API Guide

The Core API exposes endpoints for ingestion, case management, reporting workflows, and SSI scam-site investigations. While access is currently limited to trusted services and authenticated analysts, documenting the API surface prepares i4g for future integrations.

Authentication – describes IAM gating, tokens, and future plans.
Sample Workflows – provides request/response examples for common tasks.
Taxonomy Reference – lists fraud taxonomy codes and definitions.

API Reference

For detailed endpoint documentation (parameters, schemas, and response types), please refer to the interactive documentation generated by the running API:

Swagger UI: /docs (e.g., http://127.0.0.1:8000/docs)
ReDoc: /redoc (e.g., http://127.0.0.1:8000/redoc)

See core/docs/api_reference.md for more details.

SSI Investigation Endpoints

The gateway serves all SSI (Scam Site Investigator) endpoints. There is no separate ssi-api service; the SSI Cloud Run Service (ssi-svc) handles browser automation and OSINT, and writes results directly to the shared database.

Method

Path

Description

POST

/investigations/ssi

Trigger an SSI investigation (calls SSI Cloud Run Service)

GET

/investigations/ssi/history

List past investigations (paginated, filterable)

GET

/investigations/ssi/active

List active investigations

GET

/investigations/ssi/{scan_id}

Full investigation detail (wallets, PII, agent actions)

GET

/investigations/ssi/wallets

Cross-scan wallet search with deduplication

GET

/investigations/ssi/{scan_id}/wallets.csv

Export wallets as CSV

GET

/investigations/ssi/{scan_id}/wallets.xlsx

Export wallets as XLSX

GET

/investigations/ssi/{scan_id}/evidence-bundle

Download evidence ZIP

GET

/investigations/ssi/{scan_id}/lea-package

Download LEA evidence package

GET

/investigations/ssi/{scan_id}/report.pdf

Download PDF report

GET/POST/PUT/DELETE

/playbooks/ssi

Playbook CRUD

POST

/playbooks/ssi/test-match

Test URL against playbook patterns

GET

/tasks/{task_id}

Poll investigation progress

Threat Intelligence & Analytics (Q1 2026)

TIFAP analytics and campaign governance endpoints added in Q1 2026:

Method

Path

Description

GET

/intelligence/entities

Entity explorer — search persons, orgs, wallets

GET

/intelligence/entities/{id}

Entity detail with risk score and case links

GET

/intelligence/indicators

Indicator registry — URLs, IPs, domains

GET

/intelligence/campaigns

Campaign list with taxonomy rollup and risk scores

GET

/intelligence/campaigns/{id}

Campaign detail with member cases and timeline

GET

/intelligence/graph

Entity relationship graph (BFS traversal)

GET

/impact/dashboard

Platform KPIs and loss-by-taxonomy dashboard

GET

/campaigns

Threat campaign management (governance CRUD)

GET

/exports/researcher/entities

Anonymized researcher export (aggregate only)

PII Vault Endpoints (Q1 2026)

Method

Path

Description

GET

/intakes/{id}/contact

Decrypt victim contact fields (analyst role required)

GET

/accounts/me

Resolve current user identity from forwarded IAP header

For complete parameter schemas and response types, use the interactive Swagger UI at /docs or see core/docs/api_reference.md.

PreviousSLO Definitions NextAuthentication

Last updated 14 days ago

Good morning

hashtagAPI Reference

hashtagSSI Investigation Endpoints

hashtagThreat Intelligence & Analytics (Q1 2026)

hashtagPII Vault Endpoints (Q1 2026)

API Reference

SSI Investigation Endpoints

Threat Intelligence & Analytics (Q1 2026)

PII Vault Endpoints (Q1 2026)