API Overview
The TRF API exposes REST endpoints for retrieving traceability packages, posting events, and validating integrity. All examples use the API base URL https://api.trf.example.com/v1.
Authentication
Every request must include a bearer token:
curl \
-H "Authorization: Bearer YOUR_API_KEY" \
https://api.trf.example.com/v1/products
Tokens identify tenants and enforce rate limits. Rotate keys regularly and scope them to the minimal permissions your integration needs.
Endpoint Catalog
| Category | Methods | Description |
|---|---|---|
/products | GET, POST, GET /:id, PUT /:id, DELETE /:id | Manage product definitions and retrieve package IDs. |
/events | GET, POST, GET /:id, GET /products/:id/events | Publish and query lifecycle events for a product. |
/verify | POST /product/:id, POST /chain, GET /certificate/:id | Validate traceability coverage, chain-of-custody, and download signed certificates. |
Responses are JSON. A typical success payload looks like:
{
"success": true,
"data": {
"id": "prod_123",
"name": "Product Name",
"created": "2024-01-15T10:30:00Z"
},
"meta": {
"timestamp": "2024-01-15T10:30:00Z",
"version": "1.0"
}
}
Error Handling
Failures use consistent envelopes so clients can branch logic by error code:
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid product ID format",
"details": {}
}
}
Rate Limits
| Plan | Limit |
|---|---|
| Standard | 1,000 requests per hour |
| Premium | 10,000 requests per hour |
| Enterprise | Unlimited |
HTTP 429 Too Many Requests responses include Retry-After headers. Contact support to raise limits for bulk ingestion windows.
SDK Support
Official client libraries exist for JavaScript/TypeScript, Python, Java, C#/.NET, and Go. SDKs wrap authentication, pagination, and error handling to accelerate integration.