Docs SDKs & integrations
REST + SSE API
HTTP on api.gridtrue.io. JSON in, JSON out, SSE for live streams.
The HTTP API lives at https://api.gridtrue.io. Authentication is a bearer token scoped to an org; everything is JSON; real-time updates come through server-sent events.
Authentication
bash
# Create a token from the web UI: Settings → Tokens → New
export GRIDTRUE_TOKEN=gt_live_…
curl https://api.gridtrue.io/v1/orgs/acme/repos \
-H "Authorization: Bearer $GRIDTRUE_TOKEN"Common endpoints
| Method + path | Returns |
|---|---|
| GET /v1/orgs/{org}/repos | List of repos in the org. |
| GET /v1/orgs/{org}/repos/{repo}/commits/{sha} | Commit record with its current state and attestations. |
| GET /v1/orgs/{org}/repos/{repo}/attestations | Paginated attestations. Filter by ?predicate=, ?identity=, ?since=. |
| GET /v1/orgs/{org}/policies/{repo} | The active policy contract for a repo. |
| GET /v1/orgs/{org}/events (SSE) | Live stream of every new attestation, state transition, and policy change. |
Subscribing to live events
bash
curl -N https://api.gridtrue.io/v1/orgs/acme/events \
-H "Authorization: Bearer $GRIDTRUE_TOKEN" \
-H "Accept: text/event-stream"
# event: attestation
# data: {"commit":"6f4a…","predicate":"test:go","identity":"alice"}
#
# event: state
# data: {"commit":"6f4a…","from":"VALIDATING","to":"ATTESTED"}