API reference overview

Base URL

https://api.permitcore.io

All endpoints are versioned under /v1. Breaking changes ship as /v2 — no surprise mutations.

Auth

Every request must include:

Authorization: Bearer <your-api-key>

See Authentication for key formats + security guidance.

Response format

JSON in, JSON out. All responses use UTF-8. Timestamps are ISO 8601 with UTC offset (Z). Numeric IDs are strings to avoid 53-bit precision loss in JavaScript.

{
  "as_of_utc": "2026-05-24T02:00:00Z",
  "total_target_permits": 3218856,
  "cohort_distribution": { "...": 0 }
}

Errors

Every non-2xx response follows this shape:

{
  "error": {
    "code": "missing_credentials",
    "message": "Missing Authorization: Bearer <key> header.",
    "detail": null
  }
}

See Errors for the full code catalog + retry guidance.

Endpoint catalog

Cohort distribution

GET /v1/jurisdictions/{slug}/cohorts/distribution — per-jurisdiction breakdown across the canonical 18 cohorts. Cached 1 hour upstream. Live today.

Permits (list + filter)

GET /v1/permits?jurisdiction=&cohort=&since=… — paginated permit rows with field-level DQ flags. Coming ~3 weeks (Bucket 2).

Jurisdiction overview

Resource overview + jurisdiction list endpoint contracts.

API key management

POST /v1/keys, DELETE /v1/keys/{prefix}, GET /v1/keys/{prefix}/usage — programmatic key lifecycle. Coming ~3 weeks (Bucket 2).

OpenAPI specification

The OpenAPI 3.1 schema is exposed at https://api.permitcore.io/openapi.json (coming with the Bucket 2 release). Until then, this reference is the canonical source for request/response shapes.

Status page + SLA

Free + Hobby: community support via the in-product chat
Builder: 48-hour email response SLA
Growth: priority support + Slack channel
Pro: named CSM + 99.9% uptime SLA

For incidents, watch the changelog — outage notes land there in real time.

Documentation Index

​Base URL

​Auth

​Response format

​Errors

​Endpoint catalog