API reference

Orinel exposes REST APIs for projects, reports, experiments, pipelines, and compliance. All protected routes require a valid session (cookie) or API key.

Authentication

Use the Supabase session (login) for browser requests. For programmatic access, create an API key in Settings → API keys (scope read or write/admin) and send it as Authorization: Bearer <key> or X-API-Key: <key>. Write/admin keys can call: dataset upload, AI analysis, report generation, and pipeline run.

Endpoints

• GET /api/projects — List projects (active only). POST /api/projects — Create (body: { name, workspace_id? }).
• GET /api/reports — List reports. POST /api/reports — Create (body: { name? }).
• GET /api/experiments — List experiments. POST /api/experiments — Create (body: { name }).
• GET /api/pipelines — List pipelines. POST /api/pipelines — Create (body: { name }).
• GET /api/reports/[id]/pdf — Download report PDF.
• POST /api/ingest/upload — Upload CSV (multipart: file, name?, project_id?).
• GET /api/health — Health check (no auth). GET /api/observability/audit, GET /api/observability/usage — Audit and usage (session).
• GET /api/compliance/audit-export — Audit export (header X-Compliance-Key). GET /api/compliance/gdpr-export, POST /api/compliance/gdpr-delete — GDPR (session).

Base URL: your deployment origin (e.g. https://app.orinel.com). Rate limit: 120 requests/minute per IP. See Security and Compliance for compliance and API key handling.