Skip to main content
The HTTP API is organized around event ingestion, retained-event querying, consent capture, receipt verification, tokenized activity views, and published policy snapshots. Use the SDK when you can. Use HTTP directly for languages without an SDK, workflow engines, edge functions, and internal automation.

Base URL

Production: 
https://lodger.dev
Private deployment: 
https://example.com

Request shape

Most write requests use JSON and bearer authentication. 
curl https://lodger.dev/v1/events \
  -H "Authorization: Bearer $LODGER_API_KEY" \
  -H "Idempotency-Key: event_01JZ2M9E7G6D8R5K3D" \
  -H "Content-Type: application/json" \
  -d '{"workspaceId":"org_01JZ2M9E7G6D8R5K3D","projectId":"core","action":"account.user.login","actor":{"id":"user_123","type":"user"},"target":{"id":"user_123","type":"account"},"occurredAt":"2026-05-15T12:00:00.000Z","source":"api"}'

Response shape

Successful event writes return 202 Accepted with a receipt. Repeated idempotency keys return the original receipt. Errors return: 
{
  "error": "invalid_field",
  "detail": "workspaceId must be a non-empty string."
}
The generated endpoint pages in this section come from openapi.json. Public project receipts can be verified by anyone who has the receipt ID. Private project receipts require a dashboard session, a read-capable API key, a scoped receipt token from POST /v1/workspaces/{workspaceId}/receipts/{receiptId}/token, or an evidence token for a package that includes the receipt. Published policies can also be public or private. Private policy pages require a dashboard session, a read-capable API key, or a scoped policy token from POST /v1/workspaces/{workspaceId}/published-policy/token. Customer activity trails work the same way: enable activity links on the project, create an activity token from an authorized dashboard session or a read-capable API key, then open the tokenized activity URL. Do not expose raw subject lookup in public UI. Evidence package links use POST /v1/workspaces/{workspaceId}/evidence-packs/{packId}/token. The token can download that package and verify private receipts included in its scope.