API reference

The control plane is a REST API at https://api.getkaizen.io. The SDKs wrap it, but you can call it directly.

Authentication

Send a bearer token in the Authorization header.

Agent traffic uses an API key that starts with kz_live_, created on the API keys page.
Console and management calls use the signed-in user's token.

Authorization: Bearer kz_live_...

The action and verdict shape

You report an action; Kaizen returns a verdict.

// action
{
  "kind": "tool_call",          // tool_call | connect | http | file | ...
  "tool": "issue_refund",
  "target": "api.stripe.com:443",
  "publisher": "stripe",
  "metadata": { "source": "egress" }   // how it was observed
}

// verdict
{
  "decision": "allow",          // allow | block
  "reason": "ok",
  "evidence": [],
  "confidence": null            // set when the reasoning check weighed in
}

Endpoints

Report and read verdicts

Method	Path	Purpose
`POST`	`/v1/verdicts`	Report an action; record the verdict
`GET`	`/v1/verdicts`	List verdicts. Query: `agent`, `status`, `decision`, `source`, `q`, `since`, `limit`, `offset`
`POST`	`/v1/verdicts/{id}/status`	Triage: `{ "status": "acknowledged \\| resolved \\| false_positive" }`
`POST`	`/v1/verdicts/{id}/learn`	Fold the action into the agent's baseline and declaration

Agents

Method	Path	Purpose
`GET`	`/v1/agents/profiles`	Every agent: activity, observation depth, declaration
`POST`	`/v1/agents/{agent}/manifest`	Declare expected behaviour: `{ "tools": [], "destinations": [] }`
`POST`	`/v1/agents/{agent}/settings`	`{ "paused": false, "judge_enabled": true }`
`POST`	`/v1/agents/{agent}/reset`	Forget the learned baseline

Policy, model, and metrics

Method	Path	Purpose
`GET` / `POST`	`/v1/org-policy`	Org-wide blocklist / allowlist
`GET` / `POST`	`/v1/llm-config`	Reasoning model (BYO key), budget, confidence threshold
`GET`	`/v1/judge/usage`	Reasoning-check usage today and this week
`GET`	`/v1/metrics/timeseries`	Daily actions, anomalies, reviews

Keys, exports, and team

Method	Path	Purpose
`GET` / `POST`	`/v1/keys`	List and create API keys
`GET` / `POST` / `DELETE`	`/v1/webhooks`	Export destinations (webhook, Slack, Datadog, Splunk, PagerDuty)
`GET`	`/v1/members`, `/v1/audit`	Team and audit log
`POST`	`/v1/members/invite`, `/v1/members/role`	Invite and set roles (owner/admin only)

Errors

Standard HTTP status codes. 401 for a missing or invalid token, 403 when a viewer attempts a change, 404 for an unknown id, 400 for a malformed body.