OpenACAI API
The public resource endpoints remain available at openacai.com. Private HelpOps APIs require Cloudflare Access and app roles.
- GET /openapi.json
- Machine-readable OpenAPI contract for websites, integrations, and future mobile apps.
- GET /.well-known/openacai-mobile.json
- Mobile bootstrap metadata for Android and iOS clients.
- GET /.well-known/openacai-mobile-package.json
- Single package manifest with hashes, byte sizes, cache metadata, and required app-facing public documents.
- GET /.well-known/openacai-developer-handoff.json
- Public developer and mobile-client handoff: startup order, stable contracts, Cloudflare boundaries, privacy rules, and fallback behavior.
- GET /.well-known/openacai-public-exports.json
- Stable catalog of public openacai.com resource and forms exports for apps, monitors, and integrations.
- GET /.well-known/openacai-app-links.json
- Native Android/iOS app-link readiness, standards endpoints, and future deep-link route policy.
- GET /.well-known/openacai-native-release.json
- Native Android/iOS release readiness, app-store prerequisites, safety boundaries, and web fallback policy.
- GET /.well-known/openacai-app-store-readiness.json
- Public Android/iOS store-submission checklist, privacy/support URLs, native feature gates, and web-only boundaries.
- GET /.well-known/openacai-client-compatibility.json
- Client/API compatibility matrix, deprecation rules, startup document policy, and safe fallback behavior.
- GET /api/v1/mobile/compatibility/decision
- Public privacy-safe client compatibility decision from non-identifying app hints.
- GET /.well-known/openacai-client-update-policy.json
- Public client update, rollback, kill-switch, and web fallback policy for PWA, Android, and iOS clients.
- GET /.well-known/openacai-release-channels.json
- Public release-channel, rollback-floor, store-prompt, and degraded-mode policy for web, PWA, Android, iOS, and integrations.
- GET /.well-known/openacai-client-readiness.json
- Public launch gates, feature flags, privacy rules, and required documents for future native clients.
- GET /.well-known/openacai-anti-abuse.json
- Public anti-abuse posture for contact forms, Turnstile, rate limits, mobile fallbacks, and privacy boundaries.
- GET /.well-known/openacai-security-policy.json
- Public browser/API security header, cache, CORS, and client privacy boundary policy.
- GET /.well-known/openacai-data-safety.json
- Public data collection, retention, analytics, local storage, and app-store privacy label policy.
- GET /.well-known/openacai-account-data.json
- Public account, deletion, export, signed-in sync, and case-status readiness policy.
- GET /.well-known/openacai-social-readiness.json
- Public profile, social sign-in, moderation, and GAMHON account-readiness boundaries.
- GET /.well-known/openacai-identity-readiness.json
- Public identity, OAuth/social sign-in, Cloudflare Access, native redirect, and session-boundary readiness contract.
- GET /.well-known/openacai-community-safety.json
- Public moderation, reporting, blocking, youth-safety, and multiplayer launch-gate contract.
- GET /.well-known/openacai-notification-policy.json
- Public email, push, SMS, consent, quiet-hours, and notification privacy policy.
- GET /.well-known/openacai-native-permissions.json
- Public Android/iOS permission policy for location, camera, microphone, photos, contacts, notifications, and native privacy gates.
- GET /.well-known/openacai-app-integrity.json
- Public Android/iOS app integrity and attestation policy for Play Integrity, App Attest, DeviceCheck, Cloudflare Access, and private native API gates.
- GET /.well-known/openacai-design-system.json
- Public design tokens, voice rules, accessibility rules, and component guidance for web, PWA, Android, and iOS clients.
- GET /.well-known/openacai-accessibility.json
- Public WCAG, screen reader, keyboard, reduced motion, text scaling, and form accessibility policy.
- GET /.well-known/openacai-cache-policy.json
- Public Cloudflare, browser, PWA, and native app cache/freshness policy.
- GET /.well-known/openacai-offline-bundle.json
- Public offline bundle manifest for cacheable resources, public docs, route boundaries, and native/PWA fallback rules.
- GET /.well-known/openacai-measurement-policy.json
- Public privacy-safe analytics, conversion, and Google Ad Grants measurement policy.
- GET /.well-known/openacai-client-diagnostics.json
- Public privacy-safe client diagnostics policy for web, Android, and iOS; ingestion is disabled until future consent, abuse, and retention gates are complete.
- GET /.well-known/openacai-performance-budget.json
- Public performance, startup-size, cache, and graceful-degradation budgets for web, PWA, Android, and iOS clients.
- GET /.well-known/openacai-ad-grants-readiness.json
- Public Ad Grants landing-page, conversion, keyword, sitelink, and account-maintenance readiness map.
- GET /.well-known/openacai-route-manifest.json
- Public route, navigation, web fallback, offline-safety, and native screen manifest.
- GET /.well-known/openacai-service-status.json
- Public service status, component health, client guidance, and safe fallback behavior.
- GET /.well-known/openacai-continuity.json
- Public continuity, backup-readiness, last-known-good, recovery, and outage behavior contract.
- GET /.well-known/openacai-resilience-policy.json
- Public client resilience policy for edge issues, slow APIs, offline mode, rate limits, and protected-route redirects.
- GET /.well-known/openacai-api-client-policy.json
- Public API client behavior, request classes, response handling, bounded retry, rate-limit, and privacy policy.
- GET /.well-known/openacai-app-config.json
- Public remote app configuration for web, Android, and iOS clients.
- GET /.well-known/openacai-app-config-schema.json
- Public JSON Schema for validating the remote app configuration contract.
- GET /.well-known/openacai-mobile-contract-verification.json
- Public mobile contract verifier status for app startup diagnostics.
- GET /.well-known/openacai-edge-capabilities.json
- Sanitized Cloudflare, cache, Access, R2, tunnel, and mobile edge posture.
- GET /.well-known/openacai-edge-security-readiness.json
- Sanitized Cloudflare zone, HTTPS, WAF, cache, and Access security readiness without rule IDs or secrets.
- GET /.well-known/openacai-edge-operations.json
- Public-safe Cloudflare edge operations playbook for web, PWA, and future Android/iOS clients.
- GET /.well-known/openacai-storage-readiness.json
- Sanitized encrypted private-file storage readiness, signed-link behavior, retention, and mobile cache boundaries.
- GET /.well-known/openacai-resource-manifest.json
- Stable checksum manifest for public resource exports.
- GET /.well-known/openacai-resource-index.json
- Stable per-listing index for offline resource search and mobile sync decisions.
- GET /.well-known/openacai-resource-quality.json
- Stable public resource freshness, verification, coverage, and correction-readiness summary.
- GET /.well-known/openacai-resource-feedback-policy.json
- Stable public resource correction, partner suggestion, review, and privacy policy.
- GET /.well-known/openacai-resource-delta.json
- Stable lightweight resource delta for app sync decisions.
- GET /.well-known/openacai-resource-search.json
- Stable compact search index for offline resource search and client-side suggestions.
- GET /.well-known/openacai-resource-taxonomy.json
- Stable resource category labels, ordering, counts, and mobile UI hints.
- GET /.well-known/openacai-service-area.json
- Stable service-area manifest for local county filters and statewide resource handling.
- GET /.well-known/openacai-help-guides.json
- Stable help-guide manifest for mobile need-based navigation and preparation checklists.
- GET /.well-known/openacai-help-planner.json
- Stable local-only help planner contract for next-step paths, copy/print behavior, and web contact fallback.
- GET /.well-known/openacai-form-packets.json
- Stable local-only form packet templates for print, copy, download, and native form prep screens.
- GET /.well-known/openacai-intake-policy.json
- Stable public contact/intake policy for mobile clients and integrations.
- GET /.well-known/openacai-intake-schema.json
- Stable public contact-draft schema for Android/iOS local validation before web handoff.
- POST /api/v1/intake
- Creates a minimal help request from the public website or a trusted integration.
- GET /api/v1/status
- Public API health/version signal for websites and future mobile apps.
- GET /api/v1/platform-health
- Public sanitized platform monitor snapshot for status pages and app startup checks.
- GET /api/v1/service-status
- Public service status alias for integrations and status pages.
- GET /api/v1/resilience-policy
- Public client resilience policy alias for integrations and app clients.
- GET /api/v1/api-client-policy
- Public API client behavior policy alias for integrations and app clients.
- GET /api/v1/native-permissions
- Public Android/iOS permission policy alias for integrations and app clients.
- GET /api/v1/app-integrity
- Public Android/iOS app integrity and attestation policy alias for integrations and app clients.
- GET /api/v1/design-system
- Public design-system alias for integrations and app clients.
- GET /api/v1/mobile/bootstrap
- Public mobile bootstrap metadata for Android/iOS app configuration.
- GET /api/v1/mobile/package
- Public mobile package manifest for cache validation and offline startup decisions.
- GET /api/v1/mobile/developer-handoff
- Mobile alias for the developer/client integration handoff contract.
- GET /api/v1/public-exports
- Public catalog of resource and forms exports hosted on openacai.com.
- GET /api/v1/mobile/public-exports
- Mobile alias for the public export catalog.
- GET /api/v1/mobile/app-links
- Public Android/iOS app-link and deep-link policy.
- GET /api/v1/mobile/native-release
- Public native app release readiness, app-store prerequisites, and safe feature boundaries.
- GET /api/v1/mobile/app-store-readiness
- Public Android/iOS store-submission readiness checklist, required policies, and native feature gates.
- GET /api/v1/mobile/client-compatibility
- Public client/API compatibility matrix, deprecation rules, and safe fallback behavior.
- GET /api/v1/mobile/client-update-policy
- Public client update, rollback, kill-switch, and web fallback policy.
- GET /api/v1/mobile/release-channels
- Public release-channel and rollback policy for web, PWA, Android, iOS, and integrations.
- GET /api/v1/mobile/client-readiness
- Public launch gates, feature flags, privacy rules, and required documents for future native clients.
- GET /api/v1/mobile/anti-abuse
- Public anti-abuse posture for contact forms, Turnstile, rate limits, mobile fallbacks, and privacy boundaries.
- GET /api/v1/mobile/security-policy
- Public browser/API security header, cache, CORS, and client privacy boundary policy.
- GET /api/v1/mobile/data-safety
- Public data collection, retention, analytics, local storage, and app-store privacy label policy.
- GET /api/v1/mobile/account-data
- Public account, deletion, export, signed-in sync, and case-status readiness policy.
- GET /api/v1/mobile/social-readiness
- Public profile, social sign-in, moderation, and GAMHON account-readiness boundaries.
- GET /api/v1/mobile/identity-readiness
- Public identity, OAuth/social sign-in, Cloudflare Access, native redirect, and session-boundary readiness contract.
- GET /api/v1/mobile/community-safety
- Public moderation, reporting, blocking, youth-safety, and multiplayer launch-gate contract.
- GET /api/v1/mobile/notification-policy
- Public email, push, SMS, consent, quiet-hours, and notification privacy policy.
- GET /api/v1/mobile/native-permissions
- Public Android/iOS permission policy for location, camera, microphone, photos, contacts, notifications, and native privacy gates.
- GET /api/v1/mobile/app-integrity
- Public Android/iOS app integrity and attestation policy for private native API gates.
- GET /api/v1/mobile/design-system
- Public design-system contract for web, PWA, Android, and iOS UI and copy behavior.
- GET /api/v1/mobile/accessibility
- Public WCAG, screen reader, keyboard, reduced motion, text scaling, and form accessibility policy.
- GET /api/v1/mobile/cache-policy
- Public Cloudflare, browser, PWA, and native app cache/freshness policy.
- GET /api/v1/mobile/offline-bundle
- Public offline bundle manifest for Android/iOS and PWA cache validation.
- GET /api/v1/mobile/measurement-policy
- Public privacy-safe analytics, conversion, and Google Ad Grants measurement policy.
- GET /api/v1/mobile/client-diagnostics
- Public privacy-safe client diagnostics policy; local-only diagnostics are allowed, upload remains disabled.
- GET /api/v1/mobile/performance-budget
- Public performance and startup budget contract for future Android/iOS and current web/PWA clients.
- GET /api/v1/mobile/ad-grants-readiness
- Public Ad Grants landing-page, conversion, keyword, sitelink, and account-maintenance readiness map.
- GET /api/v1/mobile/routes
- Public route, navigation, web fallback, offline-safety, and native screen manifest.
- GET /api/v1/mobile/service-status
- Public service status and client fallback guidance for web, Android, and iOS clients.
- GET /api/v1/mobile/continuity
- Public continuity and recovery policy for offline clients, last-known-good data, backups, and outage behavior.
- GET /api/v1/mobile/api-client-policy
- Public API client behavior, request classes, response handling, bounded retry, rate-limit, and privacy policy.
- GET /api/v1/mobile/app-config
- Public remote app configuration, feature flags, endpoint map, and safety defaults.
- GET /api/v1/mobile/app-config-schema
- Public JSON Schema for validating app configuration before applying it.
- GET /api/v1/mobile/contract-verification
- Public mobile contract verifier status and package validation summary.
- GET /api/v1/edge/capabilities
- Sanitized Cloudflare, cache, Access, R2, tunnel, and mobile edge posture.
- GET /api/v1/mobile/edge-capabilities
- Mobile alias for the sanitized edge capability contract.
- GET /api/v1/edge/security-readiness
- Sanitized Cloudflare zone, HTTPS, WAF, cache, and Access security readiness.
- GET /api/v1/mobile/edge-security-readiness
- Mobile alias for Cloudflare edge security readiness and client fallback rules.
- GET /api/v1/edge/tunnel-readiness
- Sanitized Cloudflare Tunnel readiness posture without tokens, tunnel IDs, or origin addresses.
- GET /api/v1/mobile/tunnel-readiness
- Mobile alias for safe private-origin tunnel readiness and client fallback rules.
- GET /api/v1/edge/access-readiness
- Sanitized Cloudflare Access readiness for private portals and future mobile clients.
- GET /api/v1/mobile/access-readiness
- Mobile alias for private portal Access gating and app-role boundary rules.
- GET /api/v1/edge/storage-readiness
- Sanitized encrypted private-file storage readiness, signed-link behavior, retention, and mobile cache boundaries.
- GET /api/v1/mobile/storage-readiness
- Mobile alias for private case-file storage readiness and native upload/download gating.
- GET /api/v1/mobile/sync
- Public resource sync contract for offline-capable Android/iOS clients.
- GET /api/v1/mobile/resource-manifest
- Public checksum manifest for resource exports, cache validation, and offline sync decisions.
- GET /api/v1/mobile/resource-index
- Public per-listing sync index with item hashes, categories, needs, and coverage metadata.
- GET /api/v1/mobile/resource-quality
- Public resource freshness, verification, coverage, and correction-readiness summary.
- GET /api/v1/mobile/resource-feedback-policy
- Public resource correction, partner suggestion, review, and privacy policy.
- GET /api/v1/mobile/resource-delta
- Public added/changed/removed resource summary for lightweight app sync.
- GET /api/v1/mobile/resource-search
- Public compact search index for mobile/offline resource lookup.
- GET /api/v1/mobile/resource-taxonomy
- Public category taxonomy for mobile filters, tabs, and help sections.
- GET /api/v1/mobile/service-area
- Public local service-area metadata for mobile county selection and location privacy behavior.
- GET /api/v1/mobile/help-guides
- Public help-guide metadata for need-based mobile navigation.
- GET /api/v1/mobile/help-planner
- Public local-only help planner paths for resources, forms, crisis safety, technology, and GAMHON.
- GET /api/v1/mobile/form-packets
- Public form packet templates for local-only worksheets, print, copy, and download flows.
- GET /api/v1/mobile/intake-policy
- Public app-safe intake policy, fields, privacy rules, and contact flow metadata.
- GET /api/v1/mobile/intake-schema
- Public contact-draft schema for mobile local validation and no-store web contact handoff.
- GET /api/v1/schemas/resource-export-1.2
- Public JSON Schema for validating the resource export consumed by apps and integrations.
- GET /api/v1/schemas/app-config-1.0
- Public JSON Schema for validating remote app configuration.
- GET /api/v1/schemas/intake-1.0
- Public JSON Schema-style contract for validating mobile contact drafts.
- GET /api/v1/domain-roles
- Public manifest describing OpenACAI domain roles and privacy boundaries.
- GET /api/v1/admin/platform
- Private admin summary for platform health, resource publishing, cases, partner queues, and mobile readiness.
- GET /api/v1/admin/users
- Private admin role-management list for Access-authenticated OpenACAI app users.
- POST /api/v1/admin/users
- Private admin create/update endpoint for app users and app roles.
- POST /api/v1/admin/users/{userId}/roles
- Private admin endpoint for assigning app roles and activation status.
- GET /api/v1/cases
- Staff case queue.
- POST /api/v1/cases/{caseId}/assignment
- Case manager assignment or unassignment.
- POST /api/v1/cases/{caseId}/followups
- Create a private follow-up reminder for a case.
- POST /api/v1/cases/{caseId}/followups/{followUpId}/complete
- Mark a private follow-up reminder completed.
- GET /api/v1/resource-suggestions
- Private reviewer queue for partner-submitted resource suggestions.
- POST /api/v1/resource-suggestions
- Partner resource suggestion intake.
- POST /api/v1/resource-suggestions/{suggestionId}/status
- Reviewer status update for a partner suggestion.
- GET /api/v1/resources/verification
- Private reviewer queue for stale or needs-review public resource listings.
- POST /api/v1/resources/{resourceId}/assignment
- Reviewer assigns or unassigns public resource verification work.
- POST /api/v1/resources/{resourceId}/verify
- Reviewer updates public resource verification metadata.