Login

Authenticate with the EthicalZen platform and receive a JWT token for authorized API access.

POST /api/auth/login

Request Body

{
  "email": "admin@ethicalzen.ai",
  "password": "admin123"
}

Response (200 OK)

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "email": "admin@ethicalzen.ai",
    "tenantId": "default"
  }
}

Register AI Use Case

Register a new AI use case with automatic domain-specific risk analysis and contract generation. The system analyzes your use case details and generates appropriate failure modes, guardrails, and safety suites.

POST /api/usecases/register

JavaScript

cURL

Python

// Register a new AI use case
const API_BASE = 'https://ethicalzen-backend-400782183161.us-central1.run.app';
const response = await fetch(`${API_BASE}/api/usecases/register`, {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_JWT_TOKEN',  // Or use 'x-api-key': 'YOUR_API_KEY'
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    service_name: 'Medical Diagnosis API',
    use_case: 'AI-powered medical diagnosis for patient care',
    industry: 'healthcare',
    data_sensitivity: ['PHI', 'medical_records'],
    compliance_requirements: ['HIPAA', 'SOC2']
  })
});

const data = await response.json();
console.log(data.contract_id);

Responses

200 - Success

400 - Bad Request

401 - Unauthorized

422 - Validation Error

{
  "success": true,
  "contract_id": "medical-diagnosis-api/healthcare/us/v1.0",
  "contract_spec": {
    "id": "medical-diagnosis-api/healthcare/us/v1.0",
    "version": "1.0",
    "service_name": "Medical Diagnosis API",
    "suite": "S2",
    "risk_score": 95,
    "failure_modes": [
      {
        "id": "FM_MISDIAGNOSIS",
        "name": "Misdiagnosis Risk",
        "severity": "CRITICAL",
        "likelihood": "HIGH",
        "impact": "Patient harm, malpractice liability",
        "mitigation": "Require medical professional review"
      },
      {
        "id": "FM_PHI_LEAK",
        "name": "PHI Data Exposure",
        "severity": "CRITICAL",
        "likelihood": "MEDIUM",
        "impact": "HIPAA violation, fines up to $50K per incident"
      }
    ],
    "guardrails": [
      {
        "id": "pii_detection_v1",
        "name": "PII Detection",
        "type": "REGEX",
        "thresholds": {
          "pii_risk": { "min": 0, "max": 0.05 }
        }
      },
      {
        "id": "medical_accuracy_v1",
        "name": "Medical Accuracy Check",
        "type": "SLM",
        "thresholds": {
          "confidence": { "min": 0.95 }
        }
      }
    ]
  },
  "analysis": {
    "risk_assessment": {
      "overall_risk_score": 95,
      "risk_factors": [
        "Healthcare industry with PHI data",
        "Medical diagnosis use case",
        "Patient safety implications"
      ]
    }
  },
  "timestamp": "2025-11-07T12:45:00.000Z"
}

Request Body

service_name string Required

The name of your AI service. Should be descriptive and unique within your organization.

Example: "Medical Diagnosis API"

use_case string Required

Detailed description of what your AI service does and how it will be used.

Example: "AI-powered medical diagnosis for patient care"

industry enum<string> Required

The industry your service operates in. This affects risk scoring and compliance requirements.

Options: "healthcare", "finance", "education", "legal", "entertainment", "technology"

data_sensitivity array<string>

Types of sensitive data your service handles. Determines which guardrails are applied.

Options: "PHI", "PII", "financial_data", "medical_records", "student_records", "legal_documents"

compliance_requirements array<string>

Regulatory compliance frameworks your service must adhere to.

Options: "HIPAA", "GDPR", "SOC2", "FERPA", "PCI-DSS", "ISO27001"

Response Fields

contract_id string

Unique identifier for the generated contract. Format: service-name/industry/region/version

Example: "medical-diagnosis-api/healthcare/us/v1.0"

suite enum<string>

Safety suite classification based on risk analysis.

Options: "S0" (Low Risk), "S1" (Medium Risk), "S2" (High Risk), "S3" (Critical Risk)

risk_score integer

Overall risk score from 0-100. Higher scores indicate higher risk and more stringent requirements.

Range: 0-100 (0-30: Low, 31-60: Medium, 61-85: High, 86-100: Critical)

failure_modes array<object>

Identified potential failure scenarios specific to your service's domain and use case.

guardrails array<object>

Recommended guardrails with enforcement mechanisms (REGEX, SLM, or LLM-based).

Get Simulation Results

Retrieve simulation results for a service registration. After registering a service, the system runs automated simulations to test failure modes. Use this endpoint to get the simulation results before approving the contract.

GET /api/simulation-results/:evaluationId

Path Parameters

evaluationId string Required

The evaluation ID returned from the service registration response

Example: eval_1699876543_medical-api

Headers

Authorization string Required

JWT token obtained from login

Example Request

cURL

JavaScript

Python

                            curl -X GET "https://ethicalzen-backend-400782183161.us-central1.run.app/api/simulation-results/eval_1699876543_medical-api" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
                        

                            const evaluationId = 'eval_1699876543_medical-api';
const response = await fetch(
  `https://ethicalzen-backend-400782183161.us-central1.run.app/api/simulation-results/${evaluationId}`,
  {
    headers: {
      'Authorization': 'Bearer YOUR_JWT_TOKEN'
    }
  }
);

const results = await response.json();
console.log(results.simulation_results);
                        

                            import requests

evaluation_id = "eval_1699876543_medical-api"
url = f"https://ethicalzen-backend-400782183161.us-central1.run.app/api/simulation-results/{evaluation_id}"
headers = {"Authorization": "Bearer YOUR_JWT_TOKEN"}

response = requests.get(url, headers=headers)
results = response.json()
print(results['simulation_results'])
                        

Response (200 OK)

{
  "success": true,
  "evaluation_id": "eval_1699876543_medical-api",
  "contract_id": "medical-api/healthcare/us/v1.0",
  "simulation_results": {
    "total_tests": 15,
    "passed": 12,
    "failed": 3,
    "failure_mode_coverage": {
      "F1_HALLUCINATED_MEDICAL_DATA": {
        "tests_run": 5,
        "detections": 4,
        "detection_rate": 0.8
      },
      "F2_PHI_EXPOSURE": {
        "tests_run": 5,
        "detections": 5,
        "detection_rate": 1.0
      }
    }
  },
  "recommendations": [
    "Increase PII detection threshold",
    "Add medical terminology validator"
  ],
  "status": "pending_approval"
}

Approve Contract

Approve a service contract after reviewing simulation results. This finalizes the contract and makes it active for runtime enforcement.

POST /api/evaluation/approve

Headers

Authorization string Required

JWT token obtained from login

Request Body Parameters

evaluation_id string Required

The evaluation ID from the simulation results

Example: "eval_1699876543_medical-api"

contract_id string Required

The contract ID to approve

Example: "medical-api/healthcare/us/v1.0"

approved boolean Required

Whether to approve (true) or reject (false) the contract

Example: true

notes string Optional

Approval or rejection notes

Example: "Simulation results look good, approving for production"

Example Request

cURL

JavaScript

Python

                            curl -X POST "https://ethicalzen-backend-400782183161.us-central1.run.app/api/evaluation/approve" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "evaluation_id": "eval_1699876543_medical-api",
    "contract_id": "medical-api/healthcare/us/v1.0",
    "approved": true,
    "notes": "Simulation results meet requirements, approved for production"
  }'
                        

                            const response = await fetch('https://ethicalzen-backend-400782183161.us-central1.run.app/api/evaluation/approve', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_JWT_TOKEN',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    evaluation_id: 'eval_1699876543_medical-api',
    contract_id: 'medical-api/healthcare/us/v1.0',
    approved: true,
    notes: 'Simulation results meet requirements, approved for production'
  })
});

const result = await response.json();
console.log(result.certificate);
                        

                            import requests

url = "https://ethicalzen-backend-400782183161.us-central1.run.app/api/evaluation/approve"
headers = {
    "Authorization": "Bearer YOUR_JWT_TOKEN",
    "Content-Type": "application/json"
}
data = {
    "evaluation_id": "eval_1699876543_medical-api",
    "contract_id": "medical-api/healthcare/us/v1.0",
    "approved": True,
    "notes": "Simulation results meet requirements, approved for production"
}

response = requests.post(url, headers=headers, json=data)
result = response.json()
print(result['certificate'])
                        

Response (200 OK)

{
  "success": true,
  "contract_id": "medical-api/healthcare/us/v1.0",
  "status": "approved",
  "certificate": {
    "id": "cert-12345",
    "issued_at": "2024-11-07T10:30:00Z",
    "expires_at": "2025-11-07T10:30:00Z",
    "public_key": "-----BEGIN PUBLIC KEY-----...",
    "blockchain_tx": "0x1234567890abcdef..."
  },
  "message": "Contract approved and certificate issued"
}

📋 Complete Registration Workflow

Multi-Step Process:

Step 1: POST /api/usecases/register → Returns contract_id and evaluation_id
Step 2: GET /api/simulation-results/:evaluationId → Review simulation results
Step 3: POST /api/evaluation/approve → Approve/reject contract
Step 4: Use certificate for runtime GuardRails Runtime Gateway enforcement

List Contracts

Retrieve all registered contracts for your tenant. Returns a list of all active and inactive contracts with their basic metadata.

GET /api/dc/contracts

Headers

Authorization string Required

JWT token obtained from login. Format: Bearer {token}

Example: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Query Parameters (Optional)

status string Optional

Filter contracts by status: active, inactive, pending

Example: ?status=active

suite string Optional

Filter contracts by suite: S1, S2, S3

Example: ?suite=S2

Example Request

cURL

JavaScript

Python

                            curl -X GET "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
                        

                            const response = await fetch('https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts', {
  headers: {
    'Authorization': 'Bearer YOUR_JWT_TOKEN'
  }
});

const data = await response.json();
console.log(data.contracts);
                        

                            import requests

url = "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts"
headers = {"Authorization": "Bearer YOUR_JWT_TOKEN"}

response = requests.get(url, headers=headers)
data = response.json()
print(data['contracts'])
                        

Response (200 OK)

{
  "success": true,
  "contracts": [
    {
      "id": "medical-api/healthcare/us/v1.0",
      "service_name": "Medical Diagnosis API",
      "suite": "S2",
      "risk_score": 95,
      "status": "active",
      "created_at": "2024-11-07T10:30:00Z",
      "tenant_id": "default"
    },
    {
      "id": "entertainment-api/media/us/v1.0",
      "service_name": "Movie Recommendations API",
      "suite": "S1",
      "risk_score": 45,
      "status": "active",
      "created_at": "2024-11-07T09:15:00Z",
      "tenant_id": "default"
    }
  ],
  "total": 2
}

Get Contract Details

Retrieve complete details of a specific contract including failure modes, guardrails, policies, and risk assessment.

GET /api/dc/contracts/:id

Path Parameters

id string Required

The unique contract identifier in format: {service-name}/{industry}/{region}/v{version}

Example: medical-api/healthcare/us/v1.0

Headers

Authorization string Required

JWT token obtained from login. Format: Bearer {token}

Example: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Example Request

cURL

JavaScript

Python

                            curl -X GET "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts/medical-diagnosis-api%2Fhealthcare%2Fus%2Fv1.0" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
                        

                            const contractId = 'medical-diagnosis-api/healthcare/us/v1.0';
const response = await fetch(
  `https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts/${encodeURIComponent(contractId)}`,
  {
    headers: {
      'Authorization': 'Bearer YOUR_JWT_TOKEN'
    }
  }
);

const contract = await response.json();
console.log(contract);
                        

                            import requests
from urllib.parse import quote

contract_id = "medical-diagnosis-api/healthcare/us/v1.0"
url = f"https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts/{quote(contract_id, safe='')}"
headers = {"Authorization": "Bearer YOUR_JWT_TOKEN"}

response = requests.get(url, headers=headers)
contract = response.json()
print(contract)
                        

Response (200 OK)

{
  "success": true,
  "contract": {
    "id": "medical-api/healthcare/us/v1.0",
    "service_name": "Medical Diagnosis API",
    "version": "1.0",
    "suite": "S2",
    "risk_score": 95,
    "industry": "healthcare",
    "data_sensitivity": ["PHI", "PII"],
    "failure_modes": [
      {
        "id": "F1_HALLUCINATED_MEDICAL_DATA",
        "name": "Hallucinated Medical Information",
        "severity": "CRITICAL",
        "likelihood": "HIGH",
        "impact": "Patient harm, malpractice liability",
        "detection_mechanism": "medical_terminology_validator"
      },
      {
        "id": "F2_PHI_EXPOSURE",
        "name": "Protected Health Information Exposure",
        "severity": "CRITICAL",
        "likelihood": "HIGH",
        "impact": "HIPAA violation ($50K+ per incident)"
      }
    ],
    "guardrails": [
      {
        "id": "pii_detection_v1",
        "name": "PII Detection",
        "enforcer_type": "REGEX",
        "metric": "pii_risk",
        "thresholds": {
          "min": 0,
          "max": 0.05
        }
      }
    ],
    "policies_applied": ["HIPAA_COMPLIANCE", "DATA_MINIMIZATION"],
    "status": "active",
    "created_at": "2024-11-07T10:30:00Z",
    "tenant_id": "default"
  }
}

Error Response (404 Not Found)

{
  "success": false,
  "error": "Contract not found"
}

Update Contract

Update an existing contract's configuration, including guardrails, thresholds, and policies.

PUT /api/dc/contracts/:id

Path Parameters

id string Required

The unique contract identifier

Example: medical-api/healthcare/us/v1.0

Request Body Parameters

status string Optional

Contract status: active, inactive, suspended

Example: "active"

guardrails array<object> Optional

Updated list of guardrails with thresholds

Example Request

cURL

JavaScript

Python

                            curl -X PUT "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts/medical-api%2Fhealthcare%2Fus%2Fv1.0" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "active",
    "guardrails": [
      {
        "id": "pii_detection_v1",
        "thresholds": {
          "min": 0,
          "max": 0.03
        }
      }
    ]
  }'
                        

                            const contractId = 'medical-api/healthcare/us/v1.0';
const response = await fetch(
  `https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts/${encodeURIComponent(contractId)}`,
  {
    method: 'PUT',
    headers: {
      'Authorization': 'Bearer YOUR_JWT_TOKEN',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      status: 'active',
      guardrails: [
        {
          id: 'pii_detection_v1',
          thresholds: {
            min: 0,
            max: 0.03
          }
        }
      ]
    })
  }
);

const updated = await response.json();
console.log(updated.contract);
                        

                            import requests
from urllib.parse import quote

contract_id = "medical-api/healthcare/us/v1.0"
url = f"https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/contracts/{quote(contract_id, safe='')}"
headers = {
    "Authorization": "Bearer YOUR_JWT_TOKEN",
    "Content-Type": "application/json"
}
data = {
    "status": "active",
    "guardrails": [
        {
            "id": "pii_detection_v1",
            "thresholds": {
                "min": 0,
                "max": 0.03
            }
        }
    ]
}

response = requests.put(url, headers=headers, json=data)
updated = response.json()
print(updated['contract'])
                        

Response (200 OK)

{
  "success": true,
  "contract": {
    "id": "medical-api/healthcare/us/v1.0",
    "status": "active",
    "updated_at": "2024-11-07T11:00:00Z"
  }
}

List Certificates

Retrieve all digital certificates issued for approved contracts.

GET /api/dc/certificates

Headers

Authorization string Required

JWT token obtained from login

Query Parameters (Optional)

contract_id string Optional

Filter certificates by contract ID

status string Optional

Filter by status: valid, expired, revoked

Example Request

cURL

JavaScript

Python

                            curl -X GET "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/certificates" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
                        

                            const response = await fetch('https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/certificates', {
  headers: {
    'Authorization': 'Bearer YOUR_JWT_TOKEN'
  }
});

const data = await response.json();
console.log(data.certificates);
                        

                            import requests

url = "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/certificates"
headers = {"Authorization": "Bearer YOUR_JWT_TOKEN"}

response = requests.get(url, headers=headers)
data = response.json()
print(data['certificates'])
                        

Response (200 OK)

{
  "success": true,
  "certificates": [
    {
      "id": "cert-12345",
      "contract_id": "medical-api/healthcare/us/v1.0",
      "status": "valid",
      "issued_at": "2024-11-07T10:30:00Z",
      "expires_at": "2025-11-07T10:30:00Z",
      "public_key": "-----BEGIN PUBLIC KEY-----..."
    }
  ],
  "total": 1
}

Create Certificate

Generate a new digital certificate for an approved contract. This enables blockchain-based verification.

POST /api/dc/certificates

Request Body Parameters

contract_id string Required

The contract ID to create a certificate for

Example: "medical-api/healthcare/us/v1.0"

validity_days number Optional

Certificate validity period in days (default: 365)

Example: 365

Example Request

cURL

JavaScript

Python

                            curl -X POST "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/certificates" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "contract_id": "medical-api/healthcare/us/v1.0",
    "validity_days": 365
  }'
                        

                            const response = await fetch('https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/certificates', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_JWT_TOKEN',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    contract_id: 'medical-api/healthcare/us/v1.0',
    validity_days: 365
  })
});

const result = await response.json();
console.log(result.certificate);
                        

                            import requests

url = "https://ethicalzen-backend-400782183161.us-central1.run.app/api/dc/certificates"
headers = {
    "Authorization": "Bearer YOUR_JWT_TOKEN",
    "Content-Type": "application/json"
}
data = {
    "contract_id": "medical-api/healthcare/us/v1.0",
    "validity_days": 365
}

response = requests.post(url, headers=headers, json=data)
result = response.json()
print(result['certificate'])
                        

Response (201 Created)

{
  "success": true,
  "certificate": {
    "id": "cert-12345",
    "contract_id": "medical-api/healthcare/us/v1.0",
    "status": "valid",
    "issued_at": "2024-11-07T10:30:00Z",
    "expires_at": "2025-11-07T10:30:00Z",
    "public_key": "-----BEGIN PUBLIC KEY-----...",
    "blockchain_tx": "0x1234567890abcdef..."
  }
}

Health Check

Check if the API server is running and healthy. No authentication required.

GET /api/health

Parameters

No parameters required. This is a public endpoint.

Example Request

cURL

JavaScript

Python

                            curl -X GET "https://ethicalzen-backend-400782183161.us-central1.run.app/api/health"
                        

                            const response = await fetch('https://ethicalzen-backend-400782183161.us-central1.run.app/api/health');
const health = await response.json();
console.log(health);
                        

                            import requests

url = "https://ethicalzen-backend-400782183161.us-central1.run.app/api/health"
response = requests.get(url)
health = response.json()
print(health)
                        

Response (200 OK)

{
  "status": "healthy",
  "timestamp": "2024-11-07T10:30:00Z",
  "version": "1.0.0",
  "uptime": 3600
}