Start monitoring your agents in 3 steps
1. Get your API key
Sign in at shadow.getsentrik.com and generate an API key from the Settings page. Takes 2 minutes.
2. Register your agent
POST your agent details once to create an agent record and configure its delegated authority profile.
3. Send your first event
Add one API call before each agent-initiated financial action. Sentrik evaluates it and returns a signed decision in under 100ms.
Sentrik Shadow Authorization — API Reference
Webhook Integration Guide
1. Overview
The Sentrik Shadow Authorization API allows your systems to submit agent-initiated financial actions for real-time shadow evaluation. Events are evaluated against delegated authority profiles and control policies. Decisions are returned immediately and stored as replayable authorization records.
2. Authentication
All requests must include a Bearer token in the Authorization header. API keys are scoped to your organization and can be managed in the Settings page.
Authorization: Bearer sk_your_api_key_here3. Evaluate endpoint
POST /api/shadow/evaluate
| Field | Type | Required | Description |
|---|---|---|---|
| agent_id | string | No | UUID of the registered agent |
| action_type | string | Yes | Type of financial action |
| amount | number | No | Transaction amount |
| currency | string | No | Currency code (default: USD) |
| customer_status | string | No | Status of the customer |
| vendor_id | string | No | Vendor identifier |
| vendor_name | string | No | Vendor display name |
| human_approval | boolean | No | Whether human approved |
| human_approver_name | string | No | Name of approver |
| payment_status | string | No | Current payment status |
| source_system | string | No | Originating system name |
| external_event_id | string | No | Your internal event ID |
When agent_id is supplied, it must belong to the same organization as the API key.
Example request
curl -X POST https://shadow.getsentrik.com/api/shadow/evaluate \
-H "Authorization: Bearer sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "agent_uuid",
"action_type": "vendor_payment",
"amount": 2500
}'Example response
{
"event_id": "uuid",
"decision": "approved | escalated | flagged",
"risk_score": 0,
"would_block_live": false,
"reason": "No material risks detected.",
"authorization_record_id": "proof-uuid",
"event_hash": "sha256hex",
"decision_hash": "sha256hex",
"shadow_mode": true,
"live_enforcement": false
}4. Decision reference
| Decision | Risk score | Would block live | Meaning |
|---|---|---|---|
| approved | 0–24 | No | Action within delegated authority |
| escalated | 25–74 | No | Action requires review |
| flagged | 75–100 | Yes | Action would be blocked under enforcement |
5. Action types
Supported action types include:
- refund
- credit_adjustment
- vendor_payment
- invoice_payment
- subscription_update
- new_recurring_payment
6. Security
This API never accepts or stores payment credentials, card numbers, bank account numbers, or SSNs. All fields are metadata only. Submissions containing card-like numbers (16-digit sequences) or SSN patterns are automatically rejected.