API Reference
Every decision the WYRM modules produce is available over HTTPS at api.wyrm.ai/v1. Procure endpoints are live today; the flagship engineering APIs — WYRM MEP and WYRM Data — plus Ledger, Cyber and Legal ship under the same /v1/{module}/ structure as each module goes GA. API keys are issued per module from the relevant dashboard on the Pro tier or above.
Authentication
API keys, scoped per organisation
Every request must carry an API key. Generate one from your dashboard at sentinel.wyrm.ai/settings → API Keys. Treat keys like passwords — they grant the same tier access as your account.
X-API-Key header (recommended)
curl https://api.wyrm.ai/v1/account \
-H "X-API-Key: wyrm_sk_live_•••"Use this for server-to-server calls. The dashboard shows the full key once at creation; store it securely.
Bearer JWT (dashboard sessions)
Authorization: Bearer <supabase-jwt>The Procure dashboard uses your Supabase session JWT automatically. You only need API keys for external integrations.
Quickstart
Run your first decision in 60 seconds
Procure's flagship endpoint is /v1/jormungandr/decide — submit a procurement intent (source, ship, pay, benchmark) and Procure returns a ranked decision with cost stack, CO₂, sanctions, route, and confidence breakdown.
cURL
curl -X POST https://api.wyrm.ai/v1/jormungandr/decide \
-H "X-API-Key: $WYRM_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"intent": "source",
"product": {
"query": "1,200 kg primary aluminium ingots",
"destination_country": "GB"
}
}'Python
import os, requests
resp = requests.post(
"https://api.wyrm.ai/v1/jormungandr/decide",
headers={"X-API-Key": os.environ["WYRM_API_KEY"]},
json={
"intent": "source",
"product": {
"query": "1,200 kg primary aluminium ingots",
"destination_country": "GB",
},
},
timeout=60,
)
resp.raise_for_status()
print(resp.json()["recommendation"])TypeScript / Node
const resp = await fetch("https://api.wyrm.ai/v1/jormungandr/decide", {
method: "POST",
headers: {
"X-API-Key": process.env.WYRM_API_KEY!,
"Content-Type": "application/json",
},
body: JSON.stringify({
intent: "source",
product: {
query: "1,200 kg primary aluminium ingots",
destination_country: "GB",
},
}),
});
const decision = await resp.json();Flagship engineering APIs
The engineering engines behind WYRM Data + MEP
The flagship engineering products share one set of algorithmic calc engines, reachable under /v1/data with the same auth and error model as Procure. Every figure is computed against a named standard (BS 7671, CIBSE, SBEM) — never inferred by a language model. WYRM MEP runs on these engines; its own /v1/mep coordination surface ships as MEP goes GA.
Lock a spec from a brief (intake)
curl -X POST https://api.wyrm.ai/v1/data/intake/parse \
-H "X-API-Key: $WYRM_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"text": "14 MW Tier IV data centre, UK, 12 kW/rack avg, direct-to-chip liquid, N+1"
}'Extracts and locks the design constraints — IT load, redundancy, rack density, cooling, jurisdiction — each traced to its source with a confidence score. This is the same intake WYRM MEP runs to drive sizing and deliverables.
Deterministic facility energy (Data)
curl -X POST https://api.wyrm.ai/v1/data/calcs/facility-energy \
-H "X-API-Key: $WYRM_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"it_load_mw": 14.2,
"pue_target": 1.28,
"delta_t_c": 6,
"redundancy": "N+1"
}'Returns facility power, mechanical cooling demand, chilled-water flow, rack count and the cooling-train build-up — an auditable calc pack, identical on every run, never a model's estimate.
BS 7671 cable schedule (the engine MEP runs on)
curl -X POST https://api.wyrm.ai/v1/data/cable-schedule \
-H "X-API-Key: $WYRM_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"circuits": [
{
"ref": "DB-2/6",
"design_load_kw": 18.5,
"voltage": 400,
"length_m": 42,
"install_method": "C",
"ambient_c": 30
}
]
}'Returns the cable size, breaker rating and volt-drop against the 5% limit, with the BS 7671 clauses applied. Out-of-range inputs are rejected, not guessed — and Amtech / DXF exports are one call further. This is the deterministic engine WYRM MEP sizes against.
Endpoints
Catalogue by domain
Full schema for every endpoint is in the OpenAPI spec. Below is the high-level map of what's available.
Engineering engines (Data + MEP)
£20+ / £150- POST
/v1/data/intake/parseBrief / ER → locked, cited design constraints (MEP intake runs on this).
- POST
/v1/data/calcs/facility-energyDeterministic facility energy — load × PUE, cooling, flow, rack count.
- POST
/v1/data/cable-scheduleBS 7671 cable schedule + calc pack — the engine WYRM MEP sizes against.
- POST
/v1/data/embodied-carbonEmbodied + operational carbon build-up for the spec.
Data catalogue & intake
Data £20+ / £150- GET
/v1/data/catalogueRule-checked equipment catalogue (chassis, GPUs, cooling, networking).
- GET
/v1/data/mep-catalogueMEP plant + component catalogue with manufacturer data.
- POST
/v1/data/building-irs/from-addinIngest a building information record from the Revit add-in.
- POST
/v1/data/rfqsIssue a colocation / equipment RFQ from a spec.
Decision engine
Enterprise+- POST
/v1/jormungandr/decideRun a procurement decision (counts toward monthly quota).
- POST
/v1/jormungandr/disambiguateResolve a vague query before deciding.
Supply-Root pipeline
Enterprise+- POST
/v1/supply-root/searchOrigin shortlist + landed-cost estimates.
- POST
/v1/supply-root/routeRoute risk + freight ETA.
- POST
/v1/supply-root/fxFX impact + recommended hedge.
- POST
/v1/supply-root/complianceSanctions + UFLPA + CBAM screen.
- POST
/v1/supply-root/benchmarkPrice-trend benchmark vs market index.
- POST
/v1/supply-root/otcOTC quote + execute.
Account & keys
Free+- GET
/v1/accountProfile + tier + active subscription.
- GET
/v1/account/api-keysList active keys.
- POST
/v1/account/api-keysCreate key (Pro+ only).
- DELETE
/v1/account/api-keys/{id}Revoke a key.
Sanctions & threat
Enterprise+- POST
/v1/sanctions/screenMulti-list sanctions screen for an entity.
- POST
/v1/threat-intel/searchOSINT threat-intel lookup.
- GET
/v1/cyber/cve/{cve_id}CVE detail + EPSS + KEV status.
Markets & feeds
Free+- GET
/v1/markets/fxLive FX rates.
- GET
/v1/markets/commoditiesCommodity index points.
- GET
/v1/newsFiltered procurement news stream.
- GET
/v1/feeds/healthStatus of all upstream data feeds.
RFQs & shipping
Enterprise+- POST
/v1/rfqsIssue an RFQ to a supplier (auto-negotiation enabled).
- GET
/v1/rfqs/{id}RFQ status + counter-offer thread.
- POST
/v1/shipping/trackTrack a Freightos / WebCargo booking.
Limits
Per-minute rate limits + monthly decision quotas
Two layers protect both your account and the platform: per-minute rate limits stop runaway clients, monthly decision quotas match what your subscription tier promises.
| Tier | Rate limit | Monthly decisions | Headers returned |
|---|---|---|---|
| Free (no key) | 20 / min | Demo only | 429 on overflow |
| Add-on Enterprise (£49/mo) | 300 / min | Full module surface (Procure / Ledger / Cyber / Legal) | X-Decision-Quota-* |
| WYRM Data Lite (£20/seat/mo) | 120 / min | Entry API access | X-Decision-Quota-* |
| WYRM Data — full (£150/seat/mo) | 600 / min | Monthly allowance + metered usage beyond | X-Decision-Quota-* (limit blank) |
Decision quotas reset on the 1st of each month at 00:00 UTC. Light endpoints — markets, news, feed health, account — are rate-limited only and don't burn the monthly bucket. Every decision response carries X-Decision-Quota-Used, X-Decision-Quota-Limit, X-Decision-Quota-Remaining, and X-Decision-Quota-Reset (seconds until the next reset).
Error model
Predictable HTTP codes, structured error bodies
Every error returns a JSON body with a stable code, a human-readable message, and any context you need to recover.
{
"detail": {
"code": "quota_exceeded",
"message": "Monthly decision quota exceeded for the Procure Enterprise tier. Quota resets on the 1st of next month (UTC). Upgrade to the full WYRM Data tier at https://wyrm.ai/pricing for higher limits, or wait for the reset.",
"tier": "procure_enterprise",
"year_month": "2026-04"
}
}invalid_credentialsMissing / invalid API key or expired JWT.
tier_requiredYour tier is below the endpoint's minimum.
rate_limit_exceededPer-minute rate limit hit. Backoff with Retry-After.
quota_exceededMonthly decision quota exhausted. Retry-After = seconds until 1st of next month.
validation_errorPydantic schema rejection. Body lists offending fields.
upstream_unavailableA required upstream feed (sanctions, FX, freight) is down. Safe to retry.
Integrations
MCP server + webhooks
Beyond REST, Procure ships a Model Context Protocol server for direct use from Claude Desktop, Cursor, and other MCP clients. Webhook delivery is on the Enterprise roadmap.
MCP server (Pro+)
Run the Procure MCP server locally and bind your API key — your AI assistant gets the same tools the dashboard uses, with native function-calling.
# Claude Desktop config
{
"mcpServers": {
"wyrm-procure": {
"command": "python",
"args": ["-m", "app.mcp_server"],
"env": { "WYRM_API_KEY": "wyrm_sk_live_•••" }
}
}
}Webhooks (Enterprise — Q3 2026)
Subscribe to RFQ updates, supplier-acceptance events, sanctions watchlist hits, and decision audit-log entries over signed HTTPS callbacks. Ships with Enterprise tier.
Talk to us about early access: contact sales.
Versioning
Stable v1 surface, no surprise breakage
The /v1 prefix is contractually stable. Breaking changes ship as /v2 with at least 90 days of overlap. Additive changes (new endpoints, new optional fields) ship at any time without a version bump.
Deprecation schedule and migration notes are posted to the changelog. New customers should treat the OpenAPI spec at api.wyrm.ai/openapi.json as the source of truth — it's auto-generated from the running service and always reflects what's live.
Get an API key in 60 seconds
Pro is free for 7 days or until your first accepted RFQ — whichever comes first. Sign up, log in, generate a key, paste it into X-API-Key, and you're live.