Use this reference to enroll users, authenticate sessions, and retrieve metrics. Authenticate every request with your secret key in the Authorization: Bearer header. Test keys: sk_test_*. Live keys: sk_live_*.
https://api.graypass.org
https://api.graypass.org
Create or update a brainprint for a user.
POST /enrol
Authorization: Bearer sk_test_xxx
Content-Type: application/json
{
"user_id": "user@example.com",
"reaction_times": [420, 385, 510],
"keystroke_intervals": [85, 102, 78],
"consent": true
}
Verify a session against an enrolled user.
POST /auth
Authorization: Bearer sk_test_xxx
Content-Type: application/json
{
"user_id": "user@example.com",
"reaction_times": [415, 392, 498],
"keystroke_intervals": [88, 98, 82]
}
Response:
{
"ok": true,
"confidence": 0.847,
"decision": "accept",
"reason_codes": ["match:timing"]
}
Fetch system-level metrics and latency summaries.
GET /metrics Authorization: Bearer sk_test_xxx
Test: 1,000 req/hour. Live: 10,000 req/hour by default. 429 is returned on overage with remaining quota headers.
No raw frames stored. Timing series and optional gaze stats only. Send minimal PII (user_id as stable identifier).
Configure callbacks for enrollment, auth decisions, and anomalies. Verify signatures with your secret.
Keep test and live keys isolated. Responses include mode for cross-checking.
Need higher limits or enterprise controls? Reach out to the team with your use case and projected volume.
Contact: api@graypass.org