Reputation
Bidirectional agent and merchant reputation. The hot path never 404s — an unknown id returns a neutral 200 so the SDK degrades safely.
Reputation is the score the acceptance gate consults. It is bidirectional — agents and
merchants are scored — and lives on a hot path, so it follows one hard rule: never 404, never
block. An unknown id, a DB outage, or a timeout all return the same neutral 200, because
the SDK treats known:false and a failure identically and degrades safely.
{ "agentId": "…", "score": 500, "tier": "standard", "known": false }The tier is one of risky, standard, trusted, elite. known:false means there's no
history yet — not an error.
| Auth | Public on the canonical routes; the legacy alias accepts X-Veto-Api-Key but resolves leniently. |
|---|
GET /v1/reputation/agent/:agentId
Canonical agent lookup.
{ "agentId": "11111111-…", "score": 540, "tier": "trusted", "known": true }curl https://api.veto-ai.com/v1/reputation/agent/11111111-1111-1111-1111-111111111111GET /v1/reputation/merchant/:merchantId
Canonical merchant lookup. Same shape, with the merchantId echoed back.
{ "merchantId": "mrch_01J…", "score": 520, "tier": "trusted", "known": true }GET /v1/reputation/:agentId
The bare lookup the SDK uses. Same neutral-on-miss behavior. (The literal sub-paths agent
and merchant are reserved for the canonical routes above.)
curl https://api.veto-ai.com/v1/reputation/11111111-1111-1111-1111-111111111111GET /api/v1/reputation/:agentId/ — legacy alias
The unmodified shipped SDK builds ${base}/api/v1/reputation/${agentId}/ (note the
trailing slash) and sends an X-Veto-Api-Key header. Both slash variants are registered, and
the handler resolves leniently — a reputation outage must never block a checkout.
curl https://api.veto-ai.com/api/v1/reputation/11111111-1111-1111-1111-111111111111/ \
-H "X-Veto-Api-Key: veto_test_8f2c…"Status codes
Every reputation route returns 200 — including unknown ids and dependency failures
(which fall back to the neutral default). There is no 404 on this surface by design.
Ingest
The reporting path. A self-hosted SDK posts terminal gate outcomes here so hosted reputation, orders, receipts, and webhooks stay current. Idempotent so retries are safe.
Webhooks
Register an endpoint, and Veto POSTs you a signed event on every sale — order.accepted, order.settled, order.rejected, order.held. HMAC-SHA256 signed with a per-endpoint whsec_ secret, at-least-once, retried on a 7-step backoff. Fulfill on order.settled.