{"name":"The Leo King Business Intelligence API","version":"v1","status":"public-beta","contractVersion":"2026-07-07.enterprise-trust-console-audit-webhook-versioning-limits-examples-support-procurement-conformance-data-processing-launch-readiness-access-control-compliance-map-ai-governance-v1","lastReviewedAt":"2026-07-07","components":[{"name":"REST API Gateway","status":"live","scope":"Server-to-server /api/v1 routes with API-key auth and standard envelopes.","evidence":"Endpoint index, OpenAPI contract, auth middleware, credit checks, and route tests.","publicNote":"Use https://api.theleokingai.com for clean /v1 production routing. The legacy https://theleokingai.com/api base remains backward compatible during alpha."},{"name":"OpenAPI Contract","status":"live","scope":"Machine-readable OpenAPI 3.1 contract for generated clients and review.","evidence":"GET /api/v1/openapi publishes schemas, examples, auth, and route responses.","publicNote":"Public metadata routes are unauthenticated; paid routes require x-api-key."},{"name":"Human Developer Docs","status":"live","scope":"Discoverable docs page, quickstart, examples, endpoint reference, plans, and enterprise path.","evidence":"/api-docs is linked from nav, API product CTAs, redirects, sitemap, robots allowlist, and llms files.","publicNote":"Docs are the canonical human integration surface."},{"name":"API Console And Lab","status":"beta","scope":"Private console for keys, usage, billing, endpoint testing, workspace audit history, and visible audit CSV export.","evidence":"/api-console, /api-console/billing, and /api-console/lab surfaces exist behind auth; audit events are org-bound, redacted, and exportable as the visible capped slice.","publicNote":"Console access is customer/workspace gated; signed audit export packages remain enterprise-contract work."},{"name":"Core Compute","status":"beta","scope":"No-AI chart, sky, transit, lunar, synastry, compatibility, and helio background routes.","evidence":"Core routes use deterministic calculation and usage lane separation.","publicNote":"Best for high-volume partner infrastructure where AI spend is not needed."},{"name":"AI Intelligence","status":"beta","scope":"Audience intelligence, premium experiences, oracle/tarot, horoscope, and world signals.","evidence":"Routes use strict schemas, credit accounting, model metadata, and quality gates.","publicNote":"Fallback-looking AI output is treated as a failed product response."},{"name":"Usage Ledger","status":"beta","scope":"Request id, endpoint, credits, billing lane, model, token metadata, and idempotency tracking.","evidence":"Convex usage events and console/test logging modes are wired into paid routes.","publicNote":"Run buyer-path smoke before live enterprise demos."},{"name":"SDK Packages","status":"release_gate","scope":"Node and Python source exists; public npm/PyPI publication is still gated.","evidence":"GET /api/v1/sdks publishes package names, source paths, install commands, helper surfaces, and release gates.","publicNote":"Use raw HTTP or source clients until package publication is approved and release smoke passes."},{"name":"Partner Webhooks","status":"next","scope":"Signed callbacks for async completion, usage, quality, billing, and entitlement events.","evidence":"Public contract and HMAC-SHA256 verification format are documented in /api/v1/webhooks; delivery worker is not live yet.","publicNote":"Signature verification is specified and test-backed; delivery remains roadmap until the enterprise callback worker ships."},{"name":"SLA And Incident History","status":"live","scope":"Public SLA target and incident-history contract for discovery, procurement, and partner review.","evidence":"GET /api/v1/sla and GET /api/v1/incidents publish current targets, support boundaries, and reporting policy.","publicNote":"Public targets are published now; external uptime monitoring and contractual enterprise SLA terms are the next ops gate."},{"name":"Security And Trust Packet","status":"live","scope":"Public security controls, well-known security contact, data handling boundaries, subprocessor notes, and enterprise review packet.","evidence":"GET /api/v1/security and /.well-known/security.txt publish control status, contact, retention handling, subprocessor scope, and support expectations.","publicNote":"Public trust metadata plus console audit visibility/export are live beta; signed customer DPAs, audit export packages, and allowlists remain enterprise-contract work."},{"name":"Access Control Packet","status":"live","scope":"Public key custody, scope model, environment separation, rotation/revocation, browser boundary, and allowlist policy.","evidence":"GET /api/v1/access-control publishes key lifecycle, environment boundaries, access requirements, and enterprise network-control gates.","publicNote":"Server-side key custody is required today; IP allowlists, private endpoint terms, and custom network review remain signed enterprise work."},{"name":"Observability Proof","status":"beta","scope":"Gateway smoke, production env gates, buyer-path usage proof, readiness checks, and AI output quality sampling.","evidence":"GET /api/v1/observability publishes the proof signals and required runbooks for production confidence.","publicNote":"Public observability contract is live; automated external synthetic monitoring remains the next ops gate."},{"name":"Buyer Onboarding","status":"beta","scope":"Server-key setup, first request, idempotency, error handling, usage proof, launch-readiness gates, handoff artifacts, and escalation packet.","evidence":"GET /api/v1/onboarding and /api-docs expose the integration path from key creation to production smoke, launch readiness, and handoff evidence.","publicNote":"Self-serve docs are live; fully automated procurement and enterprise private onboarding remain sales-led, but launch evidence is now explicit."},{"name":"Versioning And Limits","status":"live","scope":"Public lifecycle, compatibility, deprecation, sunset, and rate-limit contract for v1 partners.","evidence":"GET /api/v1/versioning publishes compatibility rules, deprecation windows, rate-limit headers, and plan-limit guidance.","publicNote":"Standard rate-limit headers are now emitted on 429 responses when limiter metadata is available."},{"name":"Migration Guides","status":"live","scope":"Public route migration, deprecation artifact, legacy alias, validation, and partner checklist guidance.","evidence":"GET /api/v1/migrations publishes migration policy plus concrete guides for gateway, audience, and world-signal route moves.","publicNote":"No paid production route should be removed without a published migration guide, notice window, and support path."},{"name":"Examples And Cookbooks","status":"live","scope":"Public endpoint examples, SDK snippets, and partner workflow cookbooks generated from the API catalog.","evidence":"GET /api/v1/examples exposes request/response examples, curl, Node, Python, and cookbook paths for common integration use cases.","publicNote":"Examples are safe to share publicly and should stay aligned with OpenAPI, Postman, SDKs, and endpoint reference pages."},{"name":"Support And Escalation","status":"live","scope":"Public support tiers, support packet requirements, severity routing, and enterprise escalation boundaries.","evidence":"GET /api/v1/support publishes contact policy, escalation rules, required support packet fields, and secret-handling boundaries.","publicNote":"Public support metadata improves integration triage; contract-specific response windows require signed enterprise terms."},{"name":"Procurement And Compliance Packet","status":"live","scope":"Public buyer-review checklist, security/legal/ops review boundaries, signed-term gates, and durable trust links.","evidence":"GET /api/v1/procurement publishes procurement review items, buyer packet requirements, unavailable enterprise terms, and trust links.","publicNote":"Public packet speeds enterprise review; DPA, custom retention, audit exports, allowlists, and contracted SLA remain signed-term work."},{"name":"Conformance And Smoke Contract","status":"live","scope":"Public acceptance suites, commands, pass criteria, evidence artifacts, and launch gates for partner and production readiness.","evidence":"GET /api/v1/conformance publishes local contract, SDK, build, env, gateway, buyer-path, and AI quality conformance checks.","publicNote":"Passing tests alone is not enough for paid AI products; live gateway, usage ledger, and fresh output-quality evidence are part of readiness."},{"name":"Data Processing Packet","status":"live","scope":"Public data-use purposes, minimization rules, restricted-data boundary, DSR support policy, and signed-DPA gates.","evidence":"GET /api/v1/data-processing publishes processing purposes, DSR policy, retention/subprocessor links, and customer-specific DPA boundaries.","publicNote":"Public data-processing metadata supports enterprise review; custom retention, residency, DPA, and private export commitments require signed terms."},{"name":"Compliance Map","status":"live","scope":"Public compliance-readiness mapping across SOC 2-style, GDPR/data-processing, OWASP API, procurement, resilience, and AI quality review areas.","evidence":"GET /api/v1/compliance publishes framework-style mappings, evidence artifacts, certification boundaries, and signed-term gates.","publicNote":"The map is review evidence, not a certification claim; SOC 2 reports, DPAs, regulated-data approvals, and private audit evidence require signed terms."},{"name":"AI Governance And Acceptable Use","status":"live","scope":"Public generated-output governance, acceptable-use boundaries, restricted use cases, human-review policy, and escalation triggers.","evidence":"GET /api/v1/ai-governance publishes AI quality controls, use-case boundaries, prohibited uses, restricted uses, and partner responsibilities.","publicNote":"Generated output is interpretive guidance; regulated, high-impact, crisis, medical, legal, financial, employment, housing, insurance, or eligibility use requires signed review or is prohibited."}],"links":{"docs":"/api-docs","trust":"/trust","product":"/api-platform","console":"/api-console","lab":"/api-console/lab","billing":"/api-console/billing","index":"/api/v1","openapi":"/api/v1/openapi","status":"/api/v1/status","sla":"/api/v1/sla","incidents":"/api/v1/incidents","security":"/api/v1/security","securityTxt":"/.well-known/security.txt","accessControl":"/api/v1/access-control","observability":"/api/v1/observability","onboarding":"/api/v1/onboarding","versioning":"/api/v1/versioning","examples":"/api/v1/examples","support":"/api/v1/support","sdks":"/api/v1/sdks","migrations":"/api/v1/migrations","procurement":"/api/v1/procurement","conformance":"/api/v1/conformance","dataProcessing":"/api/v1/data-processing","compliance":"/api/v1/compliance","aiGovernance":"/api/v1/ai-governance","changelog":"/api/v1/changelog","webhooks":"/api/v1/webhooks","errors":"/api/v1/errors","postman":"/api/v1/postman","readiness":"/api/v1/ops/readiness?deep=1","llms":"/llms.txt","llmsFull":"/llms-full.txt"},"readiness":{"public":"/api/v1/status","internal":"/api/v1/ops/readiness?deep=1","auth":"x-ops-token required","note":"This public status endpoint is safe for discovery. Deep readiness includes provider and environment checks and stays internal."},"sla":{"public":"/api/v1/sla","incidents":"/api/v1/incidents","measurement":"Public SLA targets are published; external synthetic monitoring is the next ops gate."},"trust":{"security":"/api/v1/security","accessControl":"/api/v1/access-control","observability":"/api/v1/observability","onboarding":"/api/v1/onboarding","support":"/api/v1/support","procurement":"/api/v1/procurement","conformance":"/api/v1/conformance","dataProcessing":"/api/v1/data-processing","compliance":"/api/v1/compliance","note":"Security controls, access-control policy, production proof, onboarding steps, procurement packet, conformance gates, data-processing boundaries, compliance map, and enterprise trust boundaries are public metadata routes."}}