Skip to main content

Documentation Index

Fetch the complete documentation index at: https://code4source.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

POST /v1/evaluate HTTP/1.1
Host: api-attestly.code4source.com
Authorization: Bearer atk_live_4eC39HqLyjWDarjtT1zdp7dcrYx2bfBNxxxxxxxx
Content-Type: application/json
No OAuth, no token endpoint, no refresh.

Per-request gates

Every call is checked against three things, in order:
  1. Authentication — bearer must be a valid atk_* key issued to your Organization.
  2. Subscription — your contract must be active. An expired or suspended subscription returns 402 SUBSCRIPTION_INACTIVE.
  3. Quota — you must be within your contracted monthly cap. Over: 429 QUOTA_EXCEEDED.
See Errors and Quotas for the response shapes and headers.

Security guidance

  • Store keys in a secret manager. Never commit, never log, never put in URL query strings.
  • One key per environment (production, staging, ci). If one key leaks, the blast radius is bounded.
  • Rotate on personnel changes and at least annually. Rotation is zero-downtime: ask us to mint a new key, deploy it, then ask us to revoke the old one.
  • Suspected leak? Email security@attestly.io. Revocation propagates in milliseconds.