Guardian Hub API Guide — Complete Reference

1. Overview

The Guardian Hub API provides programmatic access to the entire platform: manage WordPress sites, configure Autopilot automation, handle billing, process tickets, and receive real-time notifications. Every action available in the web dashboard can be performed through the API.

Base URL

All API endpoints are served under the /api/v1/ prefix:

https://guardian.bluix.net/api/v1/

If your tenant uses a white-label domain, replace the host accordingly (e.g. https://manage.youragency.com/api/v1/).

Versioning

The API is versioned via the URL path. The current and only stable version is v1. Breaking changes will be introduced in a new version prefix (e.g. /api/v2/) and the previous version will remain available for at least 12 months after deprecation notice.

Tip

A quick way to verify the API is reachable: send GET /api/v1/ and expect a JSON response with "status": "ok" and "service": "guardian-hub".

2. Authentication

Guardian Hub supports three authentication mechanisms depending on the use case.

2.1 Sanctum Token (Primary)

The recommended method for web and mobile clients. Obtain a token by posting credentials to the login endpoint:

POST /api/v1/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "your-password"
}

The response includes a bearer token:

{
  "success": true,
  "status": "success",
  "message": "Success",
  "data": {
    "token": "1|abc123def456...",
    "user": { "id": 1, "name": "John", "email": "user@example.com", ... }
  }
}

Include the token in all subsequent requests:

Authorization: Bearer 1|abc123def456...

2.2 Passport OAuth (Alexa / Third-Party)

For voice assistants and third-party integrations, Guardian Hub uses Laravel Passport with scoped tokens. Alexa endpoints require scope:alexa.read or scope:alexa.action via OAuth bearer tokens obtained through the standard OAuth2 authorization code flow.

2.3 API Key (Plugin / Agent)

The WordPress plugin (GuardianPlug) authenticates using a site-specific API key and HMAC signature. License endpoints under /api/v1/licenses are protected by API key, not Sanctum. The Autopilot handshake and telemetry endpoints use a dedicated autopilot.signature middleware.

2.4 Social Auth

Users can authenticate via Google, Apple, Microsoft, or custom OIDC providers. The flow uses redirect/callback endpoints under /api/v1/auth/social/{provider}/.

Quick Start: Get a Token

Register an account via the dashboard or POST /api/v1/register.
Call POST /api/v1/login with email and password.
Store the token from the response securely.
Send Authorization: Bearer {token} with every request.
Verify with GET /api/v1/auth/me to confirm the token works.

Warning

The login endpoint is rate-limited to 5 requests per minute. Implement exponential backoff if you receive a 429 response. Never store tokens in client-side JavaScript accessible to third-party scripts.

3. Rate Limiting

Rate limits vary by endpoint category to balance availability and fair usage.

Category	Limit	Applies To
Auth (login)	5 req/min	`POST /login`
Auth (register)	Standard auth throttle	`POST /register`
Public endpoints	api.public throttle	Checkout catalog, translations, white-label config
General API	60 req/min	Health, autopilot defaults/catalog
Telemetry	120 req/min	Plugin and product telemetry
Autopilot (agent)	120 req/min	Handshake, telemetry from plugin
Webhooks	30-60 req/min	WhatsApp/WeChat inbound
Tickets (create)	tickets.create throttle	New ticket creation
Tickets (message)	tickets.message throttle	Adding messages to tickets
Heavy operations	api.heavy throttle	AI digests, AI insights
Admin operations	admin throttle	System ops, Stripe admin, feature overrides

Handling 429 Responses

HTTP/1.1 429 Too Many Requests
Retry-After: 30

{
  "message": "Too many requests. Please try again later."
}

Retry Strategy

Read the Retry-After header (seconds) and wait at least that long before retrying. Use exponential backoff with jitter: wait min(2^attempt * 1s + random(0-1s), 60s). Never retry in a tight loop.

4. Request Format

Required Headers

Header	Value	Required
`Content-Type`	`application/json`	For POST/PUT/PATCH
`Accept`	`application/json`	Always recommended
`Authorization`	`Bearer {token}`	For authenticated endpoints

Pagination

List endpoints support Laravel-style pagination:

Parameter	Default	Description
`page`	1	Page number to retrieve
`per_page`	15	Items per page (max varies by endpoint, typically 50-100)

Filtering and Sorting

Many list endpoints accept filter parameters as query strings. For example, the tickets endpoint supports:

GET /api/v1/tickets?status=open&priority=high&search=ssl&per_page=25

Refer to individual endpoint documentation for available filters.

5. Response Format

All responses follow a standardized JSON envelope:

Success Response

{
  "success": true,
  "status": "success",
  "message": "Success",
  "data": { ... }
}

Error Response

{
  "success": false,
  "status": "error",
  "message": "Human-readable error description",
  "errors": null | { "field": ["Validation message"] }
}

HTTP Status Codes

Code	Meaning
`200`	Request succeeded
`201`	Resource created
`400`	Bad request / invalid argument
`401`	Unauthenticated (missing or invalid token)
`403`	Forbidden (valid token but insufficient permissions)
`404`	Resource not found
`422`	Validation error (check `errors` object)
`429`	Rate limit exceeded
`500`	Internal server error

Paginated Response

List endpoints wrap data in Laravel's paginator structure inside the data envelope:

{
  "success": true,
  "status": "success",
  "message": "Success",
  "data": {
    "current_page": 1,
    "data": [ { ... }, { ... } ],
    "last_page": 5,
    "per_page": 15,
    "total": 73,
    "next_page_url": "/api/v1/tickets?page=2",
    "prev_page_url": null
  }
}

6. API Endpoints by Category

Auth

Method	Path	Description	Auth
POST	`/login`	Login with email/password, returns Sanctum token	No
POST	`/register`	Register a new account and tenant	No
GET	`/registration/fields`	Get registration form field configuration	No
GET	`/auth/me`	Get current authenticated user details	Sanctum
GET	`/auth/social/{provider}/redirect`	Redirect to social provider (google, apple, microsoft, oidc)	No
GET	`/auth/social/{provider}/callback`	Handle callback from social provider	No
POST	`/auth/social/exchange`	Exchange social auth code for Sanctum token	No
POST	`/auth/social/complete-signup`	Complete registration after social auth	No
POST	`/auth/social/link/confirm`	Link social account to existing user	No
GET	`/user/locale`	Get user locale preference	Sanctum
POST	`/user/locale`	Set user locale preference	Sanctum
GET	`/account/deletion`	Get account deletion request status	Sanctum
POST	`/account/deletion`	Request account deletion (GDPR)	Sanctum

Guardian Sites

All site endpoints require Sanctum auth + tenant context.

Method	Path	Description
GET	`/sites`	List all sites for the current tenant
POST	`/sites`	Create a new site (generates pairing token)
GET	`/sites/{site}`	Get site details
PUT	`/sites/{site}`	Update site settings
DELETE	`/sites/{site}`	Delete a site
POST	`/sites/{site}/refresh`	Force refresh site data from agent
POST	`/sites/{site}/scan`	Trigger a security scan
GET	`/sites/{site}/score`	Get site health/security score
GET	`/sites/{site}/alerts`	List active alerts for a site
POST	`/alerts/{alert}/resolve`	Resolve an alert
GET	`/sites/{site}/members`	List site team members
POST	`/sites/{site}/members`	Add a member to a site
PUT	`/sites/{site}/members/{member}`	Update member role
DELETE	`/sites/{site}/members/{member}`	Remove a member
GET	`/sites/{site}/metrics`	Get site performance metrics
GET	`/sites/{site}/timeline`	Get activity timeline
GET	`/sites/{site}/report`	Download a site report (PDF/CSV)
GET	`/sites/{site}/risk-score`	Get computed risk score
POST	`/sites/{site}/containment/enable`	Enable kill-switch containment mode
POST	`/sites/{site}/containment/disable`	Disable containment mode

Autopilot

Method	Path	Description	Auth
GET	`/autopilot/defaults`	Get default autopilot configuration	No
GET	`/autopilot/catalog`	List available spokes and bundles	No
POST	`/autopilot/handshake`	Agent handshake (plugin registers with hub)	Signature
POST	`/autopilot/telemetry`	Agent sends telemetry data	Signature
POST	`/autopilot/sites/{site}/register`	Register a site for autopilot	Sanctum
GET	`/autopilot/sites/{site}/profile`	Get site autopilot profile	Sanctum
PUT	`/autopilot/sites/{site}/spokes`	Update enabled spokes	Sanctum
PUT	`/autopilot/sites/{site}/schedule`	Update automation schedule	Sanctum
GET	`/autopilot/sites/{site}/mode`	Get autonomy mode (full/semi/manual)	Sanctum
POST	`/autopilot/sites/{site}/mode`	Set autonomy mode	Sanctum
GET	`/autopilot/sites/{site}/chat/threads`	List AI chat threads for a site	Sanctum
POST	`/autopilot/sites/{site}/chat/threads`	Create a new AI chat thread	Sanctum
POST	`/autopilot/chat/threads/{thread}/messages`	Send a message in an AI chat thread	Sanctum
GET	`/action-approvals`	List pending autopilot approvals	Sanctum
POST	`/action-approvals/{approval}/approve`	Approve an autopilot action	Sanctum
POST	`/action-approvals/{approval}/reject`	Reject an autopilot action	Sanctum

Billing

Billing endpoints require Sanctum auth + tenant context.

Method	Path	Description
GET	`/billing/overview`	Get tenant billing overview (plan, usage, invoices)
POST	`/billing/change-plan`	Initiate plan change (creates Stripe checkout)
POST	`/billing/plan/confirm-checkout`	Confirm plan checkout after Stripe redirect
POST	`/billing/recovery-pass/purchase`	Purchase a recovery pass
POST	`/billing/request-bank-transfer`	Request bank transfer payment
GET	`/billing/addons/overview`	List purchased add-ons and assignments
POST	`/billing/addons/preview`	Preview add-on pricing before purchase
POST	`/billing/addons/purchase`	Purchase an add-on (Stripe checkout)
POST	`/billing/addons/assign`	Assign an add-on to a specific site
GET	`/billing/bundles/catalog`	List available bundles
POST	`/billing/bundles/purchase`	Purchase a bundle
GET	`/checkout/catalog`	Public plan catalog (no auth required)
POST	`/checkout/register`	Public register + checkout in one step

Tickets

Sanctum auth + tenant context required.

Method	Path	Description
GET	`/tickets`	List tickets (filterable by status, priority, category, search)
POST	`/tickets`	Create a new ticket
GET	`/tickets/{ticket}`	Get ticket details with messages
PUT	`/tickets/{ticket}`	Update ticket (status, priority, assignment)
POST	`/tickets/{ticket}/messages`	Add a message to a ticket
POST	`/tickets/{ticket}/escalate`	Escalate a ticket to higher priority
GET	`/tickets/{ticket}/ai-insight`	Get AI-generated insight for a ticket
POST	`/tickets/{ticket}/ai-insight/refresh`	Refresh AI insight (heavy operation)
GET	`/tickets/ai-digest/latest`	Get latest AI digest of all tickets
GET	`/tickets/context`	Get ticket context data (categories, users)
GET	`/tickets/statistics`	Get ticket statistics and metrics

Notifications

Method	Path	Description	Auth
GET	`/notifications`	List notifications (paginated)	Sanctum
GET	`/notifications/unread-count`	Get unread notification count	Sanctum
POST	`/notifications/{id}/read`	Mark a notification as read	Sanctum
POST	`/notifications/read-all`	Mark all notifications as read	Sanctum
DELETE	`/notifications/{id}`	Delete a notification	Sanctum
POST	`/push/subscriptions`	Subscribe to web push notifications	Sanctum
DELETE	`/push/subscriptions/{endpointHash}`	Unsubscribe from web push	Sanctum
POST	`/push/test`	Send a test push notification	Sanctum

Admin

Admin endpoints require Sanctum auth + superadmin role. Rate-limited under the admin throttle.

Method	Path	Description
GET	`/admin/stripe/overview`	Stripe dashboard overview
GET	`/admin/stripe/addon-subscriptions`	List all add-on subscriptions
POST	`/admin/stripe/reconcile-pending`	Reconcile pending Stripe checkouts
POST	`/admin/stripe/process-provisioning`	Process provisioning queue
GET	`/admin/resellers`	List reseller accounts
GET	`/admin/tenants`	List all tenants
POST	`/admin/tenants/{tenant}/assign-reseller`	Assign a tenant to a reseller
GET	`/admin/white-labels`	List all white-label configurations
POST	`/admin/white-labels/{wl}/compliance/approve`	Approve white-label compliance
GET	`/admin/feature-overrides`	List feature flag overrides
POST	`/admin/feature-overrides`	Create a feature override
POST	`/admin/system-ops/backups`	Register a system backup
POST	`/admin/system-ops/updates/start`	Start a system update
GET	`/admin/autopilot/spokes`	Manage autopilot spoke definitions (CRUD)
GET	`/admin/autopilot/bundles`	Manage autopilot bundle definitions (CRUD)

Webhooks (Inbound)

Method	Path	Description	Auth
POST	`/stripe/connect/webhook`	Stripe Connect webhook receiver	Stripe signature
GET	`/webhooks/whatsapp`	WhatsApp webhook verification	Verify token
POST	`/webhooks/whatsapp`	WhatsApp inbound message receiver	Verify token
GET	`/webhooks/wechat`	WeChat webhook verification	Verify token
POST	`/webhooks/wechat`	WeChat inbound message receiver	Verify token

Mobile

Method	Path	Description	Auth
GET	`/mobile/config`	Get mobile app configuration (public)	No
POST	`/mobile/devices`	Register a mobile device for push	Sanctum
DELETE	`/mobile/devices/{deviceId}`	Unregister a mobile device	Sanctum

Telemetry

Method	Path	Description	Auth
POST	`/telemetry/events`	Send product telemetry events	No
POST	`/telemetry/plugin`	Send plugin telemetry data	No

Health

Method	Path	Description	Auth
GET	`/health`	Public health check (service status)	No
GET	`/system/maintenance-status`	Check if system is in maintenance mode	No

7. Webhook Integration

Guardian Hub sends outbound webhooks for billing events (via Stripe) and receives inbound webhooks from messaging platforms.

Stripe Webhooks

Stripe sends events to /api/v1/stripe/connect/webhook. Guardian Hub validates the webhook signature using the STRIPE_CONNECT_WEBHOOK_SECRET.

Setting Up Stripe Webhooks

In your Stripe Dashboard, go to Developers → Webhooks.
Add endpoint: https://your-hub-domain/api/v1/stripe/connect/webhook.
Select relevant events: checkout.session.completed, customer.subscription.updated, invoice.paid, etc.
Copy the signing secret and set it as STRIPE_CONNECT_WEBHOOK_SECRET in your environment.

Signature Validation

All inbound webhooks are validated before processing:

Stripe: HMAC-SHA256 signature in the Stripe-Signature header, verified with the webhook secret.
WhatsApp: Verification token challenge on GET, plus token validation on POST.
WeChat: SHA1 signature verification using the configured token and AES key.
WHMCS: HMAC validation using WHMCS_WEBHOOK_SECRET for service lifecycle events (activate, suspend, terminate, upgrade, payment).

Retry Policy

Stripe retries failed webhook deliveries for up to 3 days with exponential backoff. Ensure your endpoint returns 200 OK quickly and processes events asynchronously. WhatsApp and WeChat follow their respective platform retry policies.

Warning

Always validate webhook signatures before processing. Never trust the payload without verification. Process webhooks idempotently as they may be delivered more than once.

8. Error Handling

Common Error Patterns

// Validation error (422)
{
  "success": false,
  "status": "error",
  "message": "The email field is required.",
  "errors": {
    "email": ["The email field is required."],
    "password": ["The password must be at least 8 characters."]
  }
}

// Authentication error (401)
{
  "success": false,
  "status": "error",
  "message": "Unauthenticated.",
  "errors": null
}

// Authorization error (403)
{
  "success": false,
  "status": "error",
  "message": "This action is unauthorized.",
  "errors": null
}

// Not found (404)
{
  "success": false,
  "status": "error",
  "message": "Resource not found.",
  "errors": null
}

Graceful Error Handling

Recommended Approach

Always check the success boolean before accessing data.
For 422 errors, iterate over errors to display field-level messages.
For 401, redirect to login or refresh the token.
For 429, respect the Retry-After header and back off.
For 500, log the error and show a generic message to the user. Do not retry immediately.

Tip

Wrap your API client in a response interceptor that automatically handles token refresh on 401, queues retries on 429, and logs 500 errors to your monitoring system.

9. Best Practices

Idempotency

For critical write operations (billing, provisioning), include a client-generated idempotency key. Stripe checkout endpoints pass this through to Stripe. If you retry a request with the same key, the original result is returned without creating a duplicate.

Caching

Cache responses from read-heavy endpoints like /autopilot/catalog, /checkout/catalog, and /mobile/config. These change infrequently. Use a TTL of 5-15 minutes. Always respect Cache-Control headers when present.

Pagination

Never fetch all records at once. Use page and per_page parameters. For large datasets (sites, tickets), iterate through pages until next_page_url is null.

Security

Critical Security Rules

Never expose API tokens in client-side code, URLs, or logs.
Always use HTTPS in production. The API will reject non-HTTPS connections.
Rotate tokens periodically and revoke tokens immediately when a team member leaves.
Store tokens in secure storage (e.g. OS keychain, encrypted storage), never in localStorage.
Use the narrowest OAuth scope required for your integration.

Environment Separation

Environment	Base URL	Purpose
Production	`https://guardian.bluix.net/api/v1/`	Live data, real billing
Staging	`https://staging.guardian.bluix.net/api/v1/`	Test with Stripe test mode, safe to experiment

Always develop and test against staging first. Stripe test-mode keys are used in staging, so no real charges occur. Admin Stripe actions are enabled by default outside production.

Tip

Use separate API tokens for staging and production. Never use production tokens in development environments, CI pipelines, or shared machines.

10. SDKs & Tools

Swagger / OpenAPI

The full API specification is available as an OpenAPI 3.x YAML file and rendered via Swagger UI:

Swagger UI: /api-docs/ — interactive browser for all endpoints
OpenAPI spec: /api-docs/openapi.yaml — download for code generation

Postman Collection

A ready-to-use Postman collection is available for quick testing:

Download: /api-docs/collection.json

Import into Postman

Open Postman and click Import.
Paste the URL https://your-hub-domain/api-docs/collection.json or upload the file.
Set the base_url environment variable to your Hub API URL.
Set the token variable after calling the login endpoint.
All collection requests will automatically use these variables.

Code Generation

Use the OpenAPI spec to generate client SDKs in any language:

# Generate a TypeScript client
npx openapi-generator-cli generate \
  -i https://your-hub-domain/api-docs/openapi.yaml \
  -g typescript-fetch \
  -o ./guardian-hub-client

# Generate a PHP client
npx openapi-generator-cli generate \
  -i https://your-hub-domain/api-docs/openapi.yaml \
  -g php \
  -o ./guardian-hub-php-client

11. Changelog

API changes are documented in the following locations:

Release notes: Published with each Guardian Hub release in the dashboard under What's New.
OpenAPI spec diff: Compare openapi.yaml between versions to see added/removed/changed endpoints.
Deprecation warnings: Deprecated endpoints return a X-Deprecated header and a Sunset header with the removal date.

Versioning Policy

Non-breaking changes (new endpoints, new optional fields) are added to the current version without notice. Breaking changes (removed fields, changed behavior) are introduced in a new API version. The previous version remains available for at least 12 months after deprecation.