API Overview

Base URL

https://api.shieldlabs.ai

Authentication

Public endpoints

Public endpoints authenticate using your domain keys embedded in the URL path. No JWT required.

GET https://api.shieldlabs.ai/pub/{public_key}/{secret_key}/{endpoint}

{public_key} — your domain’s public key (UUID)
{secret_key} — your domain’s secret key

Dashboard API

All /api/* endpoints require a JWT access token in the Authorization header:

Authorization: Bearer <access_token>

Get a token:

curl -X POST https://api.shieldlabs.ai/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "..."}'

Response:

{ "access_token": "eyJhbGciOiJIUzI1NiIs..." }

Refresh the token:

POST /api/auth/refresh

The refresh token is stored as an HTTP-only cookie. Returns a new access_token.

Webhook registration API

The webhook registration endpoint uses your domain credentials in the URL:

POST https://api.shieldlabs.ai/{domain}:{secret}/callback
Content-Type: text/plain
Body: https://your-server.com/webhook

This is separate from the REST API — it uses {domain}:{secret} not {public_key}/{secret_key}.

Response format

All endpoints return JSON. Error responses:

{ "error": "description" }

Pagination

Paginated endpoints accept limit and offset query parameters:

?limit=20&offset=40

Dates

All timestamps are ISO 8601 UTC:

"2026-04-14T10:00:00Z"

Overview

Public Endpoints

​API Overview

​Base URL

​Authentication

​Public endpoints

​Dashboard API

​Webhook registration API

​Response format

​Pagination

​Dates