Reference
REST API
The SpendSignoff REST API is versioned under /v1 and split into three namespaces by trust boundary: internal (service-to-service), app (the dashboard), and webhooks (inbound events). The MCP server and the dashboard both ride this same core.
Authentication
Bearer tokens, scoped per namespace.
App endpoints use a session-derived bearer token. There is no REST endpoint that applies a change without going through the two-step approve flow — approve exists, but it enforces the same envelope and audit rules as the UI.
example request
curl https://api.spendsignoff.com/v1/app/drafts \
-H "Authorization: Bearer $ADSRUNTIME_TOKEN"Internal/v1/internal
Service-to-service calls behind the SpendSignoff core. Not exposed to clients.
/v1/internal/loop/tick/v1/internal/envelope/check/v1/internal/healthApp/v1/app
Powers the dashboard: accounts, drafts, approvals, audit. Session-authenticated.
/v1/app/drafts/v1/app/drafts/{id}/approve/v1/app/drafts/{id}/reject/v1/app/changes/{id}/rollback/v1/app/auditWebhooks/v1/webhooks
Inbound events from billing and ad platforms. Signature-verified.
/v1/webhooks/stripe/v1/webhooks/platformNo REST path bypasses approval
/v1/app/drafts/{id}/approve, which enforces the 24h envelope and writes a signed audit entry. There is no “apply now” endpoint and no API token that can spend without a human-confirmed approval.Next
Safety
Draft-before-live, propose-only, the daily envelope, and the circuit breaker.