OpenACAI API

The public resource endpoints remain available at openacai.com. Private HelpOps APIs require Cloudflare Access and app roles.

GET /openapi.json
Machine-readable OpenAPI contract for websites, integrations, and future mobile apps.
GET /.well-known/openacai-mobile.json
Mobile bootstrap metadata for Android and iOS clients.
GET /.well-known/openacai-mobile-package.json
Single package manifest with hashes, byte sizes, cache metadata, and required app-facing public documents.
GET /.well-known/openacai-developer-handoff.json
Public developer and mobile-client handoff: startup order, stable contracts, Cloudflare boundaries, privacy rules, and fallback behavior.
GET /.well-known/openacai-public-exports.json
Stable catalog of public openacai.com resource and forms exports for apps, monitors, and integrations.
GET /.well-known/openacai-app-links.json
Native Android/iOS app-link readiness, standards endpoints, and future deep-link route policy.
GET /.well-known/openacai-native-release.json
Native Android/iOS release readiness, app-store prerequisites, safety boundaries, and web fallback policy.
GET /.well-known/openacai-app-store-readiness.json
Public Android/iOS store-submission checklist, privacy/support URLs, native feature gates, and web-only boundaries.
GET /.well-known/openacai-client-compatibility.json
Client/API compatibility matrix, deprecation rules, startup document policy, and safe fallback behavior.
GET /api/v1/mobile/compatibility/decision
Public privacy-safe client compatibility decision from non-identifying app hints.
GET /.well-known/openacai-client-update-policy.json
Public client update, rollback, kill-switch, and web fallback policy for PWA, Android, and iOS clients.
GET /.well-known/openacai-release-channels.json
Public release-channel, rollback-floor, store-prompt, and degraded-mode policy for web, PWA, Android, iOS, and integrations.
GET /.well-known/openacai-client-readiness.json
Public launch gates, feature flags, privacy rules, and required documents for future native clients.
GET /.well-known/openacai-anti-abuse.json
Public anti-abuse posture for contact forms, Turnstile, rate limits, mobile fallbacks, and privacy boundaries.
GET /.well-known/openacai-security-policy.json
Public browser/API security header, cache, CORS, and client privacy boundary policy.
GET /.well-known/openacai-data-safety.json
Public data collection, retention, analytics, local storage, and app-store privacy label policy.
GET /.well-known/openacai-account-data.json
Public account, deletion, export, signed-in sync, and case-status readiness policy.
GET /.well-known/openacai-social-readiness.json
Public profile, social sign-in, moderation, and GAMHON account-readiness boundaries.
GET /.well-known/openacai-identity-readiness.json
Public identity, OAuth/social sign-in, Cloudflare Access, native redirect, and session-boundary readiness contract.
GET /.well-known/openacai-community-safety.json
Public moderation, reporting, blocking, youth-safety, and multiplayer launch-gate contract.
GET /.well-known/openacai-notification-policy.json
Public email, push, SMS, consent, quiet-hours, and notification privacy policy.
GET /.well-known/openacai-native-permissions.json
Public Android/iOS permission policy for location, camera, microphone, photos, contacts, notifications, and native privacy gates.
GET /.well-known/openacai-app-integrity.json
Public Android/iOS app integrity and attestation policy for Play Integrity, App Attest, DeviceCheck, Cloudflare Access, and private native API gates.
GET /.well-known/openacai-design-system.json
Public design tokens, voice rules, accessibility rules, and component guidance for web, PWA, Android, and iOS clients.
GET /.well-known/openacai-accessibility.json
Public WCAG, screen reader, keyboard, reduced motion, text scaling, and form accessibility policy.
GET /.well-known/openacai-cache-policy.json
Public Cloudflare, browser, PWA, and native app cache/freshness policy.
GET /.well-known/openacai-offline-bundle.json
Public offline bundle manifest for cacheable resources, public docs, route boundaries, and native/PWA fallback rules.
GET /.well-known/openacai-measurement-policy.json
Public privacy-safe analytics, conversion, and Google Ad Grants measurement policy.
GET /.well-known/openacai-client-diagnostics.json
Public privacy-safe client diagnostics policy for web, Android, and iOS; ingestion is disabled until future consent, abuse, and retention gates are complete.
GET /.well-known/openacai-performance-budget.json
Public performance, startup-size, cache, and graceful-degradation budgets for web, PWA, Android, and iOS clients.
GET /.well-known/openacai-ad-grants-readiness.json
Public Ad Grants landing-page, conversion, keyword, sitelink, and account-maintenance readiness map.
GET /.well-known/openacai-route-manifest.json
Public route, navigation, web fallback, offline-safety, and native screen manifest.
GET /.well-known/openacai-service-status.json
Public service status, component health, client guidance, and safe fallback behavior.
GET /.well-known/openacai-continuity.json
Public continuity, backup-readiness, last-known-good, recovery, and outage behavior contract.
GET /.well-known/openacai-resilience-policy.json
Public client resilience policy for edge issues, slow APIs, offline mode, rate limits, and protected-route redirects.
GET /.well-known/openacai-api-client-policy.json
Public API client behavior, request classes, response handling, bounded retry, rate-limit, and privacy policy.
GET /.well-known/openacai-app-config.json
Public remote app configuration for web, Android, and iOS clients.
GET /.well-known/openacai-app-config-schema.json
Public JSON Schema for validating the remote app configuration contract.
GET /.well-known/openacai-mobile-contract-verification.json
Public mobile contract verifier status for app startup diagnostics.
GET /.well-known/openacai-edge-capabilities.json
Sanitized Cloudflare, cache, Access, R2, tunnel, and mobile edge posture.
GET /.well-known/openacai-edge-security-readiness.json
Sanitized Cloudflare zone, HTTPS, WAF, cache, and Access security readiness without rule IDs or secrets.
GET /.well-known/openacai-edge-operations.json
Public-safe Cloudflare edge operations playbook for web, PWA, and future Android/iOS clients.
GET /.well-known/openacai-storage-readiness.json
Sanitized encrypted private-file storage readiness, signed-link behavior, retention, and mobile cache boundaries.
GET /.well-known/openacai-resource-manifest.json
Stable checksum manifest for public resource exports.
GET /.well-known/openacai-resource-index.json
Stable per-listing index for offline resource search and mobile sync decisions.
GET /.well-known/openacai-resource-quality.json
Stable public resource freshness, verification, coverage, and correction-readiness summary.
GET /.well-known/openacai-resource-feedback-policy.json
Stable public resource correction, partner suggestion, review, and privacy policy.
GET /.well-known/openacai-resource-delta.json
Stable lightweight resource delta for app sync decisions.
GET /.well-known/openacai-resource-search.json
Stable compact search index for offline resource search and client-side suggestions.
GET /.well-known/openacai-resource-taxonomy.json
Stable resource category labels, ordering, counts, and mobile UI hints.
GET /.well-known/openacai-service-area.json
Stable service-area manifest for local county filters and statewide resource handling.
GET /.well-known/openacai-help-guides.json
Stable help-guide manifest for mobile need-based navigation and preparation checklists.
GET /.well-known/openacai-help-planner.json
Stable local-only help planner contract for next-step paths, copy/print behavior, and web contact fallback.
GET /.well-known/openacai-form-packets.json
Stable local-only form packet templates for print, copy, download, and native form prep screens.
GET /.well-known/openacai-intake-policy.json
Stable public contact/intake policy for mobile clients and integrations.
GET /.well-known/openacai-intake-schema.json
Stable public contact-draft schema for Android/iOS local validation before web handoff.
POST /api/v1/intake
Creates a minimal help request from the public website or a trusted integration.
GET /api/v1/status
Public API health/version signal for websites and future mobile apps.
GET /api/v1/platform-health
Public sanitized platform monitor snapshot for status pages and app startup checks.
GET /api/v1/service-status
Public service status alias for integrations and status pages.
GET /api/v1/resilience-policy
Public client resilience policy alias for integrations and app clients.
GET /api/v1/api-client-policy
Public API client behavior policy alias for integrations and app clients.
GET /api/v1/native-permissions
Public Android/iOS permission policy alias for integrations and app clients.
GET /api/v1/app-integrity
Public Android/iOS app integrity and attestation policy alias for integrations and app clients.
GET /api/v1/design-system
Public design-system alias for integrations and app clients.
GET /api/v1/mobile/bootstrap
Public mobile bootstrap metadata for Android/iOS app configuration.
GET /api/v1/mobile/package
Public mobile package manifest for cache validation and offline startup decisions.
GET /api/v1/mobile/developer-handoff
Mobile alias for the developer/client integration handoff contract.
GET /api/v1/public-exports
Public catalog of resource and forms exports hosted on openacai.com.
GET /api/v1/mobile/public-exports
Mobile alias for the public export catalog.
GET /api/v1/mobile/app-links
Public Android/iOS app-link and deep-link policy.
GET /api/v1/mobile/native-release
Public native app release readiness, app-store prerequisites, and safe feature boundaries.
GET /api/v1/mobile/app-store-readiness
Public Android/iOS store-submission readiness checklist, required policies, and native feature gates.
GET /api/v1/mobile/client-compatibility
Public client/API compatibility matrix, deprecation rules, and safe fallback behavior.
GET /api/v1/mobile/client-update-policy
Public client update, rollback, kill-switch, and web fallback policy.
GET /api/v1/mobile/release-channels
Public release-channel and rollback policy for web, PWA, Android, iOS, and integrations.
GET /api/v1/mobile/client-readiness
Public launch gates, feature flags, privacy rules, and required documents for future native clients.
GET /api/v1/mobile/anti-abuse
Public anti-abuse posture for contact forms, Turnstile, rate limits, mobile fallbacks, and privacy boundaries.
GET /api/v1/mobile/security-policy
Public browser/API security header, cache, CORS, and client privacy boundary policy.
GET /api/v1/mobile/data-safety
Public data collection, retention, analytics, local storage, and app-store privacy label policy.
GET /api/v1/mobile/account-data
Public account, deletion, export, signed-in sync, and case-status readiness policy.
GET /api/v1/mobile/social-readiness
Public profile, social sign-in, moderation, and GAMHON account-readiness boundaries.
GET /api/v1/mobile/identity-readiness
Public identity, OAuth/social sign-in, Cloudflare Access, native redirect, and session-boundary readiness contract.
GET /api/v1/mobile/community-safety
Public moderation, reporting, blocking, youth-safety, and multiplayer launch-gate contract.
GET /api/v1/mobile/notification-policy
Public email, push, SMS, consent, quiet-hours, and notification privacy policy.
GET /api/v1/mobile/native-permissions
Public Android/iOS permission policy for location, camera, microphone, photos, contacts, notifications, and native privacy gates.
GET /api/v1/mobile/app-integrity
Public Android/iOS app integrity and attestation policy for private native API gates.
GET /api/v1/mobile/design-system
Public design-system contract for web, PWA, Android, and iOS UI and copy behavior.
GET /api/v1/mobile/accessibility
Public WCAG, screen reader, keyboard, reduced motion, text scaling, and form accessibility policy.
GET /api/v1/mobile/cache-policy
Public Cloudflare, browser, PWA, and native app cache/freshness policy.
GET /api/v1/mobile/offline-bundle
Public offline bundle manifest for Android/iOS and PWA cache validation.
GET /api/v1/mobile/measurement-policy
Public privacy-safe analytics, conversion, and Google Ad Grants measurement policy.
GET /api/v1/mobile/client-diagnostics
Public privacy-safe client diagnostics policy; local-only diagnostics are allowed, upload remains disabled.
GET /api/v1/mobile/performance-budget
Public performance and startup budget contract for future Android/iOS and current web/PWA clients.
GET /api/v1/mobile/ad-grants-readiness
Public Ad Grants landing-page, conversion, keyword, sitelink, and account-maintenance readiness map.
GET /api/v1/mobile/routes
Public route, navigation, web fallback, offline-safety, and native screen manifest.
GET /api/v1/mobile/service-status
Public service status and client fallback guidance for web, Android, and iOS clients.
GET /api/v1/mobile/continuity
Public continuity and recovery policy for offline clients, last-known-good data, backups, and outage behavior.
GET /api/v1/mobile/api-client-policy
Public API client behavior, request classes, response handling, bounded retry, rate-limit, and privacy policy.
GET /api/v1/mobile/app-config
Public remote app configuration, feature flags, endpoint map, and safety defaults.
GET /api/v1/mobile/app-config-schema
Public JSON Schema for validating app configuration before applying it.
GET /api/v1/mobile/contract-verification
Public mobile contract verifier status and package validation summary.
GET /api/v1/edge/capabilities
Sanitized Cloudflare, cache, Access, R2, tunnel, and mobile edge posture.
GET /api/v1/mobile/edge-capabilities
Mobile alias for the sanitized edge capability contract.
GET /api/v1/edge/security-readiness
Sanitized Cloudflare zone, HTTPS, WAF, cache, and Access security readiness.
GET /api/v1/mobile/edge-security-readiness
Mobile alias for Cloudflare edge security readiness and client fallback rules.
GET /api/v1/edge/tunnel-readiness
Sanitized Cloudflare Tunnel readiness posture without tokens, tunnel IDs, or origin addresses.
GET /api/v1/mobile/tunnel-readiness
Mobile alias for safe private-origin tunnel readiness and client fallback rules.
GET /api/v1/edge/access-readiness
Sanitized Cloudflare Access readiness for private portals and future mobile clients.
GET /api/v1/mobile/access-readiness
Mobile alias for private portal Access gating and app-role boundary rules.
GET /api/v1/edge/storage-readiness
Sanitized encrypted private-file storage readiness, signed-link behavior, retention, and mobile cache boundaries.
GET /api/v1/mobile/storage-readiness
Mobile alias for private case-file storage readiness and native upload/download gating.
GET /api/v1/mobile/sync
Public resource sync contract for offline-capable Android/iOS clients.
GET /api/v1/mobile/resource-manifest
Public checksum manifest for resource exports, cache validation, and offline sync decisions.
GET /api/v1/mobile/resource-index
Public per-listing sync index with item hashes, categories, needs, and coverage metadata.
GET /api/v1/mobile/resource-quality
Public resource freshness, verification, coverage, and correction-readiness summary.
GET /api/v1/mobile/resource-feedback-policy
Public resource correction, partner suggestion, review, and privacy policy.
GET /api/v1/mobile/resource-delta
Public added/changed/removed resource summary for lightweight app sync.
GET /api/v1/mobile/resource-search
Public compact search index for mobile/offline resource lookup.
GET /api/v1/mobile/resource-taxonomy
Public category taxonomy for mobile filters, tabs, and help sections.
GET /api/v1/mobile/service-area
Public local service-area metadata for mobile county selection and location privacy behavior.
GET /api/v1/mobile/help-guides
Public help-guide metadata for need-based mobile navigation.
GET /api/v1/mobile/help-planner
Public local-only help planner paths for resources, forms, crisis safety, technology, and GAMHON.
GET /api/v1/mobile/form-packets
Public form packet templates for local-only worksheets, print, copy, and download flows.
GET /api/v1/mobile/intake-policy
Public app-safe intake policy, fields, privacy rules, and contact flow metadata.
GET /api/v1/mobile/intake-schema
Public contact-draft schema for mobile local validation and no-store web contact handoff.
GET /api/v1/schemas/resource-export-1.2
Public JSON Schema for validating the resource export consumed by apps and integrations.
GET /api/v1/schemas/app-config-1.0
Public JSON Schema for validating remote app configuration.
GET /api/v1/schemas/intake-1.0
Public JSON Schema-style contract for validating mobile contact drafts.
GET /api/v1/domain-roles
Public manifest describing OpenACAI domain roles and privacy boundaries.
GET /api/v1/admin/platform
Private admin summary for platform health, resource publishing, cases, partner queues, and mobile readiness.
GET /api/v1/admin/users
Private admin role-management list for Access-authenticated OpenACAI app users.
POST /api/v1/admin/users
Private admin create/update endpoint for app users and app roles.
POST /api/v1/admin/users/{userId}/roles
Private admin endpoint for assigning app roles and activation status.
GET /api/v1/cases
Staff case queue.
POST /api/v1/cases/{caseId}/assignment
Case manager assignment or unassignment.
POST /api/v1/cases/{caseId}/followups
Create a private follow-up reminder for a case.
POST /api/v1/cases/{caseId}/followups/{followUpId}/complete
Mark a private follow-up reminder completed.
GET /api/v1/resource-suggestions
Private reviewer queue for partner-submitted resource suggestions.
POST /api/v1/resource-suggestions
Partner resource suggestion intake.
POST /api/v1/resource-suggestions/{suggestionId}/status
Reviewer status update for a partner suggestion.
GET /api/v1/resources/verification
Private reviewer queue for stale or needs-review public resource listings.
POST /api/v1/resources/{resourceId}/assignment
Reviewer assigns or unassigns public resource verification work.
POST /api/v1/resources/{resourceId}/verify
Reviewer updates public resource verification metadata.