Skip to main content

Base URL

https://api.layer3x.com/v1

Authorize endpoint

POST /authorize

Headers

HeaderRequiredDescription
Content-TypeYesapplication/json
X-Agent-API-KeyYesYour agent’s API key
X-Layer3-SignatureNoHMAC-SHA256 signature (if enabled)

Request body

{
  "action_key": "payments.release",
  "payload": {
    "amount": 5000,
    "currency": "USD",
    "vendor": "Acme Corp",
    "description": "Invoice #1042"
  }
}

Response

{
  "request_id": "uuid",
  "decision": "ALLOW | DENY | ESCALATE | REAUTH_REQUIRED",
  "reason": "Human-readable reason",
  "matched_policy": "Policy name that matched",
  "risk_score": 0,
  "status": "auto_approved | pending | rejected",
  "message": "Action message",
  "expires_at": "ISO timestamp"
}

Decision values

DecisionSignalMeaning
ALLOW🟢 GOExecute — policy validated
DENY🔴 NO-GOBlocked — do not execute
ESCALATE⚪ ESCALATEDHuman approval required
REAUTH_REQUIRED🟡 EXCEPTIONStep-up auth required

Error codes

StatusMeaning
200Request processed
400Invalid request format
401Invalid or missing API key
403Agent disabled or revoked
429Rate limit exceeded
500Internal server error

Code examples

const response = await fetch('https://api.layer3x.com/v1/authorize', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Agent-API-Key': process.env.LAYER3X_API_KEY
  },
  body: JSON.stringify({
    action_key: 'payments.release',
    payload: {
      amount: 5000,
      vendor: 'Acme Corp',
      currency: 'USD'
    }
  })
})

const { decision, reason, request_id } = await response.json()

if (decision === 'ALLOW') {
  // proceed with payment execution
} else if (decision === 'ESCALATE') {
  // notify human approver, pause execution
} else {
  // blocked — log and stop
}