API v1 — Production

Vault Executive API

Integrate your AI Executive Team. Submit a business profile, receive an 8-agent strategic analysis in seconds.

Authentication

All API requests must include a Bearer token in the Authorization header. Generate your key from the Partner Dashboard.

HTTP

Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keys are tied to your partner account. Each key has a rate limit (default 60/hr) and monthly quota (default 100 reports).

Base URL

URL

https://api.vaultexecutive.ai/v1

Direct Supabase Functions URL (also accepted): https://kfdtxfcjtwuuomrxyvls.supabase.co/functions/v1/api-v1-analyze

Endpoints

POST/v1/analyze

Full 8-Agent Analysis

Submit a business profile and objective. Returns a comprehensive strategic report from all 8 executive agents (Keystone, Vantix, Bullion, Traction, Lumis, Rampart, Codexa, Flux). Typically returns in 30–60 seconds.

cURL

bash

curl -X POST https://api.vaultexecutive.ai/v1/analyze \
  -H "Authorization: Bearer ak_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Launch SaaS for SMB consultants",
    "description": "Bootstrapped, target $20k MRR in 12 months",
    "business_profile": {
      "industry": "B2B SaaS",
      "stage": "pre-launch",
      "team_size": 2
    }
  }'

Node.js

javascript

const res = await fetch("https://api.vaultexecutive.ai/v1/analyze", {
  method: "POST",
  headers: {
    "Authorization": "Bearer ak_live_...",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    title: "Launch SaaS for SMB consultants",
    description: "Bootstrapped, target $20k MRR in 12 months",
  }),
});
const report = await res.json();
console.log(report.id, report.executive_assessment);

Python

python

import requests

res = requests.post(
    "https://api.vaultexecutive.ai/v1/analyze",
    headers={
        "Authorization": "Bearer ak_live_...",
        "Content-Type": "application/json",
    },
    json={
        "title": "Launch SaaS for SMB consultants",
        "description": "Bootstrapped, target $20k MRR in 12 months",
    },
)
report = res.json()
print(report["id"], report["executive_assessment"])

Response 200

json

{
  "id": "rpt_a1b2c3...",
  "created_at": "2026-06-20T12:00:00Z",
  "executive_assessment": "...",
  "agents": {
    "keystone": "...", "vantix": "...", "bullion": "...",
    "traction": "...", "lumis": "...", "rampart": "...",
    "codexa": "..."
  },
  "shared_assumptions": { "year1_user_target": 5000, "monthly_churn_pct": 5 }
}

GET/v1/report/:id

Retrieve Report

Fetch a previously generated report by ID.

bash

curl https://api.vaultexecutive.ai/v1/report/rpt_a1b2c3 \
  -H "Authorization: Bearer ak_live_..."

GET/v1/status

Health Check

No authentication required. Returns API uptime and availability.

bash

curl https://api.vaultexecutive.ai/v1/status

json

{
  "status": "ok",
  "version": "v1",
  "uptime": "423521s",
  "agents_available": 8,
  "average_response_time_ms": 42000
}

Error Codes

Status	Code	Meaning
401	invalid_api_key	Missing or invalid Bearer token
429	rate_limited	Hourly rate limit exceeded
429	quota_exceeded	Monthly quota reached
500	server_error	Internal failure — please retry

Webhooks

Receive a signed HTTP callback the moment a report finishes processing. Configure a webhook URL in your Partner Dashboard → Settings.

Available events

report.completed — fired when an async analysis finishes

Payload format

json

{
  "event": "report.completed",
  "report_id": "rpt_a1b2c3...",
  "created_at": "2026-06-21T12:00:00Z",
  "processing_time_ms": 42137,
  "title": "Launch SaaS for SMB consultants",
  "report_url": "https://vaultexecutive.ai/partner-dashboard"
}

Verifying the X-Keystone-Signature header

Every webhook is signed with HMAC-SHA256 over the raw request body using your partner webhook secret. Compare the hex digest in X-Keystone-Signature with a fresh HMAC computed on the body. Use a constant-time comparison.

Node.js

javascript

import crypto from "crypto";

app.post("/webhooks/keystone", express.raw({ type: "application/json" }), (req, res) => {
  const signature = req.header("X-Keystone-Signature") || "";
  const expected = crypto
    .createHmac("sha256", process.env.ATLAS_WEBHOOK_SECRET)
    .update(req.body) // raw Buffer
    .digest("hex");

  const ok =
    signature.length === expected.length &&
    crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
  if (!ok) return res.status(401).send("invalid signature");

  const event = JSON.parse(req.body.toString("utf8"));
  // handle event.event === "report.completed"
  res.status(200).send("ok");
});

Python (Flask)

python

import hmac, hashlib, os
from flask import Flask, request, abort

app = Flask(__name__)
SECRET = os.environ["ATLAS_WEBHOOK_SECRET"].encode()

@app.post("/webhooks/keystone")
def atlas_webhook():
    signature = request.headers.get("X-Keystone-Signature", "")
    expected = hmac.new(SECRET, request.get_data(), hashlib.sha256).hexdigest()
    if not hmac.compare_digest(signature, expected):
        abort(401)
    event = request.get_json()
    # handle event["event"] == "report.completed"
    return "ok", 200

Keystone retries failed deliveries (non-2xx response) once after 30 seconds. Respond with HTTP 2xx within 10 seconds to acknowledge.

Rate Limits

Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (ISO-8601 timestamp when the monthly quota resets). Exceeding the monthly quota returns HTTP 429 with { "error": "rate_limited", ... }.

Ready to integrate?

Generate a production API key in under 30 seconds.

Get Your API Key