Skip to main content

Base URL

https://api.permitcore.io
All endpoints are versioned under /v1. Breaking changes ship as /v2 — no surprise mutations.

Auth

Every request must include:
Authorization: Bearer <your-api-key>
See Authentication for key formats + security guidance.

Response format

JSON in, JSON out. All responses use UTF-8. Timestamps are ISO 8601 with UTC offset (Z). Numeric IDs are strings to avoid 53-bit precision loss in JavaScript.
{
  "as_of_utc": "2026-05-24T02:00:00Z",
  "total_target_permits": 3218856,
  "cohort_distribution": { "...": 0 }
}

Errors

Every non-2xx response follows this shape:
{
  "error": {
    "code": "missing_credentials",
    "message": "Missing Authorization: Bearer <key> header.",
    "detail": null
  }
}
See Errors for the full code catalog + retry guidance.

Endpoint catalog

Cohort distribution

GET /v1/jurisdictions/{slug}/cohorts/distribution — per-jurisdiction breakdown across the canonical 18 cohorts. Cached 1 hour upstream. Live today.

Permits (list + filter)

GET /v1/permits?jurisdiction=&cohort=&issued_after=… — paginated permit rows with field-level DQ flags. Live today.

Jurisdiction overview

Resource overview + jurisdiction list endpoint contracts.

API key management

POST /v1/keys, DELETE /v1/keys/{prefix}, GET /v1/keys/{prefix}/usage — programmatic key lifecycle. Live today.

OpenAPI specification

The OpenAPI 3.1 schema is exposed at https://api.permitcore.io/openapi.json — FastAPI-generated from the deployed code, so it always reflects the authoritative request/response shapes. This reference page remains the canonical narrative source.

Support

Email kian@permitcore.io for account, billing, or integration questions on any tier. Enterprise tier includes a custom SLA on contact. For incidents, watch the changelog — outage notes land there in real time.