{
  "service": "api",
  "name": "PlatPhorm API",
  "url": "https://api.platphormnews.com",
  "auth": {
    "platformKey": "PLATPHORM_API_KEY",
    "acceptedHeaders": [
      "Authorization: Bearer $PLATPHORM_API_KEY",
      "X-PlatPhorm-API-Key: $PLATPHORM_API_KEY"
    ]
  },
  "publicReadAccess": [
    "homepage",
    "API catalog",
    "service catalog",
    "API product catalog",
    "OpenAPI registry",
    "schema registry",
    "event/webhook contract registry",
    "MCP mapping registry",
    "governance dashboard",
    "parity matrix",
    "health summaries",
    "API explorer metadata",
    "public route-test dry-runs",
    "SDK/snippet examples",
    "recipes",
    "client docs",
    "discovery files",
    "well-known policy files",
    "read-only MCP introspection"
  ],
  "protectedActions": [
    "API registry mutation",
    "service registration mutation",
    "trusted-domain mutation",
    "OpenAPI import/write/update",
    "schema write/update/delete",
    "protected route proxying",
    "downstream protected API calls",
    "downstream protected MCP calls",
    "report generation containing sensitive data",
    "SDK publishing",
    "webhook triggering",
    "admin sync jobs",
    "private audit logs",
    "private trace views",
    "destructive actions",
    "token/key issuing or rotation"
  ],
  "trustedDomains": [
    "*.platphormnews.com"
  ],
  "runtimeModes": [
    "catalog_only",
    "public_proxy",
    "protected_proxy",
    "validation_only",
    "degraded",
    "maintenance"
  ],
  "dataExposureBoundaries": {
    "public": [
      "service catalog",
      "operation catalog",
      "schemas",
      "OpenAPI metadata",
      "public docs",
      "health summaries",
      "governance and parity scores",
      "recipes",
      "redacted trace metadata"
    ],
    "protected": [
      "registry mutations",
      "private audit logs",
      "protected downstream responses",
      "provider credentials",
      "unredacted JA4 digest metadata",
      "private traces"
    ]
  },
  "requiredTrustPolicyLine": "Web dashboard, public-safe discovery, browser-based operations, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace inspection, and agentic workflow discovery are intentionally supported for public read-only debugging and operator workflows. Mutating, administrative, ingestion, replay, fork, remediation, deployment, sync, test-triggering, reporting, and write actions require PLATPHORM_API_KEY."
}