openapi: 3.1.0 info: title: Parsimon Public API version: 0.1.0 description: >- Public Parsimon-owned API contract. This spec is intentionally limited to Parsimon-owned surfaces and does not attempt to mirror full upstream provider-compatible proxy schemas. jsonSchemaDialect: https://json-schema.org/draft/2020-12/schema servers: - url: https://api.parsimon.io description: Public production API tags: - name: Operations description: Public operational endpoints exposed by Parsimon - name: User Self-Service description: Workspace-scoped user-facing APIs owned by Parsimon - name: Public Runtime Support description: Public Parsimon-owned non-provider compatibility endpoints paths: /health: get: tags: [Operations] summary: Liveness probe description: Returns a plain liveness acknowledgement. security: [] responses: '200': description: Proxy is alive content: text/plain: schema: type: string example: ok /v1/static-api-keys: get: tags: [User Self-Service] summary: List workspace static API keys responses: '200': description: Persisted static API keys for the authenticated workspace content: application/json: schema: $ref: '#/components/schemas/StaticApiKeyListResponse' '401': $ref: '#/components/responses/CanonicalUnauthorized' '500': $ref: '#/components/responses/CanonicalInternalError' post: tags: [User Self-Service] summary: Create workspace static API key requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateStaticApiKeyRequest' responses: '201': description: Static API key created content: application/json: schema: $ref: '#/components/schemas/CreateStaticApiKeyResponse' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/static-api-keys/{id}: delete: tags: [User Self-Service] summary: Revoke workspace static API key parameters: - $ref: '#/components/parameters/ResourceID' responses: '200': description: Static API key revoked content: application/json: schema: $ref: '#/components/schemas/StatusByIDResponse' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '404': $ref: '#/components/responses/CanonicalNotFound' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/virtual-keys: post: tags: [User Self-Service] summary: Create workspace virtual key requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateVirtualKeyRequest' responses: '201': description: Virtual key created content: application/json: schema: $ref: '#/components/schemas/CreateVirtualKeyResponse' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/virtual-keys/{id}: delete: tags: [User Self-Service] summary: Revoke workspace virtual key parameters: - $ref: '#/components/parameters/ResourceID' responses: '200': description: Virtual key revoked content: application/json: schema: $ref: '#/components/schemas/StatusByIDResponse' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '404': $ref: '#/components/responses/CanonicalNotFound' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/virtual-keys/{id}/rotate: post: tags: [User Self-Service] summary: Rotate workspace virtual key description: Replace one workspace virtual key with a successor token while preserving the existing non-secret metadata and policy envelope. parameters: - $ref: '#/components/parameters/ResourceID' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RotateVirtualKeyRequest' responses: '201': description: Virtual key rotated content: application/json: schema: $ref: '#/components/schemas/RotateVirtualKeyResponse' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '403': $ref: '#/components/responses/CanonicalForbidden' '404': $ref: '#/components/responses/CanonicalNotFound' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/pricing: get: tags: [User Self-Service] summary: Read effective workspace price at a timestamp parameters: - name: provider in: query required: true schema: type: string - name: model in: query required: true schema: type: string - name: at in: query required: false schema: type: string format: date-time responses: '200': description: Effective workspace price content: application/json: schema: $ref: '#/components/schemas/PriceHistoryRecord' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '404': $ref: '#/components/responses/CanonicalNotFound' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/pricing/overrides: get: tags: [User Self-Service] summary: List active workspace pricing overrides responses: '200': description: Active workspace pricing overrides content: application/json: schema: type: array items: $ref: '#/components/schemas/PriceHistoryRecord' '401': $ref: '#/components/responses/CanonicalUnauthorized' '500': $ref: '#/components/responses/CanonicalInternalError' post: tags: [User Self-Service] summary: Create workspace pricing override requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreatePricingOverrideRequest' responses: '201': description: Workspace pricing override created content: application/json: schema: $ref: '#/components/schemas/PriceHistoryRecord' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '404': $ref: '#/components/responses/CanonicalNotFound' '409': $ref: '#/components/responses/CanonicalConflict' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/pricing/overrides/history: get: tags: [User Self-Service] summary: List workspace pricing override history parameters: - name: provider in: query required: false schema: type: string - name: model in: query required: false schema: type: string responses: '200': description: Workspace pricing override history content: application/json: schema: type: array items: $ref: '#/components/schemas/PriceHistoryRecord' '401': $ref: '#/components/responses/CanonicalUnauthorized' '500': $ref: '#/components/responses/CanonicalInternalError' /v1/pricing/overrides/{id}: delete: tags: [User Self-Service] summary: Delete workspace pricing override parameters: - $ref: '#/components/parameters/ResourceID' responses: '200': description: Workspace pricing override deleted content: application/json: schema: $ref: '#/components/schemas/DeletePricingOverrideResponse' '400': $ref: '#/components/responses/CanonicalBadRequest' '401': $ref: '#/components/responses/CanonicalUnauthorized' '404': $ref: '#/components/responses/CanonicalNotFound' '500': $ref: '#/components/responses/CanonicalInternalError' components: parameters: ResourceID: name: id in: path required: true schema: type: string securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: Bearer token or vk_* virtual key responses: CanonicalBadRequest: description: Invalid request payload or parameters content: application/json: schema: $ref: '#/components/schemas/CanonicalError' CanonicalUnauthorized: description: Missing or invalid bearer token content: application/json: schema: $ref: '#/components/schemas/CanonicalError' CanonicalForbidden: description: Operation blocked by the current permission contract content: application/json: schema: $ref: '#/components/schemas/CanonicalError' CanonicalNotFound: description: Resource not found content: application/json: schema: $ref: '#/components/schemas/CanonicalError' CanonicalConflict: description: Version overlap or conflicting operation content: application/json: schema: $ref: '#/components/schemas/CanonicalError' CanonicalInternalError: description: Internal backend failure content: application/json: schema: $ref: '#/components/schemas/CanonicalError' schemas: CanonicalError: type: object required: [error_code, message] properties: error_code: type: string example: bad_request message: type: string details: type: object additionalProperties: true StaticApiKeyRecord: type: object required: [id, workspace_id, description, created_at, status] properties: id: type: string workspace_id: type: string description: type: string created_at: type: string format: date-time expires_at: type: string format: date-time revoked_at: type: string format: date-time status: type: string enum: [created, active, revoked, expired] StaticApiKeyListResponse: type: object required: [keys] properties: keys: type: array items: $ref: '#/components/schemas/StaticApiKeyRecord' CreateStaticApiKeyRequest: type: object properties: description: type: string expires_at: type: string format: date-time CreateStaticApiKeyResponse: type: object required: [id, token, workspace_id, status] properties: id: type: string token: type: string workspace_id: type: string description: type: string expires_at: type: string format: date-time status: type: string enum: [created] StatusByIDResponse: type: object required: [id, status] properties: id: type: string status: type: string VirtualKeyRateLimitPolicy: type: object properties: requests_per_minute: type: integer nullable: true VirtualKeyPolicy: type: object properties: budget_cap_usd: type: number nullable: true allowed_providers: type: array items: type: string allowed_models: type: array items: type: string rate_limit: $ref: '#/components/schemas/VirtualKeyRateLimitPolicy' CreateVirtualKeyRequest: type: object required: [provider, api_key] properties: provider: type: string api_key: type: string description: type: string scope: type: string policy: $ref: '#/components/schemas/VirtualKeyPolicy' expires_at: type: string format: date-time CreateVirtualKeyResponse: type: object required: [id, token, workspace_id, provider, scope, status] properties: id: type: string token: type: string workspace_id: type: string provider: type: string description: type: string scope: type: string policy: $ref: '#/components/schemas/VirtualKeyPolicy' expires_at: type: string format: date-time status: type: string enum: [created] RotateVirtualKeyRequest: type: object required: [api_key] properties: api_key: type: string RotateVirtualKeyResponse: type: object required: [id, token, rotated_from, workspace_id, provider, scope, status] properties: id: type: string token: type: string rotated_from: type: string workspace_id: type: string provider: type: string description: type: string scope: type: string policy: $ref: '#/components/schemas/VirtualKeyPolicy' expires_at: type: string format: date-time status: type: string enum: [rotated] PriceHistoryRecord: type: object required: [provider, model, routing_tier, deprecated, input_per_1m, output_per_1m, source, effective_from, effective_to, updated_at] properties: id: type: string workspace_id: type: string provider: type: string model: type: string routing_tier: type: string deprecated: type: boolean deprecation_reason: type: string input_per_1m: type: number output_per_1m: type: number max_input_tokens: type: integer source: type: string effective_from: type: string format: date-time effective_to: type: string format: date-time updated_at: type: string format: date-time CreatePricingOverrideRequest: type: object required: [provider, model, input_per_1m, output_per_1m, effective_from] properties: provider: type: string model: type: string input_per_1m: type: number minimum: 0 output_per_1m: type: number minimum: 0 effective_from: type: string format: date-time effective_to: type: string format: date-time DeletePricingOverrideResponse: type: object required: [id, workspace_id, provider, model, status] properties: id: type: string workspace_id: type: string provider: type: string model: type: string status: type: string enum: [deleted] security: - bearerAuth: []