Authentication
All endpoints are authenticated with Bearer tokens over HTTPS. Keys are hashed at rest and scoped per organization.
Bearer tokens
Need a key?
API keys are currently issued manually. Email your organization name and the endpoints you need to snapreportai99@gmail.com.
Every request must include an Authorization header carrying your API key as a Bearer token:
http
Authorization: Bearer myqa_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAPI keys are hashed at rest with SHA-256. The raw key is shown exactly once at creation time — store it in a secrets manager.
Permissions
Keys carry one or more permissions. Each endpoint requires a specific one:
captureiq:analyze— POST /api/v1/captureiq/analyzesnapreport:generate— POST /api/v1/snapreport/analyze
Job-status GET endpoints are accessible to any valid key scoped to the same organization.
IP allowlist (optional)
When creating a key you can restrict it to a list of IP addresses. Requests from any other source return 401.
Error codes
| HTTP | Code | Meaning |
|---|---|---|
| 401 | UNAUTHORIZED | Missing / invalid / revoked key, or IP not allowlisted. |
| 403 | FORBIDDEN | Key is valid but lacks the required permission. |
| 400 | INVALID_INPUT | Request body failed validation (missing fields, bad file type, unsafe callback URL). |
| 400 | INVALID_AUDIO_FORMAT | Audio MIME type is not in the CaptureIQ supported list. |
| 400 | FILE_TOO_LARGE | A file exceeded its per-file size limit (see endpoint pages). |
| 400 | INVALID_CALLBACK_URL | callback_url must be HTTPS and must not target localhost, private (RFC1918) / link-local IPs, or cloud metadata services. |
| 404 | NOT_FOUND | Job ID does not exist or belongs to a different organization. |
| 404 | STANDARD_NOT_FOUND | The supplied standard_id does not exist (SnapReport). |
| 500 | PROCESSING_ERROR | Unexpected server error during processing. |
Operational
- Every response carries an
X-Request-Idheader (UUID). Include it when contacting support so we can locate the exact request in our logs. - All endpoints support CORS preflight (
OPTIONS) withAuthorization, Content-Typerequest headers. - There is no fixed rate limit at this time. Email snapreportai99@gmail.com before sustained traffic above ~10 req/s so we can scope a quota for your key.
- Successful API calls are billed in coins from your organization plan based on token usage. The
token_usageobject on the response shows what was consumed.
Error envelope
json
{ "success": false, "error": { "code": "UNAUTHORIZED", "message": "Invalid API key." }}