Ingest events
Submit a signed APS-1 event to the organization ledger. Prefer signAndIngest from the SDK — it handles canonical JSON and Ed25519 signing.
POST
/v1/aegis/eventsBearer ingest keyRequest body
Full signed APS envelope including sig_alg and sig_value_b64 after signing.
Example (abbreviated)
{
"schema_version": 1,
"event_id": "evt_a1b2c3d4e5f6",
"organization_id": "uuid",
"trace_id": "trc_a1b2c3d4",
"agent_id": "agt_…",
"key_id": "key_…",
"emitted_at": "2026-05-21T12:00:00.000Z",
"actor_type": "agent",
"actor_principal": "support-bot",
"action_kind": "llm_invocation",
"policy_decision": "allow",
"tool_name": "google.generativeai.classify",
"payload": {
"purpose": "triage",
"data_touched": ["customer_email", "ticket_message"]
},
"sig_alg": "ed25519",
"sig_value_b64": "…"
}Request headers
| Field | Type | Required | Description |
|---|---|---|---|
Authorization | string | Yes | Bearer ingest API key |
Idempotency-Key | string | No | Stable key; replays return 200 with status replayed |
Salanor-Version | string | No | API version date (SDK sends 2026-05-18) |
Responses
| Status | Body |
|---|---|
201 Created | { event_id, sequence_num, event_hash, chain_valid, status: "created" } |
200 OK | { event_id, status: "replayed" } — idempotent duplicate |
401 | { error: "Invalid API key" } |
403 | { error: "Organization mismatch…" } |
422 | { error: "Invalid signature" | validation message } |
429 | { error, code: "plan_limit" } — monthly event cap |
cURL example
bash
curl -X POST https://api.salanor.com/v1/aegis/events \
-H "Authorization: Bearer $AEGIS_INGEST_API_KEY" \
-H "Content-Type: application/json" \
-H "Salanor-Version: 2026-05-18" \
-d @signed-event.jsonServer-side policy on ingest
If tool_name is set, the API may upgrade policy_decision to deny or allow_with_obligation based on the org's active policy before persisting.