Projects
/api/v1/oris/projects List projects
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
page | integer | No | |
per_page | integer | No |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/projects' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects Create project
Create a new Stripe Projects-equivalent container. Each project carries its own monthly cap, Stripe customer, and audit trail. Project names are unique per tenant.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Request body
application/json, schema: ProjectCreateRequest
Responses
| Status | Description |
|---|---|
201 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/projects' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/projects/{project_id} Delete project (cascade revoke services)
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X DELETE 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/{project_id} Get project detail
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/{project_id}/billing/payment-methods Attach a Stripe PaymentMethod to project customer
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes |
Request body
application/json, schema: PaymentMethodAttachRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/billing/payment-methods' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/projects/{project_id}/dashboard-link/{provider} Provider dashboard link (parity with stripe projects open)
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes | |
provider | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/dashboard-link/{provider}' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/{project_id}/env Pull project env vars
Returns active service credentials as env vars plus a SHA-256 fingerprint of those vars. The response carries an HMAC-SHA-256 signature in the `X-Oris-Signature` header, computed over the canonical response body using the developer's API key as the shared secret. Clients should verify this header to detect in-transit tampering even when TLS is terminated by an intermediary (e.g. corporate proxy). Each pull writes an audit event.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/env' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/{project_id}/link Begin provider account linking
Initiate the provider link flow. For OAuth providers, returns a URL the developer must visit. For API-token providers, returns the URL of a paste form.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes |
Request body
application/json, schema: LinkProviderRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/link' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/projects/{project_id}/services Add service to project
Provision a service from a linked provider into the project. Saga: KYA gate -> policy -> catalog validate -> Stripe customer/setup intent -> provider provision -> credential store -> service row -> audit. Returns env vars on synchronous success or expected callback interval if the provisioning is async.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes |
Request body
application/json, schema: AddServiceRequest
Responses
| Status | Description |
|---|---|
202 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/services' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/projects/{project_id}/services/{service_id} Remove a service from a project
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes | |
service_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X DELETE 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/services/{service_id}' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/{project_id}/services/{service_id}/rotate Rotate service credential
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes | |
service_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/services/{service_id}/rotate' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/{project_id}/services/{service_id}/upgrade Upgrade service plan tier
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes | |
service_id | string | Yes |
Request body
application/json, schema: UpgradeServiceRequest
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/services/{service_id}/upgrade' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)' \
-H 'Content-Type: application/json' \
-d '{...}'/api/v1/oris/projects/{project_id}/status Project status (cap usage + recent charges)
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
project_id | string | Yes |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/projects/{project_id}/status' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/catalog Browse provider/service catalog
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Responses
| Status | Description |
|---|---|
200 | Successful Response |
Example request
curl -X GET 'https://api.useoris.xyz/api/v1/oris/projects/catalog' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'/api/v1/oris/projects/webhooks/oauth-callback Provider OAuth callback receiver
Public endpoint.
Auth: Ed25519 request signing. Send
Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
state | string | Yes | State token from initial /link flow. |
code | string | No | OAuth authorization code. |
error | string | No | OAuth error returned by provider. |
Responses
| Status | Description |
|---|---|
200 | Successful Response |
422 | Validation Error |
Example request
curl -X POST 'https://api.useoris.xyz/api/v1/oris/projects/webhooks/oauth-callback' \
-H 'Authorization: oris_sk_live_***' \
-H 'X-Request-Signature: ***' \
-H 'X-Timestamp: $(date +%s)' \
-H 'X-Nonce: $(uuidgen)'