Skip to main content

Base URL

All endpoints are versioned under /v1. Breaking changes ship as /v2 — no surprise mutations.

Auth

Every request must include:
See Authentication for key formats + security guidance.

Response format

JSON in, JSON out. All responses use UTF-8. Timestamps are ISO 8601 with UTC offset (Z). Numeric IDs are strings to avoid 53-bit precision loss in JavaScript.

Errors

Every non-2xx response is RFC 9457 application/problem+json:
Branch on type (a stable URI), not title/detail. See Errors for the full catalog + retry guidance.

Endpoint catalog

Cohort distribution

GET /v1/jurisdictions/{slug}/cohorts/distribution — per-jurisdiction breakdown across the canonical 22 cohorts. Cached 1 hour upstream. Live today.

Permits (list + filter)

GET /v1/permits?jurisdiction=&cohort=&issued_after=… — paginated permit rows with field-level DQ flags. Live today.

Jurisdiction overview

Resource overview + jurisdiction list endpoint contracts.

API key management

POST /v1/keys, DELETE /v1/keys/{prefix}, GET /v1/keys/{prefix}/usage — programmatic key lifecycle. Live today.

OpenAPI specification

The OpenAPI 3.1 schema is exposed at https://api.permitcore.io/openapi.json — FastAPI-generated from the deployed code, so it always reflects the authoritative request/response shapes. This reference page remains the canonical narrative source.

Support

Email kian@permitcore.io for account, billing, or integration questions on any tier. Enterprise tier includes a custom SLA on contact. For incidents, watch the changelog — outage notes land there in real time.