API Reference
The Kora Sentinel API is organized around REST. It accepts JSON request bodies, returns JSON responses, and uses standard HTTP status codes.
Base URL
https://api.korastratum.com/sentinel/api/v1
Authentication
All endpoints require two headers:
Authorization: Bearer <your-api-key>
X-Tenant-ID: <your-tenant-id>
See Authentication for details on API key formats and environments.
Endpoints
Profiles
| Method | Endpoint | Description |
|---|---|---|
POST | /elder/profiles | Create a new elder profile |
GET | /elder/profiles | List elder profiles with filtering |
GET | /elder/profiles/{id} | Retrieve a profile by ID |
PUT | /elder/profiles/{id} | Update a profile |
PUT | /elder/profiles/{id}/status | Update profile monitoring status |
GET | /elder/profiles/{id}/timeline | Get profile event timeline |
GET | /elder/profiles/{id}/baseline | Get behavioral baseline |
GET | /elder/profiles/{id}/ers-history | Get ERS score history |
Signals
| Method | Endpoint | Description |
|---|---|---|
GET | /elder/signals | List signals with filtering |
GET | /elder/signals/{id} | Retrieve a signal by ID |
PUT | /elder/signals/{id}/review | Review (confirm or dismiss) a signal |
GET | /elder/signals/by-profile/{profileId} | List signals for a specific profile |
Rules
| Method | Endpoint | Description |
|---|---|---|
POST | /elder/rules | Create a detection rule |
GET | /elder/rules | List all rules |
GET | /elder/rules/{id} | Retrieve a rule by ID |
PUT | /elder/rules/{id} | Update a rule |
PUT | /elder/rules/{id}/enable | Enable a rule |
PUT | /elder/rules/{id}/disable | Disable a rule |
Configuration
| Method | Endpoint | Description |
|---|---|---|
GET | /elder/config | Get tenant signal configuration |
PUT | /elder/config | Update tenant signal configuration |
Scoring
| Method | Endpoint | Description |
|---|---|---|
POST | /elder/scoring/calculate | Calculate ERS on demand for a profile |
Events
| Method | Endpoint | Description |
|---|---|---|
POST | /elder/events/transaction | Process a transaction event |
POST | /elder/events/session | Process a session/device event |
POST | /elder/events/beneficiary | Process a beneficiary creation event |
POST | /elder/events/account | Process an account event |
POST | /elder/events/customer | Process a customer update event |
Webhooks
| Method | Endpoint | Description |
|---|---|---|
POST | /elder/webhooks/cba | Receive CBA-style HMAC-signed webhook events |
Batch Operations
| Method | Endpoint | Description |
|---|---|---|
POST | /elder/batch/enrollment-scan | Run an enrollment scan |
POST | /elder/batch/baseline-recalculation | Recalculate baselines for all profiles |
POST | /elder/batch/draining-scan | Run a draining pattern scan |
GET | /elder/batch/runs | List batch runs |
GET | /elder/batch/runs/{id} | Get a batch run by ID |
Dashboard
| Method | Endpoint | Description |
|---|---|---|
GET | /elder/dashboard/overview | Get dashboard overview statistics |
GET | /elder/dashboard/top-risk-profiles | Get highest-risk profiles |
Health
| Method | Endpoint | Description |
|---|---|---|
GET | /health | Health check (no auth required) |
GET | /ready | Readiness check (no auth required) |
Response format
Successful responses return the resource directly or in a paginated wrapper:
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"customer_name": "Margaret Johnson",
"risk_tier": "ELEVATED",
"current_ers": 48.2,
"status": "ACTIVE"
}
Paginated list responses:
{
"data": [...],
"next_cursor": "eyJpZCI6Ii4uLiJ9"
}
Error responses follow a consistent structure:
{
"error": "Bad Request",
"message": "customer_id is required",
"status": 400
}
See Error Codes for the complete list.