Developers · API

A feasibility verdict from one API call.

POST a protocol, get back a cited, scored, Part-11-audited verdict — every number with its source. Token auth. Per-tenant isolation. Your data never trains a model.

QuickstartMCP server →
POST/v1/feasibility200verdict · cited

POST /v1/feasibility → a cited 200.

Quickstart

Your first cited verdict

Send a protocol document and receive a scored verdict where each number carries its source.

curl https://api.feasibility.example.com/v1/feasibility \
  -H "Authorization: Bearer $KEY" \
  -F protocol=@ENDO-2b.pdf

Response

200 OK · application/json
{
  "verdict": "conditional_go",
  "ptrs": {
    "value": 0.58,
    "citations": [
      {
        "source": "pubmed",
        "id": "30295701",
        "url": "https://pubmed.ncbi.nlm.nih.gov/30295701/"
      }
    ]
  },
  "cohort": {
    "value": 24300,
    "citations": [
      {
        "source": "pubmed",
        "id": "30295701",
        "url": "https://pubmed.ncbi.nlm.nih.gov/30295701/"
      }
    ]
  },
  "audit": {
    "hash": "e7a1…9f",
    "part11": true
  }
}

Every score — ptrs, cohort — ships with the citations it was derived from, and the whole run is fixed to a tamper-evident audit.hash (21 CFR Part 11 aligned).

Core endpoints

A small, scannable REST surface

Submit a protocol, fetch the cited verdict, pull its audit trail, or call a single scorer directly.

  • POST
    /v1/feasibilitycited

    Run a feasibility analysis

    Submit a protocol (PDF upload reference or structured synopsis) to start a feasibility run. Returns a run id; poll the run endpoint for the cited verdict.

  • GET
    /v1/runs/{id}cited

    Get a feasibility run

    Fetch the verdict for a run, including every score with its citations and source snapshot dates.

  • GET
    /v1/runs/{id}/auditcited

    Get the audit trail for a run

    Return the tamper-evident, hash-chained audit records for a run (21 CFR Part 11 aligned): inputs, scorer versions, citations, outputs.

  • GET
    /v1/sources

    List public data sources

    Enumerate the public data sources the engine reads from, with their current snapshot dates and update cadence.

  • POST
    /v1/score/{scorer}cited

    Run a single scorer

    Run one deterministic scorer directly — one of feasibility, ptrs, budget, site-density, cohort — and get a cited result without a full run.

These canonical /v1/* routes are the public API surface. (openapi.json documents the internal /api/* app API and is not the public contract.)

Operating model

Auth, limits, and isolation

Auth

Bearer token in the Authorization header. Issue and rotate keys per workspace; scope them to read or run. Keys are never logged or returned in responses.

Rate limits

Per-key limits are returned on every response via X-RateLimit-* headers. A throttled request gets 429 with a Retry-After hint — back off and retry.

Tenant isolation

Every key is bound to one tenant. Runs, documents, and audit records are partitioned per tenant and enforced at the data layer — a key can only ever read its own workspace’s data.

No training on your data

Protocols you submit are used only to compute your verdict. They are never used to train or fine-tune a model, and are not shared across tenants.

Full API reference →

See a verdict you can actually check.

Send us a protocol. We'll return a fully cited feasibility verdict you can trace, line by line, back to public data — yours to white-label, defend in a bid, or hand to a regulator.

Book a demoSign in