REST & GraphQL
REST for stable transactional flows, GraphQL for composable internal tooling and reporting. Both are versioned, both run on the same authentication layer, both share the same audit trail.
Every Micro AI is reachable through a versioned API, and the same OpenAPI spec that backs the platform generates the SDKs and the docs. Authentication, idempotency, webhooks and audit lineage are first-class — so your team isn’t reverse-engineering them later.
Pick the surface that fits the integration. The OpenAPI definition is the source of truth for all three.
REST for stable transactional flows, GraphQL for composable internal tooling and reporting. Both are versioned, both run on the same authentication layer, both share the same audit trail.
Signed, replayable events for every Micro AI decision. Configurable retry windows, dead-letter handling and idempotent delivery semantics — designed to slot into the queue and worker shape your platform already has.
First-class SDKs for JavaScript / TypeScript, Python, Java, iOS and Android — generated from the same OpenAPI source, versioned alongside the API. Lower-level HTTP libraries are equally welcome.
The primitives that turn an integration from "it works in the demo" into "it survives a Black Friday."
Every state-changing request accepts an Idempotency-Key header. Retries collapse to a single effect — safe for client-side retries and gateway-level resilience.
Every webhook is signed (HMAC-SHA-256). Your handler verifies origin without coupling to IP allowlists. Signature secrets are rotated per-channel and the timestamp is part of the signed payload.
Every request returns a X-Request-Id. Every Micro AI decision references it. The audit log lets you trace any decision back to the originating call — useful for support, useful for regulators.
Major versions are addressed in the URL path (/v1, /v2). Minor and patch changes are additive — never breaking. Field additions, never removals.
Breaking changes are announced ahead of the next major version with a documented sunset window. Affected customers get direct notice through their developer console and account contact.
Every release is documented with the changes, the rationale and the migration path where one is required. The OpenAPI spec is published alongside.
Indicative shape only — final endpoint paths and field names are documented in the OpenAPI spec shared with sandbox access.
# Invoke a Micro AI decision with safe-retry semantics
curl -X POST https://api.360fintech.ai/v1/decisions \
-H "Authorization: Bearer $TOKEN" \
-H "Idempotency-Key: $(uuidgen)" \
-H "Content-Type: application/json" \
-d '{
"feature": "kyc.adaptive",
"subject": {
"type": "individual",
"reference": "cust_847291"
}
}'import { Client } from '@360fintech/sdk';
import { randomUUID } from 'crypto';
const client = new Client({ token: process.env.API_TOKEN });
const decision = await client.decisions.create({
feature: 'kyc.adaptive',
subject: { type: 'individual', reference: 'cust_847291' },
idempotencyKey: randomUUID(),
});
console.log(decision.outcome, decision.confidence, decision.lineageId);The spec is the source of truth. Use it to generate clients in any language, validate requests in CI, or import into your platform’s gateway. Available alongside sandbox access.
Importable collections with example requests, environment variables and the sandbox endpoints pre-wired. Useful for the first 30 minutes; useful again during incident drills.
Reference integrations — a small Node + Express service, a Python service consuming webhooks, a Java background worker. Each one is intentionally small so it fits in a code review.
Isolated environment with synthetic data, the same API surface as production, and a free tier of decisions for evaluation. Granted per-project after a short scoping email.
Direct line to the engineers who built the Micro AIs — over email during evaluation, a shared channel during pilot, on-call rota for production customers.
Status page, changelog and OpenAPI spec are published with sandbox access. Production customers also get access to the audit-log query API and the per-tenant decision dashboard.
Short scoping note · we set up a sandbox tenant · you spend an afternoon with the API and tell us what you want to see next.