Zero Tap Labs API Documentation (Public Access Layer)
Overview
This document outlines the public-facing API endpoints provided by Zero Tap Labs for developers and partner platforms. These endpoints allow you to interact with our threat detection services, SDK licensing, and real-time telemetry features.
Note: Internal system endpoints, backend admin routes, and infrastructure-specific paths are omitted from this document for security and design integrity.
Base URL
https://api.zerotaplabs.com
All endpoints listed below should be prefixed with the base URL above.
Authentication
All API requests must include a valid API key in the request headers:
Headers: x-api-key: YOUR_API_KEY
API keys are issued upon registration and managed via your developer dashboard.
Rate Limiting
Each API key is subject to rate limits based on your subscription tier. Exceeding the limit will return a 429 Too Many Requests response.
Public API Endpoints
1. Submit Telemetry Trace
POST /trace/submit
Submit trace data from your SDK-integrated environment.
Headers:
x-api-key: RequiredContent-Type: application/json
Body:
{
"device_id": "string",
"signals": {
"entropy": 0.87,
"vpn": false,
"geolocation": "US",
"browser": "Chrome"
},
"timestamp": "2025-04-22T04:00:00Z"
}
Returns:
{
"success": true,
"trace_id": "abc123xyz",
"threat_score": 32.5
}
2. Check Signal Health
GET /trace/status
Returns recent status and health data from the system if the request includes a valid API key.
Returns:
{
"success": true,
"version": "1.0.0",
"api_status": "online",
"license": "active",
"timestamp": "2025-04-22T04:01:00Z"
}
3. Extend API Key
POST /key/extend
Request extension of your API key's usage period. Must be pre-authorized by a billing event (handled separately).
Body:
{
"key": "your-api-key",
"request_extension": true
}
Returns:
{
"success": true,
"expires_at": "2025-05-22T00:00:00Z"
}
4. Threat Status Lookup
GET /threats/lookup?trace_id=abc123xyz
Return current threat intelligence status for a given trace submission.
Returns:
{
"success": true,
"trace_id": "abc123xyz",
"threat_level": "low",
"confidence": 92,
"recommendation": "allow"
}
5. Submit a Threat Report
POST /threats/submit
Allows SDK clients or partners to submit external threat reports for trace logging, scoring, or review.
Body:
{
"reported_by": "SDK-client-name",
"description": "Phishing detected on wallet connection attempt",
"associated_trace_id": "abc123xyz",
"evidence": {
"url": "https://malicious-link.io"
}
}
Returns:
{
"success": true,
"submission_id": "report-99a8d7c3",
"queued_for_review": true
}
6. Available SDK Plugins
GET /plugins/available
Returns a list of available Zero//Stack plugin manifests for SDK integration.
Returns:
{
"success": true,
"plugins": [
{
"name": "entropy-checker",
"version": "1.1.2",
"description": "Analyzes entropy variance from device inputs",
"signature": "sha256:..."
},
{
"name": "vpn-detector",
"version": "1.0.5",
"description": "Detects VPN, proxy, or TOR activity",
"signature": "sha256:..."
}
]
}
7. Event Log Stream
GET /logs/stream
Returns the most recent activity logs from your API key context (plugin activations, trace submissions, etc).
Returns:
{
"success": true,
"events": [
{
"event": "trace_submitted",
"timestamp": "2025-04-22T04:10:00Z",
"trace_id": "abc123xyz"
},
{
"event": "plugin_heartbeat",
"plugin": "entropy-checker",
"timestamp": "2025-04-22T04:12:00Z"
}
]
}
8. SDK Heartbeat
GET /sdk/health
Returns the operational status and live config info used by SDK clients.
Returns:
{
"success": true,
"uptime": "3 days, 6 hours",
"sdk_version": "1.3.0",
"live_plugins": ["entropy-checker", "vpn-detector"],
"recommended_update": false
}
Support
For help with API access, keys, limits, or integration:
- Email: support@zerotaplabs.com
- Docs: https://zerotaplabs.com/docs
This document is for public SDK and developer consumption. Internal diagnostic, billing, and privileged endpoints are managed separately under secure access control.