Staging / sandbox only. Operators: use admin call logs for full history.
Authentication: Authorization: key <API_KEY> (obtain from ops; never commit secrets).
Encryption: POST bodies use AES-GCM JSON: { "ciphertext", "iv" } wrapping inner JSON. Key: deployment API_AES_KEY.
Sample inner payload: nyl-saml-init-inner.json
Architecture docs (repo): docs/api/README.md
| Method | Path | Purpose |
|---|---|---|
| POST | /v1/api/saml/init | Start SAML; returns redirect URL |
| GET | /v1/hold/:token | Holding page (browser) |
| POST | /v1/api/:integration/saml/post-form | Direct HTML SAML post |
| POST | /v1/api/transaction/init | Placeholder (501) |
| POST | /v1/api/:integration/nyl/enroll | NYL SOAP enroll |
| POST | /v1/api/:integration/nyl/muw-status | NYL SOAP MUW status |
Response will appear here.
No calls logged yet.