Ingest events

Submit a signed APS-1 event to the organization ledger. Prefer signAndIngest from the SDK — it handles canonical JSON and Ed25519 signing.

POST/v1/aegis/eventsBearer ingest key

Request body

Full signed APS envelope including sig_alg and sig_value_b64 after signing.

Example (abbreviated)
{
  "schema_version": 1,
  "event_id": "evt_a1b2c3d4e5f6",
  "organization_id": "uuid",
  "trace_id": "trc_a1b2c3d4",
  "agent_id": "agt_…",
  "key_id": "key_…",
  "emitted_at": "2026-05-21T12:00:00.000Z",
  "actor_type": "agent",
  "actor_principal": "support-bot",
  "action_kind": "llm_invocation",
  "policy_decision": "allow",
  "tool_name": "google.generativeai.classify",
  "payload": {
    "purpose": "triage",
    "data_touched": ["customer_email", "ticket_message"]
  },
  "sig_alg": "ed25519",
  "sig_value_b64": "…"
}

Request headers

FieldTypeRequiredDescription
AuthorizationstringYesBearer ingest API key
Idempotency-KeystringNoStable key; replays return 200 with status replayed
Salanor-VersionstringNoAPI version date (SDK sends 2026-05-18)

Responses

StatusBody
201 Created{ event_id, sequence_num, event_hash, chain_valid, status: "created" }
200 OK{ event_id, status: "replayed" } — idempotent duplicate
401{ error: "Invalid API key" }
403{ error: "Organization mismatch…" }
422{ error: "Invalid signature" | validation message }
429{ error, code: "plan_limit" } — monthly event cap

cURL example

bash
curl -X POST https://api.salanor.com/v1/aegis/events \
  -H "Authorization: Bearer $AEGIS_INGEST_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Salanor-Version: 2026-05-18" \
  -d @signed-event.json

Server-side policy on ingest

If tool_name is set, the API may upgrade policy_decision to deny or allow_with_obligation based on the org's active policy before persisting.