Craton cratonlayer.com

Agent API

Craton Agent API lets your agent programmatically configure a boundary path, get a fee quote, initiate signing, and check status - without going through the UI.

Don't have an API key yet? Complete your boundary path setup at cratonlayer.com to get started. Your API key is issued after signing, payment confirmation, and activation requirements are complete.

Authentication

For the production boundary check, send the Craton API key issued after payment. For self-service agent setup endpoints, send the partner API key.

Authorization: Bearer <CRATON_API_KEY>
X-API-Key: <your_partner_api_key>

Production Boundary Check

POST/v1/boundary/check
UseCall this from the covered production system when the agreed high-risk action is about to proceed. HeadersAuthorization: Bearer <CRATON_API_KEY>, Content-Type: application/json Returnsverdict, receipt, commitment_id, request_id, boundary_snapshot. 
curl -X POST    -H "Authorization: Bearer <CRATON_API_KEY>"   -H "Content-Type: application/json"   -d '{
    "partner_id": "northstar_controls",
    "gate_type": "threshold_gate",
    "system_scope": "operations_console",
    "decision_type": "threshold_execution_request",
    "decision_owner": "operations_owner",
    "decision_size_usd": 500000,
    "case_id": "host-case-001",
    "external_reference": "host-request-123",
    "context": {
      "authorization_status": "present",
      "authorization_reference": "approval-2026-001",
      "authorization_source": "approval_workflow"
    }
  }'

Authorization fields are submitted metadata. Craton does not verify whether the underlying approval, authorization, or workflow event occurred; the signed receipt proves what was submitted and how the locked boundary policy evaluated it.

GET/protocol/v1/jwks.json
UseFetch the standard Ed25519 JWKS and select the key by kid. VerifyDecode receipt.payload_b64, then verify receipt.signature over those exact bytes before relying on the verdict downstream.

Self-Service Agent Endpoints

POST/self-service/api/agent/plans
BodyComplete scope JSON submitted in one request.Returnsdraft_id, mode, fee_quote, fee_status, inferred_fields.
GET/self-service/api/agent/plans/<draft_id>/quote
BodyNone.Returnsmode, quoted_total_fee, fee_status, uplift_breakdown, scope_complete, inferred_fields.
POST/self-service/api/agent/plans/<draft_id>/initiate-signing
BodyOptional empty JSON object. Requires complete scope and reviewed status.Returnssigning_status and craton_signing_urls, or blockers from the existing signing gate.
GET/self-service/api/agent/plans/<draft_id>/status
BodyNone.Returnsdraft.status, signing_status, payment_status, api_key_ready.

Example Flow

1. Create a draft

{
  "partner_id": "northstar_systems",
  "partner_name": "Northstar Systems",
  "action_label": "Hold high-risk releases over USD 500,000 before execution",
  "primary_system": "operations_console",
  "decision_owner": "operations_owner",
  "threshold_usd": "500000",
  "allow_handling": "Proceed and record the signed result.",
  "constrain_handling": "Pause execution and notify the owner.",
  "reject_handling": "Block the action and record the rejection reason."
}
{
  "status": "created",
  "draft_id": "draft_0bebbfaef56c44d3",
  "mode": 1,
  "mode_label": "Single Path / Single Authority",
  "fee_quote": 45000,
  "fee_status": "auto_quoted",
  "inferred_fields": ["primary_gate", "decision_type"]
}

2. Read the quote

GET /self-service/api/agent/plans/draft_0bebbfaef56c44d3/quote
{
  "status": "ok",
  "mode": 1,
  "quoted_total_fee": 45000,
  "fee_status": "auto_quoted",
  "uplift_breakdown": [],
  "scope_complete": true,
  "inferred_fields": ["primary_gate", "decision_type"]
}

3. Initiate signing after review

POST /self-service/api/agent/plans/draft_0bebbfaef56c44d3/initiate-signing
{}
{
  "status": "triggered",
  "signing_status": "signature_request_created",
  "craton_signing_urls": [
    {
      "signature_id": "sig_abc123",
      "sign_url": "/self-service/plans/{draft_id}/signing",
      "expires_at": 1770000000
    }
  ]
}

4. Check status

GET /self-service/api/agent/plans/draft_0bebbfaef56c44d3/status
{
  "status": "ok",
  "draft": { "status": "reviewed" },
  "signing_status": {
    "all_core_docs_signed": false,
    "signed_count": 0,
    "required_count": 4
  },
  "payment_status": "locked_waiting_for_all_core_docs_signed",
  "api_key_ready": false
}