Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.secapi.ai/llms.txt

Use this file to discover all available pages before exploring further.

Launch checklist

Rollout stages

  • internal-only verification on api.secapi.ai
  • design-partner onboarding with org-scoped live API keys
  • low-volume external access with operator monitoring on every request path
  • broader public launch once billing, support, and replay workflows stay stable under live traffic

Current posture

  • production launch-readiness verifies the public API, auth metadata, key site routes, and security headers
  • benchmark, freshness, mapping, launch-readiness, and final-signoff gates are all part of the checked-in trust story, but they should be read from their current retained artifacts rather than assumed green by default
  • non-launch items such as gated sentiment or deferred backlog do not belong in the launch-ready surface area

Pre-launch gates

  • https://api.secapi.ai/healthz returns 200
  • https://api.secapi.ai/readyz returns 200
  • https://api.secapi.ai/.well-known/oauth-protected-resource returns 200
  • https://api.secapi.ai/.well-known/oauth-authorization-server returns the expected hosted status
  • https://api.secapi.ai/v1/billing/rates returns 200 and reflects the current public catalog
  • https://api.secapi.ai/v1/limits returns 200 with an API key and includes Request-Id, traceparent, Strict-Transport-Security, and X-Content-Type-Options: nosniff
  • https://api.secapi.ai/v1/factors/catalog returns 200 with an API key
  • https://api.secapi.ai/v1/intelligence/security?ticker=AAPL returns 200
  • https://api.secapi.ai/v1/intelligence/company?ticker=AAPL returns 200
  • https://api.secapi.ai/v1/intelligence/query returns 200 for the bounded allocator prompts in the gold corpus
  • https://secapi.ai/pricing, https://secapi.ai/login, https://secapi.ai/status, https://secapi.ai/changelog, https://secapi.ai/launch-checklist, and https://secapi.ai/onboarding are live with 200 responses and Strict-Transport-Security
  • benchmark gates pass when OMNI_VERIFY_RELEASE_WITH_BENCHMARKS=true
  • investor-intelligence corpus artifacts are current:
    • benchmarks/investor-intelligence/results/latest.json
    • ops/investor-intelligence-gold-corpus/latest.json
  • release artifacts are current:
    • ops/release-verification/latest.json
    • ops/launch-readiness/latest.json
    • ops/live-regression/latest.json
    • ops/sdk-supply-chain/latest.json
    • benchmarks/final/results/latest.json
  • SDK launch truth is honest:
    • ops/sdk-supply-chain/latest.json must be ready before treating public SDK distribution as launch-ready
  • covered investor-intelligence production routes must not pass launch if they only return market_data_not_configured
  • rollout and rollback runbooks are current
  • the latest Stripe posture audit identifies no unexplained catalog drift before rollout

Rollback rules

  • rollback immediately on sustained 5xx responses from api.secapi.ai
  • rollback immediately on auth or billing regressions that block existing tenants
  • pause onboarding if search, compensation, or statement workflows regress below the benchmark floor
  • document every rollback with the deploy request id, Railway deployment id, and affected request ids

Launch-day checklist

  • verify current Railway deployment id
  • run the production release verification script
  • run the production launch-readiness export
  • run the final signoff export
  • confirm /pricing renders the shared public catalog; /signup and API-key creation are the primary onboarding path (the /login route still renders a WorkOS OAuth entrypoint — enterprise human-auth is deferred to 2026 Q3+ but the route remains live)
  • confirm PostHog ingestion for datastream_api_request_completed
  • confirm Sentry receives fresh request traffic
  • verify one builder checkout flow and one billing portal flow
  • verify one starter-grant org can reach payg_pending_card and then recover through PAYG activation
  • verify one API quickstart and one MCP quickstart end to end
  • verify one semantic intelligence quickstart end to end
    • POST /v1/intelligence/query
    • GET /v1/intelligence/company?ticker=AAPL
  • if Dagster is in scope for the release, confirm the configured Dagster URL remains reachable

Support expectations

  • every external issue must include Request-Id
  • operator support uses /v1/admin/* before database access
  • delivery replay is the default first response for webhook incidents