https://api.pidgeon.health
Authentication
Two authentication schemes are supported. Include one on protected endpoints:Response Format
Authorization Policies
| Policy | Requirement |
|---|---|
| Public | No authentication required |
| Authenticated | Valid JWT or API Key |
| OrgMember | Authenticated + org_id claim |
| LoftViewer | OrgMember + Viewer role |
| LoftOperator | OrgMember + Operator role |
| LoftEditor | OrgMember + Editor role |
| LoftAdmin | OrgMember + Admin role |
Rate Limits
| Tier | Limit |
|---|---|
| Free | 100 requests/minute |
| Pro | 1,000 requests/minute |
| Enterprise | Custom |
X-RateLimit-Limit— Maximum requests per windowX-RateLimit-Remaining— Remaining requestsX-RateLimit-Reset— Window reset timestamp
Endpoint Groups
| Group | Auth | Description |
|---|---|---|
| Generate | Public | Synthetic message generation |
| Validate | Public | Message validation |
| Diff | Public | Message comparison |
| AI Triage | Public | AI-powered failure analysis |
| Loft Interfaces | Public | Interface CRUD + metrics |
| Loft Alerts | Public | Alert management |
| Loft Status | Public | Status and reports |
| Analytics | Public | Time-series and dashboards |
| Traces | Public | Patient tracing and gaps |
| Flock | Public | Population generation |
| Admin | LoftAdmin | RBAC, workspaces, SLA |
| Enterprise | LoftAdmin | SSO, audit, observability |
| SignalR | JWT/API Key | Real-time updates |
Content Type
All request and response bodies use JSON. SetContent-Type: application/json on all requests with a body.