{"name":"The Leo King Business Intelligence API Onboarding","version":"v1","status":"public-contract","contractVersion":"2026-07-07.enterprise-trust-console-audit-webhook-versioning-limits-examples-support-procurement-conformance-data-processing-launch-readiness-access-control-compliance-map-ai-governance-v1","lastReviewedAt":"2026-07-07","productionBaseUrl":"https://api.theleokingai.com","steps":[{"step":"Choose The Production Base URL","status":"live","owner":"partner","action":"Use `https://api.theleokingai.com` and `/v1/*` paths for new integrations.","proof":"OpenAPI, Postman, SDK examples, and gateway smoke all point to the dedicated gateway."},{"step":"Create A Server-Side Key","status":"beta","owner":"shared","action":"Generate a scoped API key from the customer console or approved internal smoke flow.","proof":"Keys are hashed/scoped by organization, endpoint access, and credit state before paid route execution."},{"step":"Make The First Core Request","status":"live","owner":"partner","action":"Call `POST /v1/charts/natal` with `x-api-key`, `Idempotency-Key`, and a minimal subject payload.","proof":"Core endpoint should return `usage.lane = core`, credits, no token usage, and deterministic chart data."},{"step":"Wire Retry And Error Handling","status":"live","owner":"partner","action":"Preserve idempotency keys across retries and branch on the public error catalog.","proof":"409, 429, 502, and 503 responses include partner action and support-ready request_id."},{"step":"Verify Usage And Credits","status":"beta","owner":"shared","action":"Run buyer-path smoke and confirm the Convex `usageEvents` row for the exact request_id.","proof":"Passing smoke proves response usage and billing ledger agree before a buyer demo."},{"step":"Sample AI Output Quality","status":"beta","owner":"shared","action":"For AI routes, inspect 1-3 fresh production outputs created after deploy.","proof":"Outputs must include required sections, model metadata, depth, no placeholder copy, and no fallback language."},{"step":"Prepare The Support Packet","status":"live","owner":"partner","action":"Record request_id, endpoint, UTC timestamp, key prefix only, idempotency key hash, and sanitized payload shape.","proof":"Support can triage without raw secrets, complete private payloads, or payment data."},{"step":"Request Enterprise Terms","status":"enterprise","owner":"shared","action":"Move to signed terms for custom limits, private endpoints, allowlists, DPAs, audit exports, and dedicated incident contacts.","proof":"Enterprise terms are contract-specific and should not be assumed from public metadata."}],"launchReadinessGates":[{"gate":"Dedicated Gateway Reachability","status":"live","owner":"platform","requiredEvidence":"`npm run smoke:api-gateway -- --base-url https://api.theleokingai.com --final` passes and returns the current contractVersion.","failureMode":"Block launch if the dedicated gateway, OpenAPI, status, docs, or metadata aliases do not resolve through the public host."},{"gate":"Partner Server Key Handling","status":"beta","owner":"shared","requiredEvidence":"Partner confirms keys are stored server-side only, scoped to the expected organization/routes, and never shipped to browser/mobile clients.","failureMode":"Block production traffic if keys are exposed in client code, screenshots, support tickets, or analytics events."},{"gate":"Usage Ledger Reconciliation","status":"beta","owner":"platform","requiredEvidence":"Buyer-path smoke proves response `request_id`, usage lane, credits, and Convex usage event agree for the same call.","failureMode":"Block paid launch when usage response fields and ledger rows disagree or cannot be traced by request_id."},{"gate":"AI Output Quality Sampling","status":"beta","owner":"shared","requiredEvidence":"Inspect 1-3 fresh production AI outputs after deploy for required sections, model metadata, depth, and no fallback-looking copy.","failureMode":"Block publication or partner demo if output quality is unverified, generic, missing required sections, or fallback-looking."},{"gate":"Support And Incident Drill","status":"live","owner":"shared","requiredEvidence":"Partner can provide request_id, endpoint, UTC timestamp, key prefix only, idempotency hash, sanitized payload shape, and severity.","failureMode":"Block enterprise launch if support evidence requires raw secrets, complete private payloads, payment details, or a private DPA process that is not signed."},{"gate":"Signed Enterprise Boundary","status":"enterprise","owner":"shared","requiredEvidence":"Order form, DPA/addendum when applicable, custom SLA/support exhibit, limits, allowlists, and launch checklist are signed before custom commitments.","failureMode":"Do not promise custom retention, residency, allowlists, private endpoints, dedicated response windows, or audit export packages from public metadata alone."}],"handoffArtifacts":[{"artifact":"Production Smoke Evidence","owner":"platform","requiredFor":"Gateway readiness, public metadata compatibility, OpenAPI freshness, and post-deploy release proof.","redactionBoundary":"Include URL, status, contractVersion, deployment URL, commit SHA, and timestamps; do not include secrets or private payloads."},{"artifact":"Partner Integration Matrix","owner":"partner","requiredFor":"Mapping environments, server owners, endpoint scopes, expected volume, retry policy, and escalation contacts before traffic ramps.","redactionBoundary":"Use role/team contacts and endpoint scopes; do not publish personal phone numbers, raw keys, or customer payload samples."},{"artifact":"Usage And Billing Proof","owner":"platform","requiredFor":"Confirming credits, lane, billable units, idempotency behavior, and ledger traceability before paid production use.","redactionBoundary":"Use request_id, organization id, key prefix only, endpoint, credits, and timestamps; never expose key hashes or payment identifiers."},{"artifact":"AI Quality Evidence","owner":"shared","requiredFor":"Proving generated-output routes meet product contract after deploy or generation-logic changes.","redactionBoundary":"Use sanitized prompts/outputs or customer-approved examples; do not export complete private payloads without signed support terms."},{"artifact":"Rollback And Disable Plan","owner":"shared","requiredFor":"Knowing how to pause keys, downgrade traffic, disable AI publication, roll back a deploy, and communicate incidents.","redactionBoundary":"Include runbook names and owners; keep admin tokens, provider dashboards, and private incident contacts out of public packets."}],"productionChecklist":["Production env gate prints READY FOR PUSH/DEPLOY for the target environment.","Dedicated gateway smoke passes in final mode on api.theleokingai.com.","Buyer-path smoke passes against the dedicated gateway with Convex proof enabled.","Core endpoints return no token usage and AI endpoints return model/token visibility.","Fresh AI outputs satisfy product quality requirements after the deploy timestamp.","Support packet includes request_id, endpoint, key prefix only, UTC timestamp, and sanitized payload shape.","Access-control review confirms server-side key custody, endpoint scope, environment separation, rotation triggers, and no public-client key exposure.","Compliance mapping review confirms public evidence links, framework-style mapping, no certification overclaim, and signed-term boundaries.","AI governance review confirms acceptable-use boundaries, prohibited/restricted use cases, human-review requirements, and no fallback-success behavior.","Conformance evidence includes local contract tests, SDK build, app build, env gate, gateway smoke, buyer-path proof, and AI output sampling when relevant.","Data-processing review confirms minimization, restricted-data boundaries, retention policy, subprocessor scope, and signed-DPA requirements.","Launch-readiness handoff includes smoke evidence, partner integration matrix, billing proof, AI quality evidence, and rollback plan."],"firstCoreRequest":{"method":"POST","path":"/v1/charts/natal","headers":["Content-Type: application/json","x-api-key","Idempotency-Key"],"expectedUsage":{"lane":"core","credits":2,"tokens":"not present for Core Compute routes"}},"supportPacket":{"include":["request_id","endpoint","UTC timestamp","key prefix only","idempotency key hash","sanitized payload shape"],"neverInclude":["raw API keys","bearer tokens","payment details","complete private payloads","provider secrets"]},"links":{"docs":"/api-docs","openapi":"/api/v1/openapi","postman":"/api/v1/postman","security":"/api/v1/security","accessControl":"/api/v1/access-control","observability":"/api/v1/observability","errors":"/api/v1/errors","support":"/api/v1/support","procurement":"/api/v1/procurement","conformance":"/api/v1/conformance","dataProcessing":"/api/v1/data-processing","compliance":"/api/v1/compliance","console":"/api-console"}}