Skip to main content
API docs by Redocly

Mandaitor Delegation Mandate Registry API (1.0.0)

Download OpenAPI specification:Download

Mandaitor API Support: api@mandaitor.io License: Proprietary

Neutral, trustworthy infrastructure for verifiable delegated authority between humans and AI agents.

Admin

Admin-only operations

List pending access requests

Authorizations:
ApiKeyAuthBearerAuth
query Parameters
status
string
Enum: "PENDING" "APPROVED" "REJECTED" "ACTIVATED"
limit
integer [ 1 .. 200 ]
Default: 50

Responses

Response samples

Content type
application/json
{
  • "requests": [
    ]
}

Approve or reject an access request

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Request Body schema: application/json
required
decision
required
string
Enum: "APPROVED" "REJECTED"
notes
string

Responses

Request samples

Content type
application/json
{
  • "decision": "APPROVED",
  • "notes": "string"
}

Activate a tenant account

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Request Body schema: application/json
plan
string
Default: "free"
Enum: "free" "starter" "enterprise"

Responses

Request samples

Content type
application/json
{
  • "plan": "free"
}

Response samples

Content type
application/json
{
  • "tenant_id": "string",
  • "company_name": "string",
  • "plan": "string",
  • "status": "ACTIVE",
  • "created_at": "2019-08-24T14:15:22Z",
  • "api_keys": [
    ]
}

Events

Immutable audit trail

Get audit events for a mandate

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Example: mdt_01HXYZ...
query Parameters
limit
integer [ 1 .. 200 ]
Default: 50
cursor
string

Base64url-encoded pagination cursor

Responses

Response samples

Content type
application/json
{
  • "events": [
    ],
  • "pagination": {
    }
}

Query all events for the tenant

Authorizations:
ApiKeyAuthBearerAuth
query Parameters
event_type
string
Enum: "MANDATE_CREATED" "MANDATE_SUSPENDED" "MANDATE_REACTIVATED" "MANDATE_REVOKED" "VERIFICATION_ALLOWED" "VERIFICATION_DENIED" "ESCALATION_TRIGGERED"
limit
integer [ 1 .. 200 ]
Default: 50
cursor
string

Base64url-encoded pagination cursor

Responses

Response samples

Content type
application/json
{
  • "events": [
    ],
  • "pagination": {
    }
}

Get a specific event by ID

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Example: evt_01HXYZ...

Responses

Response samples

Content type
application/json
{
  • "event_id": "string",
  • "tenant_id": "string",
  • "mandate_id": "string",
  • "event_type": "MANDATE_CREATED",
  • "timestamp": "2019-08-24T14:15:22Z",
  • "actor": {
    },
  • "details": { },
  • "previous_event_hash": "string",
  • "event_hash": "string",
  • "kms_signature": "string"
}

Mandates

Core mandate lifecycle operations

Create a new mandate

Authorizations:
ApiKeyAuthBearerAuth
Request Body schema: application/json
required
required
object (Subject)
required
object (Subject)
required
object (Scope)
object (Constraints)
metadata
object
expires_at
string <date-time>

Responses

Request samples

Content type
application/json
{
  • "principal": {
    },
  • "delegate": {
    },
  • "scope": {
    },
  • "constraints": {
    },
  • "metadata": { },
  • "expires_at": "2019-08-24T14:15:22Z"
}

Response samples

Content type
application/json
{
  • "mandate_id": "mdt_01HXYZ...",
  • "tenant_id": "string",
  • "version": 0,
  • "status": "DRAFT",
  • "principal": {
    },
  • "delegate": {
    },
  • "scope": {
    },
  • "constraints": {
    },
  • "proof": {
    },
  • "metadata": { },
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "expires_at": "2019-08-24T14:15:22Z"
}

List mandates (paginated)

Authorizations:
ApiKeyAuthBearerAuth
query Parameters
status
string
Enum: "DRAFT" "ACTIVE" "SUSPENDED" "REVOKED" "EXPIRED"
limit
integer [ 1 .. 200 ]
Default: 50
cursor
string

Base64url-encoded pagination cursor

Responses

Response samples

Content type
application/json
{
  • "mandates": [
    ],
  • "pagination": {
    }
}

Get mandate by ID

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Example: mdt_01HXYZ...

Responses

Response samples

Content type
application/json
{
  • "mandate_id": "mdt_01HXYZ...",
  • "tenant_id": "string",
  • "version": 0,
  • "status": "DRAFT",
  • "principal": {
    },
  • "delegate": {
    },
  • "scope": {
    },
  • "constraints": {
    },
  • "proof": {
    },
  • "metadata": { },
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "expires_at": "2019-08-24T14:15:22Z"
}

Revoke a mandate

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Example: mdt_01HXYZ...
Request Body schema: application/json
reason
string

Responses

Request samples

Content type
application/json
{
  • "reason": "Contract terminated"
}

Response samples

Content type
application/json
{
  • "mandate_id": "string",
  • "status": "string",
  • "updated_at": "2019-08-24T14:15:22Z"
}

Suspend a mandate

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Example: mdt_01HXYZ...
Request Body schema: application/json
reason
string

Responses

Request samples

Content type
application/json
{
  • "reason": "Under review"
}

Response samples

Content type
application/json
{
  • "mandate_id": "string",
  • "status": "string",
  • "updated_at": "2019-08-24T14:15:22Z"
}

Reactivate a suspended mandate

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Example: mdt_01HXYZ...

Responses

Response samples

Content type
application/json
{
  • "mandate_id": "string",
  • "status": "string",
  • "updated_at": "2019-08-24T14:15:22Z"
}

Onboarding

Tenant access request and activation

Submit an access request (no auth required)

Request Body schema: application/json
required
company_name
required
string
contact_name
string
contact_email
required
string <email>
use_case
required
string
industry
string
Enum: "construction" "real_estate" "venture_capital" "other"
website
string <uri>

Responses

Request samples

Content type
application/json
{
  • "company_name": "monco GmbH",
  • "contact_name": "Max Mustermann",
  • "contact_email": "max@monco.ai",
  • "use_case": "AI agent delegation for construction validation",
  • "industry": "construction",
  • "website": "http://example.com"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "status": "PENDING",
  • "message": "string"
}

Get tenant details

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string

Responses

Response samples

Content type
application/json
{
  • "tenant_id": "string",
  • "company_name": "string",
  • "plan": "string",
  • "status": "ACTIVE",
  • "created_at": "2019-08-24T14:15:22Z",
  • "api_keys": [
    ]
}

Generate a new API key for the tenant

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Request Body schema: application/json
name
string
scopes
Array of strings

Responses

Request samples

Content type
application/json
{
  • "name": "production-key",
  • "scopes": [
    ]
}

Response samples

Content type
application/json
{
  • "key_id": "string",
  • "api_key": "string",
  • "name": "string",
  • "scopes": [
    ],
  • "created_at": "2019-08-24T14:15:22Z"
}

Public

Unauthenticated public endpoints

Resolve the Mandaitor issuer DID document

Returns the W3C DID Document for the Mandaitor issuer DID (did:web:api.mandaitor.io). Contains the public key used to verify Proof-of-Mandate SD-JWT VCs.

Responses

Response samples

Content type
application/did+json
{
  • "@context": [
    ],
  • "id": "did:web:api.mandaitor.io",
  • "verificationMethod": [
    ],
  • "authentication": [
    ],
  • "assertionMethod": [
    ],
  • "service": [
    ]
}

Submit an access request (no auth required)

Request Body schema: application/json
required
company_name
required
string
contact_name
string
contact_email
required
string <email>
use_case
required
string
industry
string
Enum: "construction" "real_estate" "venture_capital" "other"
website
string <uri>

Responses

Request samples

Content type
application/json
{
  • "company_name": "monco GmbH",
  • "contact_name": "Max Mustermann",
  • "contact_email": "max@monco.ai",
  • "use_case": "AI agent delegation for construction validation",
  • "industry": "construction",
  • "website": "http://example.com"
}

Response samples

Content type
application/json
{
  • "request_id": "string",
  • "status": "PENDING",
  • "message": "string"
}

Public widget config for embed (no auth)

path Parameters
widgetId
required
string

Responses

Response samples

Content type
application/json
{
  • "widget_id": "string",
  • "tenant_name": "string",
  • "branding": { },
  • "enabled_idps": [
    ],
  • "taxonomy_libraries": [
    ]
}

Verification

Real-time action authorization

Verify if an action is authorized by a mandate

Performance-critical endpoint. Target: < 50ms p99 latency (without PoM), < 200ms p99 (with PoM). Returns ALLOW or DENY with optional escalation metadata and an optional Proof-of-Mandate Verifiable Credential.

Authorizations:
ApiKeyAuthBearerAuth
query Parameters
pom
string
Value: "sd-jwt-vc"

Request a Proof-of-Mandate Verifiable Credential in the response. The VC is an SD-JWT signed by the Mandaitor issuer DID.

Request Body schema: application/json
required
delegate_subject_id
required
string
action
required
string
resource
required
string
context
object

Responses

Request samples

Content type
application/json
{
  • "delegate_subject_id": "monco:agent:validate-agent-v2",
  • "action": "construction.validation.approve",
  • "resource": "monco:project:proj_ABC123/zone:EG/installation:stk_42",
  • "context": { }
}

Response samples

Content type
application/json
{
  • "decision": "ALLOW",
  • "mandate_id": "string",
  • "event_id": "string",
  • "reason_codes": [
    ],
  • "constraints_remaining": { },
  • "proof_of_mandate": {
    }
}

Widget Config

Tenant widget configuration

Get tenant widget configuration

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string

Responses

Response samples

Content type
application/json
{
  • "tenant_id": "string",
  • "widget_id": "string",
  • "identity_providers": [
    ],
  • "taxonomy_libraries": [
    ],
  • "mandate_templates": [
    ],
  • "branding": {
    },
  • "approval_workflow": {
    },
  • "webhook_url": "http://example.com",
  • "updated_at": "2019-08-24T14:15:22Z"
}

Update tenant widget configuration

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Request Body schema: application/json
required
identity_providers
Array of objects
taxonomy_libraries
Array of strings
mandate_templates
Array of objects
branding
object
approval_workflow
object
webhook_url
string <uri>

Responses

Request samples

Content type
application/json
{
  • "identity_providers": [
    ],
  • "taxonomy_libraries": [
    ],
  • "mandate_templates": [
    ],
  • "branding": { },
  • "approval_workflow": { },
  • "webhook_url": "http://example.com"
}

Response samples

Content type
application/json
{
  • "tenant_id": "string",
  • "widget_id": "string",
  • "identity_providers": [
    ],
  • "taxonomy_libraries": [
    ],
  • "mandate_templates": [
    ],
  • "branding": {
    },
  • "approval_workflow": {
    },
  • "webhook_url": "http://example.com",
  • "updated_at": "2019-08-24T14:15:22Z"
}

Validate an IdP connection

Authorizations:
ApiKeyAuthBearerAuth
path Parameters
id
required
string
Request Body schema: application/json
required
provider
required
string
Enum: "eidas_eudi" "entra_id" "auth0" "okta"
config
required
object

Responses

Request samples

Content type
application/json
{
  • "provider": "eidas_eudi",
  • "config": { }
}

Response samples

Content type
application/json
{
  • "valid": true,
  • "provider": "string",
  • "details": { }
}