API Reference
The TrustRelay REST API is served by the trustrelay-api Go service.
Base URL
Always relative to the customer’s deployment (e.g. https://my-instance.trustrelay.io). All paths below are relative to this base.
Authentication
| Context | Mechanism |
|---|---|
App routes (/api/*) | Session cookie (session) set at login |
MCP endpoints (/mcp, /api/mcp) | Authorization: Bearer <PAT> |
Requests to protected routes without a valid session/token return 401 Unauthorized.
Response envelope
All JSON endpoints (except binary media and MCP stream endpoints) wrap their response:
{ "value": <T>, "error": { "code": "...", "message": "..." } }On success, error is omitted. On failure, value is omitted and error is populated.
Exceptions (raw responses, not wrapped):
GET /api/logoGET /api/products/{productversionid}/coverPOST /api/export/dxf/mcpand/api/mcp(MCP stream)
Rate limiting
Rate limiting is enforced per IP address on GET, POST, DELETE, PUT, and PATCH methods. The rate is controlled by the THROTTLE_REQUESTS_PER_SECOND environment variable. Exceeding the limit returns 429 Too Many Requests.
Timeouts
| Route | Timeout |
|---|---|
| All routes | 30 seconds |
POST /api/jsonrpc | 60 seconds |
/mcp, /api/mcp | No timeout (long-lived) |
Auth
POST /api/auth/login
Authenticates a user and sets a session cookie.
Request:
{ "email": "user@example.com", "password": "..." }Response 200:
{ "value": { "token": "...", "expires_at": 1234567890 } }POST /api/auth/logout
Invalidates the current session. The session cookie is cleared.
POST /api/auth/verify
Validates the current session cookie. Used by the SvelteKit hooks.server.ts on every page load.
Response 200:
{
"value": {
"user": {
"account_id": "uuid",
"email": "user@example.com",
"first_name": "Jane",
"last_name": "Doe",
"organisation_id": "uuid",
"is_org_anchor": false,
"is_user_owner": true,
"is_user_deputy": false,
"lang": "en",
"is_org_external": false
},
"settings": {
"tenant_name": "My Platform",
"logo_url": "https://..."
},
"unread_notifications": 2,
"unread_inbox_messages": 0
}
}Version
GET /api/version
Returns build information. No authentication required.
Response 200:
{
"value": {
"app_name": "trustrelay-api",
"version": "1.2.3",
"build_time": "2026-04-07T00:00:00Z",
"git_hash": "abc1234"
}
}Settings
All settings endpoints require a valid session.
| Method | Path | Description |
|---|---|---|
| GET | /api/settings/general-info | Tenant name, description, logo URL |
| PUT | /api/settings/general-info | Update tenant info |
| GET | /api/settings/logo | Logo source configuration |
| PUT | /api/settings/logo | Update logo source |
| GET | /api/logo | Raw binary logo image |
| GET | /api/settings/support | Support contact settings |
| PUT | /api/settings/support | Update support settings |
| GET | /api/settings/apps | LLM, email, and image service settings |
| PUT | /api/settings/apps | Update app integrations |
| GET | /api/settings/supported-apps | Returns { "unsplash": true, "ai": false } feature flags |
| GET | /api/settings/roles | System-level role assignments (anchor, deputy orgs) |
| POST | /api/settings/roles | Update system roles |
| GET | /api/settings/industry-classification-codes | List of industry classification codes |
| GET | /api/settings/countries | List of countries |
Password reset
| Method | Path | Description |
|---|---|---|
| GET | /api/settings/password-reset-requests | List all active reset requests (admin) |
| GET | /api/settings/password-reset-requests/{token} | Get request by token (public) |
| POST | /api/settings/password-reset-requests | Create a reset request |
| POST | /api/settings/reset-password | Submit new password via token |
Users
| Method | Path | Description |
|---|---|---|
| GET | /api/users | List all platform users |
| GET | /api/users/{userid} | Get extended profile for a specific user |
| DELETE | /api/users/{userid} | Delete a user (admin only) |
Current user (self)
| Method | Path | Description |
|---|---|---|
| GET | /api/user/overview | Dashboard: pinned products, stats, activity (cached) |
| GET | /api/user/profile | Current user’s extended profile |
| PATCH | /api/user/profile | Update profile fields |
| GET | /api/user/sessions | All active login sessions |
| DELETE | /api/user/sessions/{session} | Revoke a session |
| GET | /api/user/notifications | Unacknowledged notifications |
| POST | /api/user/notifications/{notification}/ack | Acknowledge a notification |
| POST | /api/user/notifications/dismiss-all | Acknowledge all pending notifications |
| GET | /api/user/inbox | Inbox messages from product providers |
| POST | /api/user/inbox/{message}/read | Mark message as read |
| POST | /api/user/inbox/{message}/unread | Mark message as unread |
| POST | /api/user/inbox/{message}/flag | Flag a message |
| POST | /api/user/inbox/{message}/unflag | Unflag a message |
| GET | /api/user/personal-access-tokens | List PATs |
| POST | /api/user/personal-access-tokens | Create a new PAT |
| DELETE | /api/user/personal-access-tokens/{patid} | Revoke a PAT |
Organisations
| Method | Path | Description |
|---|---|---|
| GET | /api/organisations | List all organisations |
| GET | /api/organisations/{organisationid} | Get public profile of an organisation |
| DELETE | /api/organisations/{organisationid} | Delete an organisation (admin only) |
| GET | /api/organisation | Get current user’s organisation (owner/deputy view) |
| PUT | /api/organisation | Update organisation details |
| PUT | /api/organisation/roles | Update org owner/deputy assignments |
| GET | /api/organisation/members | List organisation members |
Data products
{productversionid} is the data_product_version_id UUID. {productid} is the parent data_product_id.
Listing and creating
| Method | Path | Query params | Description |
|---|---|---|---|
| GET | /api/products | filter=published\|ou\|pinned | List products by filter |
| POST | /api/products | — | Create a blank draft product |
Product lifecycle
| Method | Path | Description |
|---|---|---|
| GET | /api/products/{productversionid} | Full extended profile |
| DELETE | /api/products/{productversionid} | Delete (draft only) |
| PUT | /api/products/{productversionid}/pin | Pin/unpin for current user |
| POST | /api/products/{productversionid}/publish | Publish a draft |
| GET | /api/products/{productversionid}/publication-status | Readiness checklist |
| POST | /api/products/{productid}/draft-new-version | Clone published → new draft |
| POST | /api/products/{productid}/phase-out | Phase out a published product |
Metadata sections
Each section has a matching GET and PUT endpoint under /api/products/{productversionid}/:
| Section | Path suffix |
|---|---|
| General Info | general-info |
| Data Schema | data-schema |
| Data Quality | data-quality |
| Use Cases | use-cases |
| SLA | sla |
| Support | support |
| License | license |
| Lineage | lineage |
| Pricing | pricing |
| Approval Info | approval-info |
| Credentials | credentials-info |
| Usage Info | usage-info |
Cover image
| Method | Path | Description |
|---|---|---|
| GET | /api/products/{productversionid}/cover | Raw binary cover image |
| PUT | /api/products/{productversionid}/cover | Upload or set hotlink |
Messaging and queries
| Method | Path | Description |
|---|---|---|
| POST | /api/products/{productversionid}/messages | Send message to all consumers |
| POST | /api/products/{productversionid}/validate-sql | Validate a SQL statement against DuckDB |
Agreements
| Method | Path | Description |
|---|---|---|
| POST | /api/products/{productversionid}/terminate-my-agreement | Consumer terminates own agreement |
| POST | /api/products/{productversionid}/consumers/{consumerid}/terminate-agreement | Provider terminates a consumer’s agreement |
Geo & time views
| Method | Path | Description |
|---|---|---|
| GET | /api/geo-products | Products with geospatial queries (for map view) |
| GET | /api/time-products | Products with duration queries (for calendar view) |
| GET | /api/insights/time/{category}/{topic}/{region}/{area} | Time-series data from DuckDB |
Search
GET /api/search?query=<term>&scope=<scope>Full-text search over product general_info JSONB. Returns []ProductBasicInfo.
Access requests
| Method | Path | Description |
|---|---|---|
| POST | /api/sent-requests | Submit an access request |
| GET | /api/sent-requests | List own sent requests |
| DELETE | /api/sent-requests/{requestid} | Cancel a sent request |
| GET | /api/received-requests | List requests received for own org’s products |
| PUT | /api/received-requests/{requestid}/evaluation | Approve or deny a request |
See Access Management for business rules and status lifecycle.
Invitations
| Method | Path | Description |
|---|---|---|
| GET | /api/invitations | List recent invitations (last 30 days) |
| POST | /api/invitations | Create a new invitation |
| POST | /api/org-invitations | Invite a user to your organisation |
| GET | /api/invitations/{invitation_token} | Get invitation by token (public, no auth) |
| DELETE | /api/invitations/{invitation_id} | Cancel an invitation |
| POST | /api/invitations/{invitation_token}/accept | Accept an invitation (public, no auth) |
Images
GET /api/images/previews?search=<term>Proxies to the configured image service (e.g. Unsplash) to return cover image candidates. Requires the image integration to be enabled in Settings → Apps.
JSON-RPC
POST /api/jsonrpcExecutes named product queries via DuckDB. Uses JSON-RPC 2.0 request format. 60-second timeout.
MCP
| Method | Path | Notes |
|---|---|---|
| GET / POST / DELETE | /mcp | MCP streamable HTTP transport |
| GET / POST / DELETE | /api/mcp | Alias |
Authentication: Authorization: Bearer <PAT>. No timeout. See MCP Integration.
DXF export
POST /api/export/dxf
Content-Type: application/jsonAccepts a GeoJSON FeatureCollection. Returns a binary application/dxf attachment.
Error codes
| HTTP status | Meaning |
|---|---|
400 | Bad request — check the request body or business rule violation |
401 | Unauthorized — missing or invalid session / PAT |
403 | Forbidden — action not permitted for your role |
404 | Not found |
429 | Rate limited — slow down and retry |
500 | Internal server error |