The HHIP spine, exposed as a tenant-scoped read API.
Five JSON endpoints. Per-tenant API keys. Server-enforced scopes and rate limits. Every call logged to api_usagefor full audit replay.
Authentication
Bearer token in the Authorization header. Tokens always start with isei_pk_live_. Issued by Mohala platform admins; only the SHA-256 hash is stored.
Scopes
Each key carries an explicit allowlist. A request to an endpoint outside its scope returns 403 scope_forbidden — no fallback, no silent downgrade.
Rate limits
Per-key quotas measured in requests per minute. Returned via X-RateLimit-Limit and X-RateLimit-Remaining; exceeded calls return 429.
GET /api/v1
| Path | Required scope | Source table | Default limit |
|---|---|---|---|
| /network-adequacy | network_adequacy:read | provider_reconciliation | 100 (max 500) |
| /legislation | legislation:read | bills_watchlist | 100 (max 500) |
| /grant-roi | grant_roi:read | grant_outcomes | 100 (max 500) |
| /workforce | workforce:read | workforce_supply | 100 (max 500) |
| /evidence-chains | evidence:read | audit_evidence_chains | 100 (max 500) |
All endpoints accept an optional ?limit=query param (1–500). Results are tenant-scoped server-side via the API key — you never need to pass a tenant identifier.
Your first request
Pick an endpoint — the snippet auto-fills with your most recently issued active key prefix when you're signed in. Replace the placeholder with the full secret you saved at issuance.
curl -sS "https://afkshgruekvvhdfexamk.functions.supabase.co/api-v1/network-adequacy?limit=25" \ -H "Authorization: Bearer isei_pk_live_xxxxxxxxxxxxxxxxxxxxxxxx"
| id | uuid | |
| tenant_id | uuid | always your tenant |
| insurer | string | |
| quarter | string | e.g. 2025Q1 |
| expected_providers | integer | |
| reached_providers | integer | |
| reachability_rate | number | 0–1 |
| qoq_delta | number | null | |
| hpsa_overlap_pct | number | null | |
| evidence_claim_id | uuid | null | |
| updated_at | timestamptz |
Every row also carries an evidence_claim_id when applicable — join against /evidence-chains to get the full sources array for any AI-derived claim.
Sign in to call /api/v1 with your session token — no API key required. Your tenant scope is resolved server-side.
JSON object with data: [...]. X-RateLimit-Remaining header included.
Missing, malformed, or unknown Bearer token (must begin with isei_pk_).
Key is valid but lacks the required scope for this endpoint.
Per-minute quota hit. Retry after the window in Retry-After.
Public-data freshness
Live status of every public-data feed (enforcement, MRF, HCRIS). Platform admins can re-run any source on demand.
Loading watchdog…
DCCA & AG batch audit
Each Firecrawl extraction batch records raw vs normalized counts, rows per source_url_hash, and the first offending payload when validation rejects a record (missing source_url_hash, source_document_url, or action_type_normalized).
Platform admin only — sign in with admin role to inspect ingest batches.
Keys are issued by Mohala platform admins, one per tenant.
Email sdk@isei.is with your tenant, intended scopes, and expected throughput.
Request access