id}/enroll/member/start

Playground

Authorization

FirebaseAuth

Variables

Key

Value

device_id*

Body

Samples

---

Get Enrollment Status

GET

/devices/{device_id}/enroll/status

Returns the current enrollment session for a device, if any.

Query Parameters:

• session_id (optional): Filter by specific session ID

Returns:

• Active session if one exists
• None if no active session or session_id doesn't match

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

device_id*

Device UUID

Typestring

Required

Format"uuid"

Query Parameters

session_id

Optional session ID to filter by

Typestring

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

{

"session": {

"enroll_id": "string",

"state": "string",

"nbf": 0,

"iat": 0,

"exp": 0,

"user_id": "string",

"challenge": "string",

"mobile_challenge_response": true,

"terminal_challenge_response": true

}

}

GET

/devices/{device_id}/enroll/status

Playground

Authorization

FirebaseAuth

Variables

Key

Value

device_id*

session_id

Samples

---

Poll Enrollment Status

POST

/devices/{device_id}/enroll/status

Polls the given enrollment session for updates. This requires an existing
enrollment session to be available from the device.

Returns:

• An updated enrollment session, if one is avaialble
• None If the device has a new active session or the session is removed

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

device_id*

Device UUID

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"session": {

"enroll_id": "string",

"state": "string",

"nbf": 0,

"iat": 0,

"exp": 0,

"user_id": "string",

"challenge": "string",

"mobile_challenge_response": true,

"terminal_challenge_response": true

}

}

Responses

Content-Type

application/json; charset=utf-8

{

"session": {

"enroll_id": "string",

"state": "string",

"nbf": 0,

"iat": 0,

"exp": 0,

"user_id": "string",

"challenge": "string",

"mobile_challenge_response": true,

"terminal_challenge_response": true

}

}

POST

/devices/{device_id}/enroll/status

Playground

Authorization

FirebaseAuth

Variables

Key

Value

device_id*

Body

Samples

---

Cancel Enrollment

DELETE

/devices/{device_id}/enroll/cancel

Cancels the active enrollment session on a device. The session id must be provided
to ensure another session is not accidentally cancelled.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

device_id*

Device UUID

Typestring

Required

Format"uuid"

Query Parameters

session_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

{

"enroll_id": "string",

"state": "string",

"nbf": 0,

"iat": 0,

"exp": 0,

"user_id": "string",

"challenge": "string",

"mobile_challenge_response": true,

"terminal_challenge_response": true

}

DELETE

/devices/{device_id}/enroll/cancel

Playground

Authorization

FirebaseAuth

Variables

Key

Value

device_id*

session_id*

Samples

---

Projects: Members

Operations

GET/projects/{project_id}/membersPOST/projects/{project_id}/membersGET/projects/{project_id}/members/{member_id}PUT/projects/{project_id}/members/{member_id}DELETE/projects/{project_id}/members/{member_id}

---

List Members

GET

/projects/{project_id}/members

Returns all members associated with the project.

Permissions: Only allowed for tenant managed environments

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

[

{

"member_id": "string",

"display_name": "string",

"metadata": "string",

"created_at": "string",

"updated_at": "string",

"palm_templates_enrolled": 0,

"last_enrolled_at": "string",

"last_used_at": "string"

}

]

GET

/projects/{project_id}/members

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Samples

---

Create Member

POST

/projects/{project_id}/members

Creates a new member for the project.

Permissions: Only allowed for tenant managed environments

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"display_name": "string",

"metadata": null

}

Responses

Content-Type

application/json; charset=utf-8

{

"member_id": "string",

"display_name": "string",

"metadata": "string",

"created_at": "string",

"updated_at": "string",

"palm_templates_enrolled": 0,

"last_enrolled_at": "string",

"last_used_at": "string"

}

POST

/projects/{project_id}/members

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Body

Samples

---

Get Member

GET

/projects/{project_id}/members/{member_id}

Returns a specific member by member_id.

Permissions: Only allowed for tenant managed environments

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

member_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

{

"member_id": "string",

"display_name": "string",

"metadata": "string",

"created_at": "string",

"updated_at": "string",

"palm_templates_enrolled": 0,

"last_enrolled_at": "string",

"last_used_at": "string"

}

GET

/projects/{project_id}/members/{member_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

member_id*

Samples

---

Update Member

PUT

/projects/{project_id}/members/{member_id}

Updates an existing member's information.

Permissions: Only allowed for tenant managed environments

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

member_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"display_name": "string",

"metadata": null

}

Responses

Content-Type

application/json; charset=utf-8

{

"member_id": "string",

"display_name": "string",

"metadata": "string",

"created_at": "string",

"updated_at": "string",

"palm_templates_enrolled": 0,

"last_enrolled_at": "string",

"last_used_at": "string"

}

PUT

/projects/{project_id}/members/{member_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

member_id*

Body

Samples

---

Delete Member

DELETE

/projects/{project_id}/members/{member_id}

Deletes a member from the project.
This will unlink biometric data and remove the member record.
Historical data (transactions, accesses) is preserved.

Permissions: Only allowed for tenant managed environments.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

member_id*

Typestring

Required

Format"uuid"

Responses

DELETE

/projects/{project_id}/members/{member_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

member_id*

Samples

---

Projects: Scans

Operations

GET/projects/{project_id}/scans/results

---

Get Scan Results

GET

/projects/{project_id}/scans/results

Returns all biometric scan results for the project within the specified time range.
Results are paginated and ordered by creation time (newest first).

Each scan result includes an optional member_id field that is populated only for
successful identify operations where the user was successfully identified.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Query Parameters

from*

Typestring

Required

Format"date-time"

to*

Typestring

Required

Format"date-time"

page*

Typeinteger

Required

Format"uint32"

Minimum1

per_page*

Typeinteger

Required

Format"uint32"

Maximum10000

Minimum10

Responses

Content-Type

application/json; charset=utf-8

[

{

"id": "string",

"caller_type": "string",

"operation_type": "string",

"response_time_ms": 0,

"success": "string",

"created_at": "string",

"posture": {

"x": 0,

"y": 0,

"z": 0,

"pitch": 0,

"roll": 0,

"yaw": 0

},

"results": [

{

"match_score": 0,

"position": 0

}

]

}

]

GET

/projects/{project_id}/scans/results

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

from*

to*

page*

per_page*

Samples

---

Projects: Transactions

Operations

GET/projects/{project_id}/transactionsGET/projects/{project_id}/transactions/export

---

Get Transactions

GET

/projects/{project_id}/transactions

Returns all transactions for the project within the specified time range

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Query Parameters

from*

Typestring

Required

Format"date-time"

to*

Typestring

Required

Format"date-time"

Responses

Content-Type

application/json; charset=utf-8

[

{

"id": "string",

"transaction_type": "string",

"transaction_state": "string",

"amount": {

"base": 0,

"tip": 0,

"total": 0

},

"location": {

"latitude": 0,

"longitude": 0

},

"timestamp": "string",

"address": {

"line1": "string",

"line2": "string",

"city": "string",

"state": "string",

"country": "string",

"postal_code": "string"

},

"merchant": {

"name": "string",

"icon_path": "string"

},

"vendor_payment_reference": "string",

"fee": 0,

"currency": "string",

"vendor": "string",

"vendor_merchant_id": "string"

}

]

GET

/projects/{project_id}/transactions

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

from*

to*

Samples

---

Export Transactions as CSV

GET

/projects/{project_id}/transactions/export

Returns all transactions for the project within the specified time range as a downloadable CSV file

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Query Parameters

from*

Typestring

Required

Format"date-time"

to*

Typestring

Required

Format"date-time"

Responses

CSV export

Content-Type

text/csv; charset=utf-8

{

"id": "string",

"transaction_type": "string",

"transaction_state": "string",

"timestamp": "string",

"base_amount": 0,

"tip_amount": 0,

"total_amount": 0,

"fee": 0,

"currency": "string",

"vendor": "string",

"vendor_payment_reference": "string",

"vendor_merchant_id": "string",

"merchant_name": "string",

"merchant_icon_path": "string",

"address_line1": "string",

"address_line2": "string",

"address_city": "string",

"address_state": "string",

"address_country": "string",

"address_postal_code": "string",

"latitude": 0,

"longitude": 0

}

GET

/projects/{project_id}/transactions/export

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

from*

to*

Samples

---

Projects

Operations

GET/projects/{project_id}GET/projectsPUT/projects/{project_id}/server-lookup

---

Get Project Details

GET

/projects/{project_id}

Returns details for the specified project

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

{

"id": "string",

"name": "string",

"mcc": 0,

"icon_path": "string",

"stripe_account_id": "string",

"phone_number": "string",

"website": "string",

"plan": {

"id": "string",

"name": "string",

"headcount": 0,

"daily_request_limit": 0

},

"environment_id": "string",

"enable_server_lookup": true,

"environment_enables_server_lookup": true

}

GET

/projects/{project_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Samples

---

List Projects

GET

/projects

Returns all projects accessible to the authenticated user or API key.

For users: Returns all projects in organizations where the user is an admin.
For API keys: Returns all projects the API key has access to (org-wide or scoped).

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Responses

Content-Type

application/json; charset=utf-8

[

{

"id": "string",

"name": "string",

"mcc": 0,

"icon_path": "string",

"stripe_account_id": "string",

"phone_number": "string",

"website": "string",

"plan": {

"id": "string",

"name": "string",

"headcount": 0,

"daily_request_limit": 0

},

"environment_id": "string",

"enable_server_lookup": true,

"environment_enables_server_lookup": true

}

]

GET

/projects

Playground

Authorization

FirebaseAuth

Samples

---

Update Server Lookup Setting

PUT

/projects/{project_id}/server-lookup

Updates whether the project is allowed to use server lookup endpoints.
Can only be enabled if the project has an environment and that environment allows it.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"enable_server_lookup": true

}

Responses

PUT

/projects/{project_id}/server-lookup

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Body

Samples

---

Projects: Webhooks

Operations

GET/projects/{project_id}/webhooksPOST/projects/{project_id}/webhooksGET/projects/{project_id}/webhooks/{webhook_id}DELETE/projects/{project_id}/webhooks/{webhook_id}PATCH/projects/{project_id}/webhooks/{webhook_id}POST/projects/{project_id}/webhooks/{webhook_id}/test

---

List Webhook Subscriptions

GET

/projects/{project_id}/webhooks

Returns all webhook subscriptions for the project.

Note: The webhook secret is not included in list responses for security.
It is only shown when creating a new webhook.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

[

{

"id": "string",

"url": "string",

"event_types": [

"string"

],

"enabled": true,

"created_at": "string",

"updated_at": "string"

}

]

GET

/projects/{project_id}/webhooks

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Samples

---

Create Webhook Subscription

POST

/projects/{project_id}/webhooks

Creates a new webhook subscription for the project to receive event notifications.

Supported Events (allowlist):

• enrollment.completed - Triggered when a member successfully completes enrollment
• demo.scan.success - Triggered when a demo scan successfully identifies a user

URL Requirements:

• Must use HTTPS (HTTP only allowed for localhost when WEBHOOK_ALLOW_LOCALHOST is set)
• Cannot target private IP addresses or internal networks
• Cannot target cloud metadata endpoints (e.g., 169.254.169.254)
• HTTP redirects are NOT followed
• DNS is resolved and validated before each delivery

Webhook Delivery:

• Webhooks are delivered with HMAC-SHA256 signature for verification
• Failed deliveries are retried with exponential backoff (up to 14 days)
• Your endpoint MUST be idempotent (use event_id to deduplicate)
• Response bodies are limited to 100 KB to prevent abuse

Limits:

• Maximum 25 webhook subscriptions per project

IMPORTANT: The webhook secret is only shown once in this response!
Save it securely to verify webhook signatures.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"url": "string",

"event_types": [

"string"

]

}

Responses

Content-Type

application/json; charset=utf-8

{

"id": "string",

"url": "string",

"secret": "string",

"event_types": [

"string"

],

"enabled": true,

"created_at": "string"

}

POST

/projects/{project_id}/webhooks

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

Body

Samples

---

Get Webhook Subscription

GET

/projects/{project_id}/webhooks/{webhook_id}

Returns details for a specific webhook subscription.

Note: The webhook secret is not included in the response for security.
It is only shown when creating a new webhook.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

webhook_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

{

"id": "string",

"url": "string",

"event_types": [

"string"

],

"enabled": true,

"created_at": "string",

"updated_at": "string"

}

GET

/projects/{project_id}/webhooks/{webhook_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

webhook_id*

Samples

---

Delete Webhook Subscription

DELETE

/projects/{project_id}/webhooks/{webhook_id}

Permanently deletes a webhook subscription. This action cannot be undone.

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

webhook_id*

Typestring

Required

Format"uuid"

Responses

DELETE

/projects/{project_id}/webhooks/{webhook_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

webhook_id*

Samples

---

Update Webhook Subscription

PATCH

/projects/{project_id}/webhooks/{webhook_id}

Updates an existing webhook subscription. You can update the URL,
event types, and enable/disable the webhook.

Validation:

• Event types must be from the allowlist (enrollment.completed, demo.scan.success)
• URLs must use HTTPS and cannot target private networks (same rules as creation)

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

webhook_id*

Typestring

Required

Format"uuid"

Request Body

application/json; charset=utf-8

{

"url": "string",

"event_types": [

"string"

],

"enabled": true

}

Responses

Content-Type

application/json; charset=utf-8

{

"id": "string",

"url": "string",

"event_types": [

"string"

],

"enabled": true,

"created_at": "string",

"updated_at": "string"

}

PATCH

/projects/{project_id}/webhooks/{webhook_id}

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

webhook_id*

Body

Samples

---

Send Test Webhook

POST

/projects/{project_id}/webhooks/{webhook_id}/test

Triggers a test webhook event to verify your integration is working correctly.

Test Event:

• Event type: webhook.test
• Includes a unique test_id in the payload for tracking
• Signed with HMAC-SHA256 like production webhooks
• Subject to the same retry logic as real events

Usage:

1. Call this endpoint to send a test webhook
2. Verify your endpoint receives the webhook
3. Check the signature matches using your webhook secret
4. Use the delivery history endpoint to track delivery status

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

webhook_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

{

"test_id": "string",

"message": "string"

}

POST

/projects/{project_id}/webhooks/{webhook_id}/test

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

webhook_id*

Samples

---

Projects: Webhook Deliveries

Operations

GET/projects/{project_id}/webhooks/{webhook_id}/deliveriesGET/projects/{project_id}/webhooks/{webhook_id}/deliveries/{delivery_id}/attempts

---

List Webhook Deliveries

GET

/projects/{project_id}/webhooks/{webhook_id}/deliveries

Returns delivery history for a webhook subscription within the specified time range,
including all attempts, responses, and delivery status. Results are paginated and
ordered by creation time (newest first).

Delivery Status:

• pending - Waiting for next retry attempt
• success - Successfully delivered (received 2XX response)
• failed - Permanently failed after max retry attempts

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

webhook_id*

Typestring

Required

Format"uuid"

Query Parameters

from*

Typestring

Required

Format"date-time"

to*

Typestring

Required

Format"date-time"

page*

Typeinteger

Required

Format"uint32"

Minimum1

per_page*

Typeinteger

Required

Format"uint32"

Maximum1000

Minimum10

Responses

Content-Type

application/json; charset=utf-8

{

"items": [

{

"id": "string",

"subscription_id": "string",

"payload": {

"event_id": "string",

"timestamp": "string",

"project_id": "string",

"data": {

"event_type": "webhook.test",

"test_id": "string",

"message": "string",

"triggered_at": "string"

}

},

"attempt_count": 0,

"attempt_pending": true,

"response_status": 0,

"response_body": "string",

"status": "string",

"created_at": "string",

"last_attempt_at": "string"

}

],

"total_count": 0

}

GET

/projects/{project_id}/webhooks/{webhook_id}/deliveries

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

webhook_id*

from*

to*

page*

per_page*

Samples

---

List Delivery Attempts

GET

/projects/{project_id}/webhooks/{webhook_id}/deliveries/{delivery_id}/attempts

Returns the full history of delivery attempts for a specific webhook delivery.
This shows every attempt made to deliver the webhook, including timing, status codes,
response bodies, and error messages.

Use this endpoint to:

• Debug why a webhook is failing
• See the full retry history
• Analyze response times
• Understand what errors occurred

Authorizations

FirebaseAuth

Firebase Token authorization
This identifies the user from the JWT token passed as a bearer token

TypeHTTP (bearer)

or

ApiKeyAuth

API Key authorization
Identifies the organization and allowed projects from the API key

TypeHTTP (bearer)

Parameters

Path Parameters

project_id*

Typestring

Required

Format"uuid"

webhook_id*

Typestring

Required

Format"uuid"

delivery_id*

Typestring

Required

Format"uuid"

Responses

Content-Type

application/json; charset=utf-8

[

{

"id": "string",

"delivery_id": "string",

"attempt_number": 0,

"attempted_at": "string",

"response_status": 0,

"response_body": "string",

"error_message": "string",

"duration_ms": 0

}

]

GET

/projects/{project_id}/webhooks/{webhook_id}/deliveries/{delivery_id}/attempts

Playground

Authorization

FirebaseAuth

Variables

Key

Value

project_id*

webhook_id*

delivery_id*

Samples

---

Health

Checks health of the server

Operations

GET/livezGET/healthz

---

Liveness probe

GET

/livez

Checks if the server is running and able to respond to an http request

Responses

Content-Type

text/html; charset=utf-8

"string"

GET

/livez

Playground

Samples

---

Health probe

GET

/healthz

Checks if all the services are available for the server to process requests.
This may fail if a critical service is unavailable, but will report a warning
if non-critical services are down. This endpoint has a hard limit of 800ms
to finish its checks.

Responses

Content-Type

text/html; charset=utf-8

"string"

GET

/healthz

Playground

Samples

---

Powered by VitePress OpenAPI