Docs

API

API concepts

The core resources in the RenLayer Platform API, tenants, users, agents, API keys, policies, DLP, traces, sessions, audit log, and how they relate.

This page is a high-level map of the resource model exposed by the Platform API. The exact endpoints, parameters, and schemas are in the gated reference; what follows is the conceptual structure you need to design integrations and reason about scope.

The resource tree

Tenant
β”œβ”€β”€ Users (with Roles)
β”œβ”€β”€ Agents
β”‚   └── API Keys
β”œβ”€β”€ Policies
β”œβ”€β”€ DLP
β”‚   β”œβ”€β”€ Detectors
β”‚   β”œβ”€β”€ Patterns (custom)
β”‚   └── Allow lists
β”œβ”€β”€ Traces / Sessions
└── Audit log

Every resource other than Tenant is tenant-scoped. A Platform API JWT is tenant-scoped, so any list endpoint you call returns only the rows for your tenant.

Identifiers

All resource IDs are typed prefixes plus a ULID, e.g.:

  • agent_01HX2…: an agent.
  • pol_01HX2…: a policy.
  • key_01HX2…: an API key.
  • trace_01HX2…: a single recorded action.

ULID prefixes make IDs self-describing in logs and incident reports.

Lifecycle of an action

Reading the resource model from the bottom up:

  1. An agent sends a request to the proxy with its API key.
  2. The proxy resolves the tenant from the key, evaluates policies in priority order, runs DLP detectors, and forwards (or rejects) the request.
  3. A trace is written, joined into a session (via X-RenLayer-Session), and visible in the API as both a standalone trace and as a member of its session.
  4. Operator actions on any of these resources are recorded in the audit log.

Filtering and pagination

List endpoints share a consistent shape:

  • limit: page size (default 50, max 200).
  • cursor: opaque cursor for the next page.
  • Resource-specific filters: e.g. agent_id, status, from, to.

Responses include next_cursor when more rows are available.

Webhooks

The platform can emit webhooks for important events (policy fired with DENY, DLP block, key revoked). Webhook configuration is per-tenant. Payloads are signed; replay protection uses an X-RenLayer-Signature header and a tenant-specific secret.

Streaming reads

For large trace ranges (incident response, monthly exports), the API exposes streaming endpoints that return NDJSON over a long-lived connection. These bypass the cursor pagination and are designed for batch processing.

Where to go next

Request API reference access

The full RenLayer API reference is available to design partners. Tell us about your use case and we'll grant access within one business day.

Request access

Last updated: