{"name":"The Leo King Business Intelligence API Access Control","version":"v1","status":"public-contract","contractVersion":"2026-07-07.enterprise-trust-console-audit-webhook-versioning-limits-examples-support-procurement-conformance-data-processing-launch-readiness-access-control-compliance-map-ai-governance-v1","lastReviewedAt":"2026-07-07","policy":{"status":"live","authenticationHeader":"x-api-key","keyStoragePolicy":"API keys are server-to-server credentials. Store them in a backend secret manager or server-only environment variable; never ship them to browser, mobile, analytics, screenshots, or client logs.","browserBoundary":"Browser and mobile clients must call a partner backend. Direct public-client calls to paid API routes are unsupported because keys, scopes, usage, and support evidence must stay server-controlled.","scopeModel":"Keys are scoped by organization, status, plan, endpoint access, monthly credits, and rate limit. Public metadata routes do not require a key.","rotationPolicy":"Rotate keys when staff access changes, a key appears in logs/support material, a partner backend is compromised, or before production launch if a pilot key was shared broadly.","revocationPolicy":"Revoked, expired, depleted, or out-of-scope keys fail before route execution and before credits are charged.","corsPolicy":"Paid API routes are not a browser CORS product. Treat CORS allowance as a partner-backend concern, not permission to expose API keys to client applications.","ipAllowlistBoundary":"IP allowlists, private endpoint terms, mTLS-style controls, and dedicated network review require signed enterprise terms and launch-readiness evidence.","enterpriseBoundary":"Public access-control metadata is review guidance, not a custom security contract. Customer-specific key custody, allowlists, private data terms, and audit export packages require signed terms.","supportEvidence":["request_id","endpoint","organization id","key prefix only","UTC timestamp","idempotency key hash","expected endpoint scope","sanitized payload shape"],"neverInclude":["raw API keys","bearer tokens","key hashes","provider secrets","payment details","complete private payloads","customer birth data screenshots"]},"environments":[{"name":"Production Gateway","status":"live","baseUrl":"https://api.theleokingai.com","keyPrefix":"lk_live_","purpose":"Paid production, buyer-path smoke, and customer-facing server integrations.","dataBoundary":"Use production-scoped keys only from trusted server environments and verify usage ledger evidence before enterprise demos."},{"name":"Legacy Website API Host","status":"beta","baseUrl":"https://theleokingai.com/api","keyPrefix":"lk_live_","purpose":"Backward-compatible alpha integrations while clients migrate to the dedicated gateway host.","dataBoundary":"Do not create new public integrations on the legacy host unless compatibility testing requires it."},{"name":"Local Development","status":"beta","baseUrl":"http://localhost:3000/api","keyPrefix":"lk_dev_","purpose":"Local contract testing, SDK development, and smoke rehearsal with non-production data.","dataBoundary":"Local keys and fixture payloads must not be reused as production credentials or customer evidence."}],"keyLifecycle":[{"step":"Create Server-Side Key","status":"beta","owner":"shared","action":"Create the key from the customer console, approved internal smoke flow, or signed enterprise onboarding path.","evidence":"Key has organization id, key prefix, status, endpoint scope, plan/credit state, and creation audit event."},{"step":"Store In Backend Secret Manager","status":"live","owner":"partner","action":"Put the raw key in a backend secret manager or server-only environment variable before making requests.","evidence":"Partner confirms the key is absent from browser bundles, mobile clients, analytics events, source control, and support screenshots."},{"step":"Validate Scope Before Launch","status":"beta","owner":"shared","action":"Run a scoped smoke request and verify the endpoint, usage lane, credit charge, and Convex ledger row match expectations.","evidence":"Buyer-path smoke proves the same request_id in response and usageEvents before paid traffic ramps."},{"step":"Rotate On Exposure Or Staff Change","status":"live","owner":"shared","action":"Rotate any key that appears outside server-only storage or after relevant operator/offboarding changes.","evidence":"Audit trail shows old key revoked and replacement key created with equivalent intended scope."},{"step":"Revoke Or Pause On Incident","status":"live","owner":"platform","action":"Disable compromised, over-limit, expired, or out-of-contract keys before route execution.","evidence":"Auth validation returns a non-billable auth/scope error and support packet uses key prefix only."},{"step":"Negotiate Enterprise Controls","status":"enterprise","owner":"shared","action":"Move IP allowlists, private endpoint terms, dedicated network review, or audit export packages into signed terms.","evidence":"Signed order form or security exhibit names the customer-specific controls and evidence cadence."}],"requirements":[{"name":"Server-Side Custody","status":"live","scope":"All paid API routes.","partnerRequirement":"Call API routes from a trusted backend and keep raw keys out of public clients, logs, screenshots, and support tickets.","platformEvidence":"Docs, SDKs, support packet rules, and auth errors all require `x-api-key` from server-controlled contexts."},{"name":"Endpoint Scope","status":"beta","scope":"Route access and monthly credit enforcement.","partnerRequirement":"Request only the endpoints and traffic volume the key is scoped to use.","platformEvidence":"Key validation checks status, organization, endpoint access, credit state, and plan limits before execution."},{"name":"Environment Separation","status":"beta","scope":"Production, legacy compatibility, and local development.","partnerRequirement":"Keep production keys and evidence separate from local fixtures and legacy-host compatibility testing.","platformEvidence":"Public metadata publishes canonical base URLs, key prefixes, and gateway smoke commands."},{"name":"Rotation And Revocation","status":"live","scope":"Key lifecycle, compromised credentials, and staff/offboarding changes.","partnerRequirement":"Report exposed key prefixes only and rotate keys when custody changes or exposure is suspected.","platformEvidence":"Console audit trail and access-control packet define rotation triggers and non-billable failure behavior."},{"name":"Rate-Limit Cooperation","status":"live","scope":"Per organization, key, endpoint, and plan limit.","partnerRequirement":"Respect 429 responses, back off with Retry-After, and coordinate load tests before traffic spikes.","platformEvidence":"Versioning and limits route publishes rate-limit algorithm, headers, and plan limits."},{"name":"Enterprise Network Controls","status":"enterprise","scope":"IP allowlists, private endpoints, custom network review, and dedicated security evidence.","partnerRequirement":"Do not assume customer-specific network controls from public docs; include them in signed enterprise terms.","platformEvidence":"Procurement, security, access-control, and launch-readiness packets all mark allowlists as signed-term work."}],"links":{"docs":"/api-docs","openapi":"/api/v1/openapi","security":"/api/v1/security","securityTxt":"/.well-known/security.txt","onboarding":"/api/v1/onboarding","versioning":"/api/v1/versioning","errors":"/api/v1/errors","support":"/api/v1/support","procurement":"/api/v1/procurement","conformance":"/api/v1/conformance","dataProcessing":"/api/v1/data-processing","compliance":"/api/v1/compliance","console":"/api-console"}}