API reference

Create an account. Returns access and refresh tokens. Triggers a fire-and-forget email-verification dispatch via Envoi.

Sign in with identifier (username or primary email) and password. Returns tokens already switched into the caller's tenant.

Exchange a refresh token for a fresh access token.

Idempotent — provisions a tenant for an authenticated user who doesn't have one yet. Returns post-switch tokens.

Re-dispatches the 6-digit verification code via Envoi.

Submit the 6-digit code. Public consume — flips the contact to verified.

Identity, permissions, tenant, workspace, and emailVerified flag.

List with pagination, filters, and search.

Stream the full transaction table as CSV.

Single transaction with payment-event timeline.

List with status / category / search / date-range filters.

Single dispute with linked transaction and evidence list.

Audit-style event history for the dispute.

Move the dispute to accepted.

Submit a challenge after evidence is attached. Moves to under_review.

Submit a text response to an RFI. Moves to rfi_responded.

Escalate a lost dispute to arbitration. Adds the scheme-specific arbitration fee to the record.

Append a free-form note to the dispute's event history.

Block future transactions from the same card / fingerprint.

Open a support case linked to the dispute.

Apply a decision (accept / challenge / etc.) to a batch of disputes in one request.

Run a stored playbook over the open-disputes queue.

Body { filename, contentType }. Returns a short-lived PUT URL for the file plus the storageKey to send back when finalising.

Body { storageKey, filename, contentType, kind, note? }. Finalises the evidence record after the client has PUT the file to storage. kind is one of receipt, shipping_proof, communication, refund_policy, service_documentation, other.

Short-lived presigned GET URL for the evidence file.

List queued / running / completed reports.

Queue a transactions or disputes CSV report.

Status + metadata for a single report.

Short-lived presigned URL for the generated CSV.

List the tenant's playbooks.

Create a playbook.

Single playbook with its rules.

Update name, rules, or default flag.

Delete the playbook.

Run the playbook against the current open-disputes queue without applying changes.

List configured webhook endpoints.

Register a new endpoint. The HMAC secret is returned exactly once.

Edit the URL, event filter, or active flag.

Remove the webhook.

Fire a synthetic event to the endpoint and return the upstream response.

List synthetic accounts in the tenant.

Provision a synthetic account. Returns the generated email + password once.

Update label, role, or notes.

Archive the synthetic account.

Issue a new password and return it once.

Dashboard KPIs: chargeback ratio, win rate, totals.

Single payment lookup by display id.

Unauthenticated counter feeding the marketing-page total. Rate-limited and cached server-side.

Liveness + database probe.

Generate a synthetic batch. See the Dev panel page for the field list.

Run the hourly background job on demand. Returns counts of moved rows.

Wipe the tenant's synthetic data.