Finance Workspace API Docs

OpenAPI-style docs with required headers/fields, demo requests/responses, and server-rendered test buttons.

GET /api/spaces/{spaceId}/documents

x-required-permissions: space.readx-impact: lowx-approval-required: false

Required fields / headers

  • X-Agent-Chain-VC — required for protected endpoints
  • Path params must match delegated spaces/resources.

Demo request

GET /api/spaces/{spaceId}/documents
X-Agent-Chain-VC: <base64url JWT VC array>

Demo success response

{
  "auth": {
    "permissions": [
      "space.read"
    ],
    "chainLength": 3
  },
  "documents": [
    {
      "id": "fin-1",
      "title": "Q3 Treasury Policy"
    }
  ]
}

POST /api/spaces/{spaceId}/documents

x-required-permissions: space.writex-impact: lowx-approval-required: false

Required fields / headers

  • X-Agent-Chain-VC — required for protected endpoints
  • Path params must match delegated spaces/resources.

Demo request

POST /api/spaces/{spaceId}/documents
X-Agent-Chain-VC: <base64url JWT VC array>
Content-Type: application/json

{
  "title": "Agent-generated finance memo",
  "content": "..."
}

Demo success response

{
  "auth": {
    "permissions": [
      "space.read",
      "space.write"
    ],
    "chainLength": 3
  },
  "created": {
    "id": "fin-...",
    "title": "Agent-generated finance memo"
  }
}

DELETE /api/spaces/{spaceId}/documents/{documentId}

x-required-permissions: space.deletex-impact: highx-approval-required: true

Required fields / headers

  • X-Agent-Chain-VC — required for protected endpoints
  • X-Human-Approval: approved — required
  • Path params must match delegated spaces/resources.

Demo request

DELETE /api/spaces/{spaceId}/documents/{documentId}
X-Agent-Chain-VC: <base64url JWT VC array>
X-Human-Approval: approved

Demo success response

{
  "auth": {
    "permissions": [
      "space.delete"
    ],
    "chainLength": 3
  },
  "deleted": "fin-1"
}

POST /api/payments

x-required-permissions: payment.executex-impact: highx-approval-required: true

Required fields / headers

  • X-Agent-Chain-VC — required for protected endpoints
  • X-Human-Approval: approved — required
  • Path params must match delegated spaces/resources.

Demo request

POST /api/payments
X-Agent-Chain-VC: <base64url JWT VC array>
X-Human-Approval: approved
Content-Type: application/json

{
  "amount": 100,
  "currency": "CHF",
  "recipient": "Example Vendor"
}

Demo success response

{
  "auth": {
    "permissions": [
      "payment.execute"
    ],
    "chainLength": 3
  },
  "payment": "simulated",
  "status": "accepted"
}