API Reference
The Turqoa REST API provides programmatic access to all platform capabilities, including gate transactions, security events, maritime data, drone operations, and system configuration. All endpoints return JSON and follow consistent conventions.
Base URL
All API requests are made to:
https://api.turqoa.com/v1
For on-premise deployments, replace with your instance URL:
https://turqoa.yourcompany.com/api/v1
Authentication
Every request must include a valid API key or OAuth 2.0 bearer token in the Authorization header:
curl https://api.turqoa.com/v1/events \
-H "Authorization: Bearer YOUR_API_KEY"
See Authentication for details on API keys, OAuth 2.0, and scoped permissions.
Rate Limits
Rate limits are applied per API key and vary by plan:
| Plan | Requests/minute | Requests/day | Burst |
|---|---|---|---|
| Standard | 60 | 50,000 | 10 req/s |
| Professional | 300 | 250,000 | 50 req/s |
| Enterprise | 1,000 | Unlimited | 200 req/s |
Rate limit headers are included in every response:
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 287
X-RateLimit-Reset: 1712398800
When rate limited, the API returns 429 Too Many Requests:
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded. Retry after 12 seconds.",
"retry_after": 12
}
}
Response Format
All successful responses follow this structure:
{
"data": { },
"meta": {
"request_id": "req_abc123",
"timestamp": "2026-04-06T10:00:00Z"
}
}
Paginated responses include pagination metadata:
{
"data": [ ],
"meta": {
"request_id": "req_abc123",
"timestamp": "2026-04-06T10:00:00Z"
},
"pagination": {
"page": 1,
"per_page": 50,
"total_items": 1234,
"total_pages": 25,
"has_next": true,
"has_previous": false
}
}
Pagination Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number |
per_page | integer | 50 | Items per page (max 200) |
sort | string | varies | Sort field |
order | string | desc | Sort direction (asc or desc) |
Error Handling
Errors follow a consistent structure across all endpoints:
{
"error": {
"code": "validation_error",
"message": "Invalid date format for 'start_date'. Expected ISO 8601.",
"details": [
{
"field": "start_date",
"message": "Expected format: YYYY-MM-DDTHH:MM:SSZ"
}
],
"request_id": "req_abc123"
}
}
HTTP Status Codes
| Code | Meaning | When |
|---|---|---|
200 | OK | Successful GET, PUT, PATCH |
201 | Created | Successful POST that creates a resource |
204 | No Content | Successful DELETE |
400 | Bad Request | Invalid parameters or request body |
401 | Unauthorized | Missing or invalid authentication |
403 | Forbidden | Insufficient permissions |
404 | Not Found | Resource does not exist |
409 | Conflict | Resource state conflict (e.g., duplicate) |
422 | Unprocessable Entity | Valid JSON but semantic errors |
429 | Too Many Requests | Rate limit exceeded |
500 | Internal Server Error | Unexpected server error |
503 | Service Unavailable | Maintenance or overload |
Error Codes
| Code | Description |
|---|---|
authentication_required | No credentials provided |
invalid_token | Token is malformed or expired |
insufficient_scope | Token lacks required permission scope |
rate_limit_exceeded | Too many requests |
validation_error | Request body or parameters are invalid |
resource_not_found | Requested resource does not exist |
resource_conflict | Resource already exists or state conflict |
internal_error | Unexpected server-side error |
Available Endpoints
Gate Transactions
| Method | Endpoint | Description |
|---|---|---|
GET | /transactions | List gate transactions |
GET | /transactions/:id | Get transaction details |
POST | /transactions/:id/override | Override a transaction decision |
See Gate Transactions.
Events
| Method | Endpoint | Description |
|---|---|---|
GET | /events | List security events |
WebSocket | /events/stream | Real-time event stream |
See Events.
Webhooks
| Method | Endpoint | Description |
|---|---|---|
GET | /webhooks | List configured webhooks |
POST | /webhooks | Create a webhook |
PUT | /webhooks/:id | Update a webhook |
DELETE | /webhooks/:id | Delete a webhook |
See Webhooks.
Maritime
| Method | Endpoint | Description |
|---|---|---|
GET | /maritime/vessels | List tracked vessels |
GET | /maritime/vessels/:mmsi | Get vessel details and risk score |
GET | /maritime/zones | List threat zones |
POST | /maritime/zones | Create a threat zone |
GET | /maritime/zones/:id/dwell | Get dwell time data for a zone |
Drone Operations
| Method | Endpoint | Description |
|---|---|---|
GET | /drones | List fleet status |
POST | /drones/missions | Create a mission |
GET | /drones/missions/:id | Get mission status |
POST | /drones/missions/:id/abort | Abort a mission |
System
| Method | Endpoint | Description |
|---|---|---|
GET | /system/health | System health status |
GET | /system/config | Current configuration |
POST | /decision-engine/stop | Emergency stop |
POST | /decision-engine/start | Restart engine |
SDKs
Official SDKs are available for:
| Language | Package | Install |
|---|---|---|
| Python | turqoa | pip install turqoa |
| Node.js | @turqoa/sdk | npm install @turqoa/sdk |
| Go | github.com/turqoa/go-sdk | go get github.com/turqoa/go-sdk |
from turqoa import TurqoaClient
client = TurqoaClient(api_key="your_api_key")
events = client.events.list(severity="high", limit=10)
import { TurqoaClient } from "@turqoa/sdk";
const client = new TurqoaClient({ apiKey: "your_api_key" });
const events = await client.events.list({ severity: "high", limit: 10 });