API
Verified commodity trade,
programmable.
Verified commodity trade — farm to payment. AXK Network provides transparent, blockchain-anchored traceability for agricultural commodities (coffee, cocoa) from cooperative to buyer. All Lot, Order, and Escrow operations are anchored to the Xahau ledger.
30 seconds — confirm the API is live. Resolving a did:axk identity is public, no auth.
# 30-second check — no auth needed curl "https://app.axk.org/api/method/axk_network.did.api.resolve?did=did:axk:xahau:r34qv2ALLNBetUhijFDeWbfYBB7mrt8Bgj" # => { "didDocument": { ... }, "didResolutionMetadata": { "contentType": "application/did+ld+json" } }
Authenticate
Two paths — a browser session for in-app calls, or a Partner API key for server-to-server. Pick the one that matches your integration.
Session cookie
in-appBrowser-driven sessions. Frappe sets the sid cookie on /api/method/login; send the CSRF token from frappe.csrf_token on POST/PUT/DELETE.
// Same-origin browser session await fetch("/api/method/login", { method:"POST", body:new URLSearchParams({usr, pwd}) }) fetch("/api/method/axk_network.api.verify.lookup_lot", { headers:{ "X-Frappe-CSRF-Token": frappe.csrf_token } })
Partner API key
serverEnterprise tier. Mint a per-partner key at /partners/signup. Sent as Authorization: ApiKey <key_id>:<secret>.
# Server-to-server with a Partner key
curl https://app.axk.org/api/partner/verify/LOT-2026-00001 \
-H "Authorization: ApiKey <key_id>:<secret>"
verify
Public lot verification — no auth required. Cryptographic verification of Lot anchors using the platform DID.
Public endpoint — no authentication required. Returns lot commodity, cooperative, XRPL anchor hash, EUDR compliance status, and quality inspections.
curl -X POST "https://app.axk.org/api/method/axk_network.api.verify.lookup_lot"
Verifies a Lot's payload hash against the platform DID public key. Returns whether the lot is cryptographically attested on-chain. No authentication required.
curl -X POST "https://app.axk.org/api/method/axk_network.api.verify.cryptographic_verify"
Partner-authenticated endpoint. Returns the same payload as cryptographic_verify but requires a valid Partner API Key. Header: `Authorization: ApiKey
curl "https://app.axk.org/api/partner/verify/{lot_ref}" \
-H "Authorization: ApiKey <key_id>:<secret>"
Public counters — totals visible on the verify landing page.
curl -X POST "https://app.axk.org/api/method/axk_network.api.verify.stats"
did
W3C DID Core 1.0 — did:axk method resolution and management.
W3C DID Resolution 1.0. Returns the DID Document JSON-LD with public key and verification methods. Response content-type: application/did+ld+json. No auth required.
curl "https://app.axk.org/api/method/axk_network.did.api.resolve"
Resolve the platform issuer DID document.
curl -X POST "https://app.axk.org/api/method/axk_network.api.did.get_did_document"
curl -X POST "https://app.axk.org/api/method/axk_network.did.api.create" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.did.api.deactivate" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.did.api.update" \ -H "Authorization: ApiKey <key_id>:<secret>"
events
Verification Event CRUD and confirmation flow.
Accepts quantity, grade, and GPS for independent dual-entry comparison.
curl -X POST "https://app.axk.org/api/method/axk_network.api.events.confirm_event" \ -H "Authorization: ApiKey <key_id>:<secret>"
The Farm Plot `harvest_history` child table (Farm Plot Harvest Row) is read-only in the desk and is an `istable` doctype, so it cannot be inserted standalone via /api/resource. This whitelisted method is the supported write path for offline field captures. `lot_reference` is the lot tag scanned in the field (ScanScreen). It maps onto the child row's first-class `lot_reference` Data field so the captured lot is preserved as structured data rather than buried in free-text notes. Caller must be able to write the Farm Plot (AXK Farmer / AXK Cooperative / AXK Inspector / admin per the doctype perms). GPS + notes are stashed on a document comment since the child row has no geo fields.
curl -X POST "https://app.axk.org/api/method/axk_network.api.events.create_harvest_record" \ -H "Authorization: ApiKey <key_id>:<secret>"
and blind-entry rules — the actor's pre-confirmation submission is only revealed to the actor themselves and to privileged roles.
curl -X POST "https://app.axk.org/api/method/axk_network.api.events.get_lot_timeline" \ -H "Authorization: ApiKey <key_id>:<secret>"
Manual AXK AI trigger — restricted to System Manager and AXK Admin.
curl -X POST "https://app.axk.org/api/method/axk_network.api.events.trigger_anhur_manual" \ -H "Authorization: ApiKey <key_id>:<secret>"
Manual XRPL trigger — restricted to System Manager and AXK Admin.
curl -X POST "https://app.axk.org/api/method/axk_network.api.events.trigger_xrpl_manual" \ -H "Authorization: ApiKey <key_id>:<secret>"
field-agent app — the geolocation evidence the EUDR Due Diligence Statement needs for plots > 4 ha (and stronger proof for smaller ones). `integrations/eudr_dds.build_dds` reads `Farm Plot.gps_polygon` straight into the DDS geolocation set, so saving it here is the whole wiring. `gps_polygon` is a GeoJSON Polygon ({"type":"Polygon","coordinates":[[[lng,lat], ...]]}), validated and stored on the plot's `gps_polygon` Long Text field. The point geolocation (gps_lat/gps_lng) is back-filled from the ring centroid when not already set, so one field capture populates BOTH EUDR representations. Auth mirrors create_harvest_record: the plot's farmer, a member of its cooperative, or an inspector/admin.
curl -X POST "https://app.axk.org/api/method/axk_network.api.events.update_plot_gps_polygon" \ -H "Authorization: ApiKey <key_id>:<secret>"
finance
Finance Eligibility Profile and scoring.
Get exporter's finance eligibility profile — public, restricted fields.
curl -X POST "https://app.axk.org/api/method/axk_network.api.finance.get_exporter_profile"
Public API for lot verification — restricted fields, no emails.
curl -X POST "https://app.axk.org/api/method/axk_network.api.finance.get_public_lot_verification"
`role` was historically honoured from the request payload as a "filter to this role's view" hint. That allowed any authenticated caller to request the stats of a higher-privilege role (e.g. AXK Bank) because the response builder trusted the string rather than re-deriving from the session. The parameter is kept in the signature for backwards compatibility but is now treated as an optional narrowing filter: it can only restrict to a role the caller already holds; any other value is ignored.
curl -X POST "https://app.axk.org/api/method/axk_network.api.finance.get_workspace_stats" \ -H "Authorization: ApiKey <key_id>:<secret>"
insurance
Insurance policy, claims, and premium operations.
and quoted premium are auto-filled by the policy controller's before_insert hook.
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.apply_for_policy" \ -H "Authorization: ApiKey <key_id>:<secret>"
Admin-only. Premium-before-cover: a policy cannot go Active until at least one in-good-standing Premium Payment is recorded (collect it via collect_premium first). This is the single money-in chokepoint — without it an unpaid policy was Active + claimable + payable.
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.bind_policy" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.collect_premium" \ -H "Authorization: ApiKey <key_id>:<secret>"
Available to any signed-in user; the underwriter can't expose private claim history because compute_risk only counts rows the caller already has read access to via the existing perm hooks.
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.get_quote" \ -H "Authorization: ApiKey <key_id>:<secret>"
Manager — providers should authenticate via a service-account user with that role, then POST to this endpoint.
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.ingest_oracle_reading" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.pay_claim" \ -H "Authorization: ApiKey <key_id>:<secret>"
Paginated list of claims under a policy.
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.query_claim_history" \ -H "Authorization: ApiKey <key_id>:<secret>"
Public read — policy perm hook enforces company scoping.
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.query_policy_status" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.submit_claim" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.insurance.api.transition_claim" \ -H "Authorization: ApiKey <key_id>:<secret>"
admin_console
Admin Console endpoints.
This is a pure read. Some sub-checks (CI token, backup db password) touch encrypted secrets; on a site whose encryption key was rotated or restored from another environment, Frappe's decrypt path emits "Failed to decrypt key" messages that pop up over the console. The snapshot has no legitimate user messages of its own, so we mute the message channel for its duration — the health rows still report configured/blocked accurately (those use the decryption-free _has_password store check).
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_console.snapshot" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the full Tenant doc + this month's SLA report + recent activity (anchor events, KYC submissions, payment events scoped to this tenant if linkages exist).
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_console.tenant_drilldown" \ -H "Authorization: ApiKey <key_id>:<secret>"
admin_portal
Admin Portal endpoints.
Backup state for /admin/backups: recent files + GCS posture.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.backups_view" \ -H "Authorization: ApiKey <key_id>:<secret>"
Controls grid + roadmap + residency map. Used by /admin/compliance.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.compliance_view" \ -H "Authorization: ApiKey <key_id>:<secret>"
Recent incidents + anchor/email failure rollups for /admin/incidents.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.incidents_view" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mermaid v11 erDiagram syntax — auto-generated from doctype meta. The /admin/schema page hydrates this into an SVG.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.schema_diagram" \ -H "Authorization: ApiKey <key_id>:<secret>"
`modules` is a comma-separated allowlist; defaults to AXK Network + AXK Mobility. Used by the ERD page's table panels.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.schema_tables" \ -H "Authorization: ApiKey <key_id>:<secret>"
Setup-health checklist driven by admin_console snapshot. Used by /admin/setup.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.setup_view" \ -H "Authorization: ApiKey <key_id>:<secret>"
SLA tiers + tenant list for /admin/sla picker.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.sla_view" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.snapshot" \ -H "Authorization: ApiKey <key_id>:<secret>"
List tenants with optional filters. Used by /admin/tenants.
curl -X POST "https://app.axk.org/api/method/axk_network.api.admin_portal.tenants_view" \ -H "Authorization: ApiKey <key_id>:<secret>"
ai
Ai endpoints.
Creates or appends to a persistent thread. dict with content, suggested_actions, metadata, thread_id
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.chat" \ -H "Authorization: ApiKey <key_id>:<secret>"
Delete a thread and all its messages.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.delete_thread" \ -H "Authorization: ApiKey <key_id>:<secret>"
Optionally cross-references against the linked Frappe record.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.extract_document" \ -H "Authorization: ApiKey <key_id>:<secret>"
Get all messages for a specific thread.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.get_thread_messages" \ -H "Authorization: ApiKey <key_id>:<secret>"
Get the current user's chat threads, most recent first.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.get_threads" \ -H "Authorization: ApiKey <key_id>:<secret>"
Create a new empty thread.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.new_thread" \ -H "Authorization: ApiKey <key_id>:<secret>"
Rename a thread.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.rename_thread" \ -H "Authorization: ApiKey <key_id>:<secret>"
Toggle the pinned status of a thread.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai.toggle_pin" \ -H "Authorization: ApiKey <key_id>:<secret>"
ai_compliance
Ai Compliance endpoints.
'Compliance' tab on the subject's form.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai_compliance.list_decisions_for" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the saved AXK AI Decision name + the parsed decision so the caller can show it inline. Failed AI calls are still recorded as Decision rows with `decision='Error'` so the audit trail is complete.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai_compliance.run_compliance_check" \ -H "Authorization: ApiKey <key_id>:<secret>"
ai_test
Ai Test endpoints.
Return provider → models[] for the picker UI.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai_test.catalogue" \ -H "Authorization: ApiKey <key_id>:<secret>"
`combos` is a JSON string like: [{"provider": "gemini", "model": "gemini-2.5-flash"}, {"provider": "anthropic", "model": "claude-haiku-4-5"}]
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai_test.run_compare" \ -H "Authorization: ApiKey <key_id>:<secret>"
Run a single (provider, model) call. Returns text + latency + cost.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ai_test.run_once" \ -H "Authorization: ApiKey <key_id>:<secret>"
announcements
Announcements endpoints.
Soft-delete (sets is_deleted, blanks body). Author or admin only.
curl -X POST "https://app.axk.org/api/method/axk_network.api.announcements.delete_comment" \ -H "Authorization: ApiKey <key_id>:<secret>"
Detail view of a single announcement; respects DocType perms.
curl -X POST "https://app.axk.org/api/method/axk_network.api.announcements.get" \ -H "Authorization: ApiKey <key_id>:<secret>"
caller's audience. Sorted newest first. Each row carries comment_count + reaction_counts + my_reactions (the kinds the caller has placed on it) so the client can render the social affordances without a follow-up call per row.
curl -X POST "https://app.axk.org/api/method/axk_network.api.announcements.list_active" \ -H "Authorization: ApiKey <key_id>:<secret>"
comments float to the top regardless of creation order. Replies nest under their parent_comment via the ``replies`` key.
curl -X POST "https://app.axk.org/api/method/axk_network.api.announcements.list_comments" \ -H "Authorization: ApiKey <key_id>:<secret>"
parent_comment. One-level threading only.
curl -X POST "https://app.axk.org/api/method/axk_network.api.announcements.post_comment" \ -H "Authorization: ApiKey <key_id>:<secret>"
(announcement, user, kind) via the doctype's expression-based name — re-reacting is a no-op.
curl -X POST "https://app.axk.org/api/method/axk_network.api.announcements.react" \ -H "Authorization: ApiKey <key_id>:<secret>"
Remove the caller's reaction of the given kind. No-op if absent.
curl -X POST "https://app.axk.org/api/method/axk_network.api.announcements.unreact" \ -H "Authorization: ApiKey <key_id>:<secret>"
atlas
Atlas endpoints.
Single concept + its aliases (platform + tenant + ai-learned).
curl -X POST "https://app.axk.org/api/method/axk_network.api.atlas.concept_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
Filtered concept list for the browser.
curl -X POST "https://app.axk.org/api/method/axk_network.api.atlas.list_concepts" \ -H "Authorization: ApiKey <key_id>:<secret>"
Top-level counts + per-bundle + per-domain stats for the landing view.
curl -X POST "https://app.axk.org/api/method/axk_network.api.atlas.overview" \ -H "Authorization: ApiKey <key_id>:<secret>"
backup_admin
Backup Admin endpoints.
stdout/stderr so the operator sees what happened.
curl -X POST "https://app.axk.org/api/method/axk_network.api.backup_admin.force_backup" \ -H "Authorization: ApiKey <key_id>:<secret>"
Where do off-site copies live + when was the last successful upload?
curl -X POST "https://app.axk.org/api/method/axk_network.api.backup_admin.gcs_status" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.backup_admin.list_recent_backups" \ -H "Authorization: ApiKey <key_id>:<secret>"
record counts, tear down. Reports actual RTO. Steps: 1. Take a fresh backup of the source site (so the drill exercises the most recent state). 2. Create the temp tenant via the standard provisioning path. 3. Restore the backup files into the new site. 4. Compare record counts between source + restored across a representative set of doctypes. 5. Drop the drill site (always, even if validation fails). 6. Return RTO + validation result. Drill itself is best-effort: a partial-restore failure surfaces in the response, doesn't crash the running site.
curl -X POST "https://app.axk.org/api/method/axk_network.api.backup_admin.run_restore_drill" \ -H "Authorization: ApiKey <key_id>:<secret>"
bank
Bank endpoints.
Returns portfolio-level numbers the bank cares about: total profiles, mean score, prime count, recent updates, total volume, total verified shipments.
curl -X POST "https://app.axk.org/api/method/axk_network.api.bank.bank_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
Same band + entity + corridor + search filters as list_finance_profiles. Capped at 5000 rows.
curl -X POST "https://app.axk.org/api/method/axk_network.api.bank.export_finance_profiles_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Paginated FEP list for the bank dashboard.
curl -X POST "https://app.axk.org/api/method/axk_network.api.bank.list_finance_profiles" \ -H "Authorization: ApiKey <key_id>:<secret>"
buyer
Buyer endpoints.
Returned in one round-trip so the wizard renders all steps without per-step fetches.
curl -X POST "https://app.axk.org/api/method/axk_network.api.buyer.buyer_onboard_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
Payload shape (all string-coerced through Frappe's whitelist): { "buyer_name": str (required, 2–140 chars) "business_type": str (required, one of _VALID_BUSINESS_TYPES) "country": str (required, must exist in tabCountry) "preferred_commodities": list[str] (optional) "preferred_grades": list[str] (optional) } Side effects: - Insert Buyer doc. - Append the caller as a Buyer Member with role=Owner so they get full visibility + management rights immediately. - Grant the AXK Buyer role on their User doc if missing. Refuses to create a second Buyer org if the user already has a Buyer Member row anywhere — admin bypass for support cases.
curl -X POST "https://app.axk.org/api/method/axk_network.api.buyer.create_buyer_org" \ -H "Authorization: ApiKey <key_id>:<secret>"
cart
Cart endpoints.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cart.cart_add" \ -H "Authorization: ApiKey <key_id>:<secret>"
then mark the cart Checked Out. Atomicity: a SELECT ... FOR UPDATE lock on the cart row serialises concurrent checkout attempts (double-click, two tabs, two devices). All AXK Order inserts and the cart status flip happen in the same transaction, so a failure mid-loop rolls everything back — there is no path that leaves some AXK Orders created with the cart still Active. Multi-org buyers: a user in multiple Buyer organisations must pass `buyer` explicitly. If they belong to only one, it is inferred. The previous behaviour silently filed every order under the first Buyer Member row, which was wrong for users with multiple affiliations. `delivery` / `payment` arrive as JSON strings from the JS layer.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cart.cart_checkout" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.cart.cart_clear" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.cart.cart_get" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.cart.cart_remove" \ -H "Authorization: ApiKey <key_id>:<secret>"
Price is NOT buyer-editable: this endpoint used to accept a buyer `unit_price` and store it verbatim, which was the P0 hole. It now ignores any incoming value and re-derives from the lot, so the line total can never be understated. Kept as a whitelisted endpoint so the UI can force a re-sync (e.g. after the seller repriced) without a full cart reload.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cart.cart_update_price" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.cart.cart_update_qty" \ -H "Authorization: ApiKey <key_id>:<secret>"
checkout
Checkout endpoints.
On Stripe success the order webhook (``stripe_order_webhook``) marks the order Paid and funds the linked escrow. Returns ``{ok, checkout_url, session_id}`` or an error dict.
curl -X POST "https://app.axk.org/api/method/axk_network.api.checkout.create_order_checkout" \ -H "Authorization: ApiKey <key_id>:<secret>"
Shape:: { "ok": True, "order": {name, total_amount, currency, lot, exporter_name, ...}, "wallet": {balance_axkt, can_pay_with_wallet, axkt_required}, "fiat": {stripe_available, currency, total_amount}, "topup_tiers": [1, 5, 10, 25, 50, 100], "rate": {axkt_per_usd, usd_per_order_currency}, }
curl -X POST "https://app.axk.org/api/method/axk_network.api.checkout.get_checkout_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
Side effects: - AXKT debited from buyer wallet via burn_for_action(action_code="order_settle") - AXK Order.status: Draft → Escrow Created - AXK Order.payment_rail: forced to ``crypto_direct`` (for audit clarity) - Linked Escrow Contract.status: Pending → Funded (if escrow exists) Idempotent — a second call on a non-Draft order returns the already- settled state.
curl -X POST "https://app.axk.org/api/method/axk_network.api.checkout.pay_with_wallet" \ -H "Authorization: ApiKey <key_id>:<secret>"
Stripe Checkout URL. After the buyer completes the top-up Stripe redirects to ``/app/axk-order/
curl -X POST "https://app.axk.org/api/method/axk_network.api.checkout.topup_and_pay" \ -H "Authorization: ApiKey <key_id>:<secret>"
cooperative
Cooperative endpoints.
The acceptor must be logged in (Guest throws) and the email on the invite must match their account email — we will not let a different user redeem a token addressed to someone else, even if they happen to share access to the inbox. Side effects: appends a Cooperative Member row for the user, grants the AXK Cooperative role, marks the invite Accepted + stamps accepted_at + created_user. Idempotent: already-Accepted invite returns success without re-adding the member row.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.accept_invite" \ -H "Authorization: ApiKey <key_id>:<secret>"
- status-group counts (on-marketplace / in-flight / settled / other) - settled revenue per currency (from linked AXK Orders that reached Settled status against this co-op's lots — that's the actual money landed) - pipeline value per currency (sum of asking_price for marketplace-visible lots — the supply value sitting in the showroom waiting for a buyer)
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.cooperative_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
Payload shape (everything as strings — Frappe whitelist coerces): { "cooperative": str (required for admin; auto-resolved otherwise), "commodity_type": str (required), "corridor": str (required), "quantity": float (required, > 0), "unit": "kg" | "MT" (default kg), "grade": str (optional), "processing_method": "Washed"|"Natural"|"Honey" (optional), "exporter": str (optional), "lot_reference": str (optional) } Validation ---------- - Auth: caller must be a Cooperative Member (admin bypass). - Cooperative resolution: - Non-admin with exactly 1 membership → that coop is forced. - Non-admin with multiple memberships → caller must specify a value matching one of their memberships. - Admin must specify a cooperative explicitly. - All linked records (commodity, corridor, exporter, grade) validated by `frappe.db.exists` before doc creation so a typo from a hand-rolled call produces a clear 400. - Quantity must be a positive number. Returns the new Lot doc name so the wizard can route to the listing page or admin form.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.create_lot" \ -H "Authorization: ApiKey <key_id>:<secret>"
Same filter semantics as list_incoming_orders. Capped at 5000.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.export_incoming_orders_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Respects the active filter + search term, same as list_lots. Capped at 5000 rows.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.export_lots_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Auth: caller must be an Owner of the target cooperative, or an admin (System Manager / AXK Admin). Owner is enforced via a direct SQL probe on the Cooperative Member table so a Manager cannot escalate by adding more Owners. Idempotency ----------- If a Pending invite for (cooperative, invitee_email) already exists, we resend the email + bump expires_at instead of creating a duplicate row. Accepted / Revoked rows do not block a new invite — sometimes you really do want to re-invite. Returns the invite name + status so the front-end can render a confirmation toast.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.invite_member" \ -H "Authorization: ApiKey <key_id>:<secret>"
Producers care about "who is buying my stuff" — this is the demand side of the cooperative dashboard. Mirrors the my-orders / exporter-home envelope shape so the front-end is consistent.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.list_incoming_orders" \ -H "Authorization: ApiKey <key_id>:<secret>"
Visible to Owners + admins. Pending only — Accepted/Revoked/ Expired live on the doctype list view for audit.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.list_invites" \ -H "Authorization: ApiKey <key_id>:<secret>"
marketplace. The Lot doctype controller enforces the forward-only status progression (Draft → Listed → Notarized → ...) so we just call `db.set_value` after the membership + state checks. The Xahau anchor lifecycle is handled by the existing retry_checkpoint_proof scheduler once the lot is Listed, so this RPC does NOT trigger an inline anchor — that would block the user on a slow ledger round-trip. Auth: caller must be a Cooperative Member of the lot's cooperative (admin bypass). Idempotent: re-listing a Listed lot returns success without an extra DB write.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.list_lot" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mirrors the buyer / exporter envelope shape so the front-end pattern is the same across all three dashboards.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.list_lots" \ -H "Authorization: ApiKey <key_id>:<secret>"
The oversight view: a cooperative manager sees every member farm it aggregates from — who they are, what they grow, how big, where, and whether the plot is verified. Read-only; mirrors the list_lots envelope so the dashboard reuses the same front-end machinery.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.list_member_plots" \ -H "Authorization: ApiKey <key_id>:<secret>"
modal prefills authoritative data (the list row may not carry every field). Also returns whether the lot is still in an editable state.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.lot_edit_values" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the dropdown sets and the caller's cooperative membership in a single round-trip so the wizard renders all steps without per-step fetches. Admins see ALL cooperatives so they can create lots on behalf of any producer.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.lot_wizard_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the plot count per status family + distinct member-farmer count + total area, scoped to the caller's cooperatives. One round trip so the front-end can paint the chips without per-status probes.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.member_farm_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
Used on /app/cooperative-home as a "money in" feed at the top of the page — what the producer cares about most. Returns just the last `limit` settled orders (default 5), newest first, with the lot reference + buyer + commodity + amount + currency + settled date so the cooperative can recognise each payout at a glance. Tap-through opens the order detail page via the existing card click handler on the front-end.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.recent_settlements" \ -H "Authorization: ApiKey <key_id>:<secret>"
Auth: Owner of the parent cooperative, or admin. Idempotent — revoking an already-Revoked or Accepted invite returns success without an extra write.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.revoke_invite" \ -H "Authorization: ApiKey <key_id>:<secret>"
(Listed -> Draft) a lot from the owner's interface. A published lot is visible on the marketplace; unpublishing pulls it back to a draft. Locked once the lot is sold.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.set_lot_listed" \ -H "Authorization: ApiKey <key_id>:<secret>"
Powers the sparkline in the Settled revenue summary card. Returns one series per currency so a co-op trading USD + EUR sees two sparklines instead of a mixed line that loses meaning. Shape: { "days": int, "series": { "USD": [{"day": "2026-05-01", "value": 12345.67}, ...], "EUR": [...] } } Each series has exactly N entries (oldest first, today last), zero-filled for days with no settlements so the front-end can render a continuous line without gap detection. Window clamped [7, 90] so a malicious caller cannot make us aggregate years.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.settled_revenue_trend" \ -H "Authorization: ApiKey <key_id>:<secret>"
Used by the Recent settlements row drawer on cooperative-home — surfaces the rail (XRPL / SWIFT / etc.), the release tx hash, the AXKT mint hash, and the settlement timestamp so the producer can confirm money arrived without opening a separate page. Scope: same Cooperative Member filter as the rest of the cooperative APIs. Returns {} if the user cannot see the order.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.settlement_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
the native doctype form. Only the listing owner (cooperative or exporter member; admin bypass) may edit, only while the lot is still pre-sale, and only the allow-listed listing fields. Each linked value is validated.
curl -X POST "https://app.axk.org/api/method/axk_network.api.cooperative.update_lot" \ -H "Authorization: ApiKey <key_id>:<secret>"
detail
Detail endpoints.
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.claim_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.escrow_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.fact_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.fep_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.inspection_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.mandate_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.order_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.policy_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.shipment_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.detail.transport_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
dns_admin
Dns Admin endpoints.
per-name records, e.g. to enable Let's Encrypt per subdomain).
curl -X POST "https://app.axk.org/api/method/axk_network.api.dns_admin.add_tenant_a_record" \ -H "Authorization: ApiKey <key_id>:<secret>"
to the AXK prod LB IP. Idempotent.
curl -X POST "https://app.axk.org/api/method/axk_network.api.dns_admin.ensure_wildcard_a_record" \ -H "Authorization: ApiKey <key_id>:<secret>"
Diagnostic — does cPanel accept our token, is wildcard already set?
curl -X POST "https://app.axk.org/api/method/axk_network.api.dns_admin.status" \ -H "Authorization: ApiKey <key_id>:<secret>"
documents
Documents endpoints.
AI-compose a new document; optionally ground in a Mesh ConceptQuery.
curl -X POST "https://app.axk.org/api/method/axk_network.api.documents.compose" \ -H "Authorization: ApiKey <key_id>:<secret>"
Render a Print Format against a record into a PDF.
curl -X POST "https://app.axk.org/api/method/axk_network.api.documents.generate" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mint a public share token without anchoring.
curl -X POST "https://app.axk.org/api/method/axk_network.api.documents.share" \ -H "Authorization: ApiKey <key_id>:<secret>"
Anchor an existing AXK Document on Xahau + mint share token.
curl -X POST "https://app.axk.org/api/method/axk_network.api.documents.sign" \ -H "Authorization: ApiKey <key_id>:<secret>"
Lightweight status poll for the compose page.
curl -X POST "https://app.axk.org/api/method/axk_network.api.documents.status" \ -H "Authorization: ApiKey <key_id>:<secret>"
erp
Erp endpoints.
The request body is whatever the ERP sent — XML or JSON. We read `frappe.request` directly so the raw bytes are intact for HMAC verification (Frappe's argument parsing would normalise + drop the signature surface). 200 OK : {ok: True, mandate_name, mandate_status, idempotent_replay} 4xx : PermissionError / ValidationError raised → frappe renders an exception JSON 5xx : genuine infra failure — corporate ESB will retry
curl -X POST "https://app.axk.org/api/method/axk_network.api.erp.ingest_po"
erp_intake
Erp Intake endpoints.
Reads the raw request body so the HMAC signature can be recomputed against the exact bytes the partner sent. Verifies integration + signature + timestamp, validates the payload, short-circuits on duplicate external_ref, then creates the AXK Order and submits it (which fires the escrow-creation hook). Returns the order + escrow + funding instructions.
curl -X POST "https://app.axk.org/api/method/axk_network.api.erp_intake.submit_order"
eudr
Eudr endpoints.
curl -X POST "https://app.axk.org/api/method/axk_network.api.eudr.list_packages" \ -H "Authorization: ApiKey <key_id>:<secret>"
KPI counts for the cockpit header.
curl -X POST "https://app.axk.org/api/method/axk_network.api.eudr.overview" \ -H "Authorization: ApiKey <key_id>:<secret>"
map-ready plots and the traceability chain into a readable timeline.
curl -X POST "https://app.axk.org/api/method/axk_network.api.eudr.package_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
Calls the EudrDdsAdapter (currently a stub that returns a mock reference until the EU IS / TRACES credentials are provisioned) and persists the reference + status on the package. Ownership-gated; only on a Generated/Passed package.
curl -X POST "https://app.axk.org/api/method/axk_network.api.eudr.submit_to_eu" \ -H "Authorization: ApiKey <key_id>:<secret>"
exporter
Exporter endpoints.
Mechanics: AXK Order is a submittable doctype. `events.order.on_submit` auto-creates the Escrow Contract from the order's totals + the corridor's fee config, flips the order's status to 'Escrow Created', marks the lot as Sold, and enqueues the escrow-service mirror. So "accepting" the order is just submitting it — every downstream side effect already lives in that hook. Permission posture ------------------ Auth: caller must be an Exporter Member of the order's exporter org (admin / System Manager bypass). The membership check runs BEFORE we touch the order so a wrong-buyer attempt never produces a Frappe audit-log entry under the attacker's name. Inside the lock we re-verify status to defend against a double-tap (two browser tabs both clicking Accept on the same Draft). Concurrency ----------- SELECT ... FOR UPDATE on the order row inside the transaction. If two exporters race the same Draft, the second one waits for the first to commit, then sees status='Escrow Created' and exits with a clean already-accepted message rather than creating a second Escrow Contract or double-firing the on_submit hook. { "name": "ORD-...", "status": "Escrow Created", "escrow": "ESC-..." | None, "message": user-friendly summary string, }
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.accept_order" \ -H "Authorization: ApiKey <key_id>:<secret>"
Without this RPC, an exporter who reviews an inbound Draft and decides they cannot ship it has no clean exit — they either leave it sitting in Draft forever or wait for the buyer to cancel. Decline flips the order to Cancelled and surfaces the reason back to the buyer so they can retry with another exporter. Auth: caller must be an Exporter Member of the order's exporter org (admin / System Manager bypass). Membership SQL runs FIRST so a wrong-exporter attempt never produces an audit-log entry under the attacker's name. Safety: - order.status MUST be 'Draft'. Once the escrow has opened ('Escrow Created') the exporter cannot decline — they must either ship or go through the dispute path. - Idempotent: if the order is already Cancelled, return success with the existing state rather than fighting the state machine.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.decline_order" \ -H "Authorization: ApiKey <key_id>:<secret>"
Respects the current status_filter + search term. Honours the same Exporter Member visibility filter as list_orders. Capped at 5000 rows so a single click cannot accidentally pull a multi-GB dump.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.export_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns status counts + total pipeline value per currency. Used by the front-end to render the hero strip (awaiting action / in escrow / settled / total pipeline) in a single round-trip.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.exporter_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the same envelope shape as axk_network.api.orders.list_orders.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.list_orders" \ -H "Authorization: ApiKey <key_id>:<secret>"
`In Transit` state and stamps the order with the shipment link. This unlocks the "In Transit" step on the order timeline that until now was always blank — the buyer can finally see WHERE their goods are. Auth: caller must be an Exporter Member of the order's exporter org (admin / System Manager bypass). Membership SQL FIRST. Safety: - Order must be in 'Escrow Created' (escrow has been funded). Marking shipped before escrow is funded would mean the exporter is shipping uncovered goods — we block that with a clear error. - If a shipment already exists on the order, return idempotent success with the existing shipment name. Stops a double-tap from creating two shipments. - All fields except order_name are optional. Carrier + tracking are strongly recommended in the UI but technically not required (some exporters use unbranded carriers).
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.mark_shipped" \ -H "Authorization: ApiKey <key_id>:<secret>"
Same money-in lens the cooperative dashboard ships. Scoped through Exporter Member (admin bypass), 1–20 clamp, newest first. Returns the columns needed to render a tap-through row on /app/exporter-home.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.recent_settlements" \ -H "Authorization: ApiKey <key_id>:<secret>"
self-release the buyer's funds — that was a trust-model hole: a seller could move the buyer's money to themselves without ever delivering. Release is now buyer-driven (the buyer confirms delivery via axk_network.api.orders.confirm_delivery_and_release), with the dual-confirm delivery path and admin dispute resolution as the other routes to Released. This function survives only as an admin backstop — e.g. an operator settling a stuck escrow after an offline buyer confirmation. It is gated to System Manager / AXK Admin; any non-admin caller (including an exporter member, and including a crafted RPC POST) is refused BEFORE we touch the escrow, so a wrong party never produces audit-log noise under their name. Safety ------ - Escrow status MUST be 'Funded'. Released / Disputed / Cancelled return an idempotent message instead of fighting the state machine. Pending = "not yet funded by buyer", which is a genuine error worth surfacing. - The actual release goes through axk_network.escrow.execute_release — the full settlement (escrow-service transfer, ledger anchor, hook dispatch, then the Funded → Released transition). We never touch the money directly here.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.release_order_escrow" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mirrors `cooperative.settled_revenue_trend` for the exporter side. Scope = Exporter Member (admin bypass). Window clamped [7, 90]. Zero-fills missing days so the front-end can render a continuous polyline without gap logic.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter.settled_revenue_trend" \ -H "Authorization: ApiKey <key_id>:<secret>"
exporter_onboard
Exporter Onboard endpoints.
Payload shape: { "exporter_name": str (required, 2–140 chars) "country": str (required, must exist in tabCountry) "registration_number": str (optional) "customs_code": str (optional) } Side effects: - Insert Exporter doc. - Append the caller as an Exporter Member with role=Owner. - Grant the AXK Exporter role on their User doc if missing. Refuses to create a second Exporter org if the user already has any Exporter Member row — admin bypass for support cases.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter_onboard.create_exporter_org" \ -H "Authorization: ApiKey <key_id>:<secret>"
Bundle of dropdowns + the caller's existing membership status.
curl -X POST "https://app.axk.org/api/method/axk_network.api.exporter_onboard.exporter_onboard_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
farmer
Farmer endpoints.
Pool un-aggregated member harvests into a single Lot.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.aggregate_harvests_into_lot" \ -H "Authorization: ApiKey <key_id>:<secret>"
list_my_lots.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.export_my_lots_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
edit modal prefills authoritative data (the list row may not carry every field). Also returns whether the plot is still in an editable state.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.farm_plot_edit_values" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the commodities the platform tracks and the cooperatives the caller can file plots / aggregate under (their own memberships; admins see all). Kept tiny so the page can populate the Register-plot and Aggregate modals in a single round-trip.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.farmer_form_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns: active plots, total area, lots produced (lifetime), total volume kg, FEP score if the farmer has a profile.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.farmer_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
Auth: the plot owner, a member of the plot's cooperative, or an admin.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.get_plot_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
Harvests are child rows (Farm Plot Harvest Row) on the Farm Plot, so we join the rows to the plots and reuse the same farmer/cooperative visibility filter as the plot list. Read-only browse view (recording stays via ``record_harvest``).
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.list_my_harvests" \ -H "Authorization: ApiKey <key_id>:<secret>"
Paginated Lot list scoped to the caller's farm plots.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.list_my_lots" \ -H "Authorization: ApiKey <key_id>:<secret>"
Paginated Farm Plot list for the calling farmer.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.list_my_plots" \ -H "Authorization: ApiKey <key_id>:<secret>"
plot's harvest history. Auth: the plot owner, a member of the plot's cooperative, or an admin.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.record_harvest" \ -H "Authorization: ApiKey <key_id>:<secret>"
verification). Linked to the caller via the `farmer` field so the plot permissions + their dashboard pick it up.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.register_farm_plot" \ -H "Authorization: ApiKey <key_id>:<secret>"
native doctype form. Only the plot owner (the linked farmer or a member of the plot's cooperative; admin bypass) may edit, only while the plot is still Draft or Verified, and only the allow-listed descriptive fields. Each value is validated. Returns {name, changed, message}.
curl -X POST "https://app.axk.org/api/method/axk_network.api.farmer.update_farm_plot" \ -H "Authorization: ApiKey <key_id>:<secret>"
fep
Fep endpoints.
The token is a UUID4 hex string generated when the FEP is first issued (or rotated via ``regenerate_shareable_link``). It is the only secret that distinguishes a lender who has been granted a view from a stranger; FEPs are not enumerable by URL otherwise. Tokens honour ``shareable_link_expires_at`` (post-expiry → reject) and ``shareable_link_revoked`` (manual revocation → reject). Both rejections still log to the audit trail for forensic purposes. The response is watermarked per caller and the watermark is HMAC- bound to the platform key so a stripped or forged watermark fails verification. ``{ok, profile, watermark, watermark_hmac, verification, …}`` on success; ``{ok: False, error, code}`` on miss / expiry / revocation.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.get_by_token"
Same access semantics as ``get_by_token`` (revocation + expiry + rate limit + access log), but the payload is a standards-compliant Verifiable Credential 2.0 with an Ed25519Signature2020 proof. Lenders using off-the-shelf VC verifiers (SpruceID, Trinsic, Microsoft Entra Verified ID) can validate this without writing AXK Network-specific code: 1. Resolve issuer DID (did:web:
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.get_by_token_vc"
their eligibility score. Surfaces the FEP as a behavioural lever, not a black box: each suggestion comes with the points it would unlock and the underlying record the owner needs to add (a verified shipment, an inspection, a new buyer, a dispute resolution, etc.).
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.get_my_advice" \ -H "Authorization: ApiKey <key_id>:<secret>"
credentialStatus.id. Returns ``{revoked: bool, expires_at?}``.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.get_status"
Used after a suspected leak, after a deal closes, or on a routine rotation cadence.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.regenerate_shareable_link" \ -H "Authorization: ApiKey <key_id>:<secret>"
return ``code: revoked``. Use after a suspected leak to surface the revocation reason to the recipient. Regenerate to issue a new one.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.revoke_shareable_link" \ -H "Authorization: ApiKey <key_id>:<secret>"
itself. Use to extend a deal-in-progress or cut a leaked link short.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.set_link_expiry" \ -H "Authorization: ApiKey <key_id>:<secret>"
Pure offline verification — no DB read of FEP rows. The caller posts the canonical ``score_json`` (or release manifest JSON) and the hex signature. The server walks **current + retired platform keys** looking for one that validates — so signatures from a previously-active key continue to verify after rotation. The caller can override which key to try via ``public_key_hex``; otherwise we try the kid embedded in the canonical payload first, then fall back to walking every known key. Returns ``{verified, computed_hash, signer, kid, error?}``.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.verify"
The artefact embeds (canonical_score_json, watermark, watermark_hmac, profile, token, issued_at, kid) under a single ED25519 signature. Tampering with any field — including stripping the watermark — breaks verification. Returns ``{verified, kid, computed_hash, embedded: {...}, error?}``.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.verify_artefact"
Accepts the credential as either a JSON string (POST body) or a dict (when called from Python). Returns the standard ``{verified, kid, signer, computed_digest, ...}`` shape.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.verify_vc"
Useful in litigation: "this artefact was received by lender X on date Y" — recompute the HMAC and confirm it matches. Returns ``{verified, expected_hmac, error?}``.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fep.verify_watermark"
fleet
Fleet endpoints.
List the current driver's vehicle inspections, newest first.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fleet.list_my_inspections" \ -H "Authorization: ApiKey <key_id>:<secret>"
`items` is a JSON list of {item_key/id, label, section, result|checked, note}. Returns {name, status, overall_result}.
curl -X POST "https://app.axk.org/api/method/axk_network.api.fleet.submit_inspection" \ -H "Authorization: ApiKey <key_id>:<secret>"
health
Health endpoints.
dict: { "status": "healthy" | "degraded", "timestamp": str, "checks": { "database": str, "cache": str, "ai_provider": str, "workers": str, "xahau_chain": str, "axk_ai_provider": str, "recent_ai_call_log_error_rate": str, } } frappe.PermissionError: When caller lacks Platform Admin role.
curl -X POST "https://app.axk.org/api/method/axk_network.api.health.system_health" \ -H "Authorization: ApiKey <key_id>:<secret>"
inspector
Inspector endpoints.
Optional note recorded as a Frappe comment on the inspection doc so the audit trail is preserved. Refuses to act on anything other than Submitted — admins cannot accidentally "approve" a Draft or re-approve an already-approved record.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector.admin_approve_inspection" \ -H "Authorization: ApiKey <key_id>:<secret>"
Reason is required — a rejection without a written reason is unhelpful and leaves the inspector no way to fix the issue. Same state precondition as approve.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector.admin_reject_inspection" \ -H "Authorization: ApiKey <key_id>:<secret>"
Honours the same visibility filter as list_my_inspections — inspectors see their own work, admin sees all. Capped at 5000 rows.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector.export_my_inspections_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Envelope shape mirrors list_orders / list_my_disputes so the same prev/next pill component habits apply. JOINs Lot so the UI can show the commodity + cooperative without an extra round-trip.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector.list_my_inspections" \ -H "Authorization: ApiKey <key_id>:<secret>"
Auth: caller must be the inspector on record (admin / System Manager bypass). Once Submitted the row is read-only for the inspector; only an admin can Approve or Reject. Idempotent on already-Submitted/Approved/Rejected — returns success with the current status rather than fighting the state machine.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector.submit_inspection" \ -H "Authorization: ApiKey <key_id>:<secret>"
inspector_workbench
Inspector Workbench endpoints.
Full detail of one inspection for the read-only detail view.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector_workbench.get_inspection" \ -H "Authorization: ApiKey <key_id>:<secret>"
early (pre-verified) state. Paginated; searchable by lot id / commodity.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector_workbench.list_queue" \ -H "Authorization: ApiKey <key_id>:<secret>"
the inspector's own pipeline (Submitted / Approved / Rejected).
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector_workbench.overview" \ -H "Authorization: ApiKey <key_id>:<secret>"
recorded findings. Result: a Submitted AXK Quality Inspection awaiting approval. Idempotent: refuses a second open (Draft/Submitted) inspection by the same inspector on the same lot.
curl -X POST "https://app.axk.org/api/method/axk_network.api.inspector_workbench.record_inspection" \ -H "Authorization: ApiKey <key_id>:<secret>"
insurance_dashboard
Insurance Dashboard endpoints.
Records `approved_amount` and transitions the claim to Approved (the payout itself happens via a subsequent pay_claim call from the insurance api). Auth: caller must be an Insurance Agent on the policy's insurer company (or admin). State precondition: Filed or Under Review only.
curl -X POST "https://app.axk.org/api/method/axk_network.api.insurance_dashboard.agent_approve_claim" \ -H "Authorization: ApiKey <key_id>:<secret>"
Reason is required — a rejection without a written reason leaves the insured no path to dispute or refile.
curl -X POST "https://app.axk.org/api/method/axk_network.api.insurance_dashboard.agent_reject_claim" \ -H "Authorization: ApiKey <key_id>:<secret>"
Download the insurance agent's policy portfolio as CSV.
curl -X POST "https://app.axk.org/api/method/axk_network.api.insurance_dashboard.export_my_policies_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns: active policies, total coverage, premium collected, claims pending count, claims paid total, loss ratio (paid / premium).
curl -X POST "https://app.axk.org/api/method/axk_network.api.insurance_dashboard.insurance_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
insurer company.
curl -X POST "https://app.axk.org/api/method/axk_network.api.insurance_dashboard.list_my_policies" \ -H "Authorization: ApiKey <key_id>:<secret>"
insures. Ordered oldest-first so the longest-waiting claim rises to the top.
curl -X POST "https://app.axk.org/api/method/axk_network.api.insurance_dashboard.list_pending_claims" \ -H "Authorization: ApiKey <key_id>:<secret>"
integration
Integration endpoints.
Trigger immediate health check on all services.
curl -X POST "https://app.axk.org/api/method/axk_network.api.integration.check_all_services" \ -H "Authorization: ApiKey <key_id>:<secret>"
Get all data needed to render the Integration Hub dashboard.
curl -X POST "https://app.axk.org/api/method/axk_network.api.integration.get_hub_data" \ -H "Authorization: ApiKey <key_id>:<secret>"
Get recent logs for a specific service.
curl -X POST "https://app.axk.org/api/method/axk_network.api.integration.get_service_logs" \ -H "Authorization: ApiKey <key_id>:<secret>"
Re-queue a failed integration log entry.
curl -X POST "https://app.axk.org/api/method/axk_network.api.integration.retry_log" \ -H "Authorization: ApiKey <key_id>:<secret>"
Rotate API/JWT/Webhook/OAuth credentials and verify health.
curl -X POST "https://app.axk.org/api/method/axk_network.api.integration.rotate_service_credential" \ -H "Authorization: ApiKey <key_id>:<secret>"
Test connectivity to a single service. Returns status and response time.
curl -X POST "https://app.axk.org/api/method/axk_network.api.integration.test_service" \ -H "Authorization: ApiKey <key_id>:<secret>"
iot
Iot endpoints.
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.device_status" \ -H "Authorization: ApiKey <key_id>:<secret>"
Re-run cross-reference for one Reading.
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.force_cross_ref" \ -H "Authorization: ApiKey <key_id>:<secret>"
Single-reading ingest. Authenticates via X-AXK-Device-* headers.
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.ingest"
Batch ingest. `readings` may be a JSON list or a list of dicts.
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.ingest_bulk"
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.list_readings" \ -H "Authorization: ApiKey <key_id>:<secret>"
Summary for the /admin/iot page.
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.overview" \ -H "Authorization: ApiKey <key_id>:<secret>"
Register a new IoT Device. Returns the device_token (shown ONCE).
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.register" \ -H "Authorization: ApiKey <key_id>:<secret>"
Rotate a device's token. The plaintext is returned ONCE.
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.rotate_device_token" \ -H "Authorization: ApiKey <key_id>:<secret>"
Force a Merkle-checkpoint anchor of pending readings.
curl -X POST "https://app.axk.org/api/method/axk_network.api.iot.run_anchor_sweep" \ -H "Authorization: ApiKey <key_id>:<secret>"
lead_intake
Lead Intake endpoints.
Reads the Lead, derives the entity_type, creates an Onboarding Invitation, generates a token, fires the branded invite email, and posts a Comment back on the Lead with the invitation reference. Returns the new invitation name + the kyc URL. Whitelisted, requires a real session (not allow_guest). Used by the Lead client script "Send Onboarding Invite" button.
curl -X POST "https://app.axk.org/api/method/axk_network.api.lead_intake.send_invite_for_lead" \ -H "Authorization: ApiKey <key_id>:<secret>"
naming, attaches a structured comment, and emails confirmation + admin notification. Backward compatible with the legacy `/enterprise` payload (which didn't include `client_type`) — defaults to `other` in that case.
curl -X POST "https://app.axk.org/api/method/axk_network.api.lead_intake.submit"
leads
Leads endpoints.
shared token) may call this; direct internet hits are rejected with 403.
curl -X POST "https://app.axk.org/api/method/axk_network.api.leads.submit_lead"
mandates
Mandates endpoints.
Payload shape: { "buyer_org": str (required; admin must specify, non-admin must be Owner of it) "kind": "Open" | "Bounded" (required) "title": str (optional, defaults to "Mandate
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.create_mandate" \ -H "Authorization: ApiKey <key_id>:<secret>"
Respects the current status_filter + search term. Honours the same Buyer Member visibility filter as list_mandates. Capped at 5000 rows.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.export_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the same envelope shape as axk_network.api.orders.list_orders so the page client code can be a near-clone of /my-orders. Envelope: { "rows": [
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.list_mandates" \ -H "Authorization: ApiKey <key_id>:<secret>"
edit modal prefills authoritative data (the list row may not carry every field). Also returns whether the mandate is still in an editable state.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.mandate_edit_values" \ -H "Authorization: ApiKey <key_id>:<secret>"
Powers the commodity filter dropdown on /app/mandates. Honours the same Buyer Member visibility filter as list_mandates (admin bypass), so the options only ever reflect commodities the caller actually has mandates for — no leakage of other orgs' commodity scopes. Non-empty values only, alphabetical.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.mandate_filter_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns total counts split by kind + status, total remaining budget across all Active Bounded mandates (per currency, since mandates can be denominated in different currencies and summing naively across them is wrong).
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.mandate_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns the caller's buyer-orgs they own, currency allow-list, commodity dropdown, and the is_admin flag in a single round-trip so the wizard renders all steps without per-step fetches.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.mandate_wizard_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
never the native doctype form. Only a member of the mandate's buyer_org (admin bypass) may edit, only while the mandate is still Active, and only the allow-listed buyer-editable fields. Each value is validated.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mandates.update_mandate" \ -H "Authorization: ApiKey <key_id>:<secret>"
mesh_explorer
Mesh Explorer endpoints.
{ concept, is_a: [
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_explorer.explore_concept" \ -H "Authorization: ApiKey <key_id>:<secret>"
Concept Relation table — the explorable concepts. Each row is one distinct in-force `subject_concept` decorated with its in-force relation count and a flag for whether it declares an is_a edge (i.e. it is a class node rather than a state / guard node). only_classes=1 hides the synthetic `
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_explorer.list_concepts" \ -H "Authorization: ApiKey <key_id>:<secret>"
mesh_import
Mesh Import endpoints.
Parse + match headers. Returns proposed mapping for the user to confirm.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_import.analyse_file" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns {created, updated, skipped, errors[]}.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_import.commit_mapping" \ -H "Authorization: ApiKey <key_id>:<secret>"
target the caller is allowed to import. Columns are exactly the importer's projected fields; the tenant key is set server-side, so it is NOT a column.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_import.download_template" \ -H "Authorization: ApiKey <key_id>:<secret>"
Target doctypes the current user may import into.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_import.importable_targets" \ -H "Authorization: ApiKey <key_id>:<secret>"
mesh_oversight
Mesh Oversight endpoints.
entities — the regulator activity feed. Each row is a Fact Entity decorated with: its tenant region (jurisdiction), count of current fact values, count of those that are anchored (attested), and whether it has been projected to a native doctype. Filters by sector (entity_type), jurisdiction (tenant region) and commodity (current agri.commodity fact value). Search matches entity name / external id / DID / entity_type. Returns the standard envelope: {rows, total_count, limit_start, limit_page_length, has_more, q, sort, sector, jurisdiction, commodity}
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_oversight.list_mesh_activity" \ -H "Authorization: ApiKey <key_id>:<secret>"
sectors — distinct Fact Entity.entity_type jurisdictions— distinct AXK Tenant.region across entities commodities — distinct current agri.commodity Fact Value.value_text Each facet is capped so a pathological mesh cannot blow up the response. Used only to populate the UI selects; the actual filtering is enforced server-side in list_mesh_activity.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_oversight.mesh_facets" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns network-wide mesh counts: total fact entities, total current fact values, in-force concept relations, anchored attestations (fact values + verified answers that carry a cryptographic anchor), entities seen in the last 24h (indexing pipeline liveness) and the anchored-attestation coverage rate.
curl -X POST "https://app.axk.org/api/method/axk_network.api.mesh_oversight.mesh_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
messaging
Messaging endpoints.
Return the caller's message thread, oldest-first, and mark peer msgs read.
curl -X POST "https://app.axk.org/api/method/axk_network.api.messaging.get_thread" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mark all peer messages in the caller's thread as read.
curl -X POST "https://app.axk.org/api/method/axk_network.api.messaging.mark_read" \ -H "Authorization: ApiKey <key_id>:<secret>"
Append a message from the caller to their thread.
curl -X POST "https://app.axk.org/api/method/axk_network.api.messaging.send_message" \ -H "Authorization: ApiKey <key_id>:<secret>"
notification_prefs
Notification Prefs endpoints.
Return the caller's bell + email preference flags.
curl -X POST "https://app.axk.org/api/method/axk_network.api.notification_prefs.get_my_preferences" \ -H "Authorization: ApiKey <key_id>:<secret>"
Payload accepts any subset of the eight known keys (four bell + four email). Missing keys keep their current value. Values are normalised to 0/1 so the client can pass booleans, "true"/"false", or "0"/"1".
curl -X POST "https://app.axk.org/api/method/axk_network.api.notification_prefs.set_my_preferences" \ -H "Authorization: ApiKey <key_id>:<secret>"
notifications
Notifications endpoints.
tokens so one user can't deregister another user's device by its token.
curl -X POST "https://app.axk.org/api/method/axk_network.api.notifications.deregister_push_token" \ -H "Authorization: ApiKey <key_id>:<secret>"
Upsert the caller's device push token.
curl -X POST "https://app.axk.org/api/method/axk_network.api.notifications.register_push_token" \ -H "Authorization: ApiKey <key_id>:<secret>"
onboarding
Onboarding endpoints.
without the old practice of writing live OTPs to the Error Log. Default (reveal falsy): re-trigger normal OTP delivery for the invitation and report which channel handled it (admin-initiated resend). reveal truthy: break-glass for when no phone channel is configured / reachable — mint a fresh OTP, store only its hash, and return the code ONLY in this authenticated System-Manager response (it is never written to any log). The reveal is recorded as a security event (admin + invitation + time; the code itself is NOT stored), so every break-glass use is traceable. The admin relays the code out-of-band.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.admin_otp_recovery" \ -H "Authorization: ApiKey <key_id>:<secret>"
dict: {success, user_email, message}
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.approve_invitation" \ -H "Authorization: ApiKey <key_id>:<secret>"
Create invitations from a list of dicts (CSV upload).
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.bulk_invite" \ -H "Authorization: ApiKey <key_id>:<secret>"
Poll for onboarding completion status.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.check_progress"
Self-serve registration without an invitation.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.cold_register"
Create an onboarding invitation and return the token URL.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.create_invitation" \ -H "Authorization: ApiKey <key_id>:<secret>"
Called from the Onboarding Invitation form Reject button. Doesn't create or modify a User row.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.reject_invitation" \ -H "Authorization: ApiKey <key_id>:<secret>"
failure or applicant losing the link). Same token, same URL — so we don't invalidate prior submissions in flight.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.resend_invitation" \ -H "Authorization: ApiKey <key_id>:<secret>"
Search for institutions by name (for cold cooperative registration).
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.search_institutions"
Send OTP via WhatsApp, then SMS fallback (dev-log only in dev mode).
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.send_otp"
This is the unauthenticated public form at /onboarding-invite. Anyone can request an invitation; the AXK team reviews and sends the KYC link. dict: {success, message}
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.submit_invitation"
Called from /onboarding-invite?token=... after the user clicks their link. Stores the document as a Frappe File attachment and queues the invitation for manual review (status → 'Opened', review queue picks it up). The user does NOT set a password here. After the admin approves the application, an email lands with a single-use Frappe password reset link so they can set their own. This matches how regulated platforms onboard (no plaintext password in transit before vetting + Frappe's own password-reset cryptography). The legacy `password` kwarg is accepted but ignored for back-compat with old form versions still cached on devices. dict: {success, message}
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.submit_kyc"
Validate an invitation token. Returns pre-fill data.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.validate_token"
API-002 guard: after _OTP_FAIL_LIMIT wrong OTPs within _OTP_FAIL_WINDOW_SECONDS, the invitation is locked for _OTP_LOCKOUT_SECONDS. A valid OTP verification clears both the failure counter and the lockout flag.
curl -X POST "https://app.axk.org/api/method/axk_network.api.onboarding.verify_and_complete"
ops_dashboard
Ops Dashboard endpoints.
One call — everything the dashboard needs.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ops_dashboard.snapshot" \ -H "Authorization: ApiKey <key_id>:<secret>"
orders
Orders endpoints.
flips Disputed → Cancelled and the buyer's funds refund. Same shape as release. The transition runs through `escrow.cancel` so the refund hits the same atomic state mutation + audit + settlement-event pipeline.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.admin_resolve_dispute_refund" \ -H "Authorization: ApiKey <key_id>:<secret>"
flips Disputed → Released and the buyer's funds settle. The note is required and persists in the Escrow Audit Log so we have a written justification for the resolution. See `_resolve_escrow_for_order` for the safety guarantees: the escrow must already be Disputed and the order/escrow must exist. The actual transition runs through `escrow.release` which handles tx_hash recording, settlement events, and audit log.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.admin_resolve_dispute_release" \ -H "Authorization: ApiKey <key_id>:<secret>"
a portion AND release the seller a portion of the SAME escrow. The two existing resolvers are the extremes (full release / full refund); this covers the interior. The two amounts MUST sum to the escrowed principal (validated within 1 cent, read UNDER the lock — never trust a client-supplied principal) and both must be >= 0. Gate + lock are shared with the other resolvers: _require_admin_for_resolution (System Manager / AXK Admin / AXK Authority) runs BEFORE any state read, then _resolve_escrow_for_order takes the FOR UPDATE lock and asserts the escrow is currently Disputed. The money move runs through escrow.execute_partial_settlement, which performs the single legal terminal transition Disputed → Released, records the settlement waterfall on the RELEASED portion only, pays the exporter the seller portion, and refunds the buyer the refund portion — every leg best-effort + retryable under the same no-double-spend guarantees as execute_release / execute_refund. The escrow ends Released (there is no "partially settled" state); the buyer refund is recorded as a settlement event + audit + comment on the Released escrow and echoed in this RPC's return envelope. To preserve the Cancelled terminal + full-refund semantics, route a pure full refund (seller=0) through admin_resolve_dispute_refund and a pure full release (buyer=0) through admin_resolve_dispute_release; this endpoint is for the strict interior 0 < seller < principal. Degenerate extremes are REJECTED here (server-side) so a full refund can never end Released via a zero-seller split — it must go through the refund resolver and terminate Cancelled.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.admin_resolve_dispute_split" \ -H "Authorization: ApiKey <key_id>:<secret>"
A Draft order has no escrow yet — accept() is what opens the escrow contract — so there is no money to claw back. The lot is still on the marketplace, the exporter has not committed to the deal. Cancelling here is a clean state flip with no settlement side-effects. Auth: caller must be a Buyer Member of the order's buyer org (admin / System Manager bypass). Membership SQL runs FIRST so a wrong-buyer attempt never produces an audit-log entry under the attacker's name. Safety: - order.status == 'Draft' → flip to 'Cancelled' - order.status == 'Cancelled' → idempotent success - any other status → refuse (escrow already opened; buyer must dispute instead)
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.buyer_cancel_draft_order" \ -H "Authorization: ApiKey <key_id>:<secret>"
- counts: orders by status (Draft / Escrow Created / Settled) - committed_by_currency: SUM(total_amount) on orders whose escrow is currently Funded — the buyer's money locked in escrow right now, awaiting exporter delivery + release. This is the buyer-side mirror of the exporter open-exposure KPI. Distinct from "spent" (Settled) and "draft" (un-funded). - settled_by_currency: SUM on Settled orders (money already released to the exporter on the buyer's behalf). Scoped through the same Buyer Member filter as list_orders; admin bypasses.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.buyer_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
to the exporter. This is the CORRECT release authority. The buyer funds the escrow and receives the goods, so the buyer is the party who releases — the same trust model as a P2P escrow (the protected party releases; the seller cannot self-release). The exporter's old self-release button is gone (see api/exporter.release_order_escrow, now an admin-only backstop). The other routes to Released remain: - the dual-confirm delivery path (provider + buyer) in api/transport.confirm_delivery, and - admin dispute resolution for frozen escrows. Auth: caller must be a Buyer Member of the order's buyer org (admin / System Manager bypass). Membership SQL runs BEFORE any escrow lookup so an outsider attempt never leaks existence info or moves money. Safety state machine (escrow row locked FOR UPDATE to serialise against a concurrent provider-confirm release): - 'Released' / 'Settled' → idempotent success ("already released") - 'Pending' → "not funded yet, nothing to release" - 'Disputed' → "frozen, resolve the dispute first" - 'Cancelled' → "cannot release a cancelled escrow" - 'Funded' → run the full settlement
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.confirm_delivery_and_release" \ -H "Authorization: ApiKey <key_id>:<secret>"
A party hits "Dispute order" on the order detail page when goods have not arrived, arrived in an unacceptable state, or (exporter side) the buyer is stalling a release the exporter believes is owed. The escrow flips Funded/Locked → Disputed which FREEZES the funds pending AXK support / corridor-authority resolution. No money moves automatically — disputed escrows wait on a human. The escrow status enum is Pending|Funded|Locked|Released|Cancelled|Disputed. There is no "In Transit"/"Delivered" escrow status — those are AXK Shipment statuses; during transit/delivery the escrow stays Funded (or Locked). The state machine only permits Funded→Disputed and Locked→Disputed, so a dispute "while in transit / delivered" is satisfied by accepting Funded + Locked. Auth: caller must be a Buyer Member of the order's buyer org OR an Exporter Member of the order's exporter org (admin / System Manager bypass). Membership SQL runs BEFORE any escrow lookup so an outsider attempt never leaks existence info and produces no audit row under the attacker. Safety state machine (escrow row locked FOR UPDATE to serialise against a concurrent admin resolve / second self-file): - escrow.status == 'Disputed' → idempotent success ("already disputed") - escrow.status == 'Pending' → "cannot dispute, not yet funded" - escrow.status in 'Released', 'Settled' → "already released, contact support" - escrow.status == 'Cancelled' → "cannot dispute a cancelled escrow" - escrow.status in 'Funded', 'Locked' → delegate to escrow.dispute - any other → "unexpected state" throw reason is REQUIRED, stripped, and must be at least ``_DISPUTE_REASON_MIN_CHARS`` characters so support has something to triage. Rate-limited (5 / 60s per IP) so a single actor cannot freeze-thrash. The idempotent re-file branch returns BEFORE any notification fan-out so a re-file never storms the parties.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.dispute_order" \ -H "Authorization: ApiKey <key_id>:<secret>"
Used by the Dispute panel on /app/order/
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.dispute_timeline" \ -H "Authorization: ApiKey <key_id>:<secret>"
Respects the current status_filter + search term. Honours the same Buyer Member visibility filter as list_orders. Capped at 5000 rows — wider scope is an admin Frappe report concern, not an in-app export.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.export_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Same visibility filter as list_my_disputes — buyers see their own disputes, exporters see disputes against them, admin sees everything. Capped at 5000 rows for the same reason as the other CSV exports: wider scope belongs to a Frappe report, not an in-app download.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.export_my_disputes_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Each row is an escrow currently or formerly in `Disputed`, joined with its order so the page can show the parties, the amount, and the dispute's open/resolved state at a glance. Visibility runs through `_dispute_party_filter_sql` — buyers see disputes they raised, exporters see disputes raised against them. Admin sees all. status_filter: - "all" → every dispute the user can see - "open" → escrow.status = 'Disputed' - "resolved" → escrow has a Disputed audit-log row but is no longer in Disputed state (i.e. an admin moved it to Released or Cancelled) sort: one of _DISPUTE_SORT_MAP keys. Unknown falls back to newest. Envelope shape mirrors list_orders so the client uses the same prev/next pill component.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.list_my_disputes" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns a paginated envelope so the client can render a list without loading every order in one shot. Production users hit hundreds of orders; the previous unbounded variant would have pushed a 5MB+ DOM and a 4s render on a 200-order account. Envelope shape: { "rows": [
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.list_orders" \ -H "Authorization: ApiKey <key_id>:<secret>"
Includes lot snapshot, parties, terms, delivery destination, and a derived stage so the buyer page can render a status pill + progress indicator without touching internal escrow fields.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.order_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
Powers the commodity dropdown on /app/my-orders. Reuses the exact Buyer Member scoping + Lot join as list_orders (admin bypass) so the options never leak commodities the caller cannot already see in their own orders. Alphabetical, non-empty values only.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.order_filter_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mirrors cooperative.settlement_detail — same Escrow + Lot join, same explorer-URL handling (strip path → append /tx/HASH) — but scoped through Buyer Member instead of Cooperative Member. Used by the inline drawer on /app/my-orders. Returns {} when the buyer cannot see the order so the client renders a clean error rather than leaking a 403.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.purchase_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mirrors cooperative.recent_settlements + exporter.recent_settlements for the buyer side — the money-out feed on /app/my-orders. Scoped through Buyer Member (admin bypass). Returns the last N (clamped 1-20) settled orders, newest first, with the lot snapshot needed for the row preview.
curl -X POST "https://app.axk.org/api/method/axk_network.api.orders.recent_purchases" \ -H "Authorization: ApiKey <key_id>:<secret>"
oversight
Oversight endpoints.
Open disputed escrows — the lead's "must-action" list.
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_disputes" \ -H "Authorization: ApiKey <key_id>:<secret>"
Two operational signals for the lead: (1) Per-event muted count — if many users have muted `notify_order_disputed`, dispute volume is too high or the bell is too noisy. (2) 7-day Notification Log volume scoped to `document_type = 'AXK Order'` — proves the gate from #427 is still firing for everything that is not muted.
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_notification_health" \ -H "Authorization: ApiKey <key_id>:<secret>"
order. Use case: a Funded escrow has gone N days without a shipment and the lead wants to prod the exporter without bouncing to a separate email tool. The nudge writes a bell entry per recipient and sends an email using the same plumbing as dispute notifications. Idempotent in spirit — there is no per-day dedup because admins intentionally re-nudge, but we cap the note at 280 chars to keep emails sensible. Why admin-only: a nudge from a buyer would conflict with the dispute path. Buyers express grievance via dispute, admins nudge via this endpoint.
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_nudge_exporter" \ -H "Authorization: ApiKey <key_id>:<secret>"
whole platform — the admin queue for triage. Same shape as the other oversight panels: admin-only, oldest- first ordering, limit clamped to [1, 50].
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_pending_claims" \ -H "Authorization: ApiKey <key_id>:<secret>"
These are the inspections an admin is supposed to land on /app/my-inspections and approve or reject. Surfacing them on /app/oversight gives the lead the same single-screen view they get for disputes + stalled escrows.
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_pending_inspections" \ -H "Authorization: ApiKey <key_id>:<secret>"
Most recently created / modified AXK Orders across the platform.
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_recent_orders" \ -H "Authorization: ApiKey <key_id>:<secret>"
These are the escrows that are most likely to convert into disputes. Surfacing them on the oversight dashboard lets the lead nudge the exporter (or the buyer) before the situation deteriorates. Caller-supplied `days` is clamped to [1, 30] — never trust incoming numerics, and a 0-day window would flood the panel on every freshly-funded escrow.
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_stalled_escrows" \ -H "Authorization: ApiKey <key_id>:<secret>"
as the daily digest section so admins clicking through from the email see consistent data. days clamped to [1, 30]. limit clamped to [1, 50].
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_stalled_shipments" \ -H "Authorization: ApiKey <key_id>:<secret>"
Returns counts that the lead engineer asks for at a glance: - escrows by status (Pending / Funded / Released / Disputed) - orders by status (Draft / Escrow Created / Settled / Cancelled) - lots by status group (marketplace / inflight / settled / other) - actor counts (cooperatives, buyers, exporters, total users) - total pipeline + total settled value per currency
curl -X POST "https://app.axk.org/api/method/axk_network.api.oversight.oversight_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
partnership
Partnership endpoints.
Distinct countries for the directory filter dropdown.
curl -X POST "https://app.axk.org/api/method/axk_network.api.partnership.exporter_filter_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
cooperative can see who they are before requesting a partnership.
curl -X POST "https://app.axk.org/api/method/axk_network.api.partnership.get_exporter_detail" \ -H "Authorization: ApiKey <key_id>:<secret>"
they hold a valid export license. Paginated, searchable, filterable.
curl -X POST "https://app.axk.org/api/method/axk_network.api.partnership.list_exporters" \ -H "Authorization: ApiKey <key_id>:<secret>"
exporter received.
curl -X POST "https://app.axk.org/api/method/axk_network.api.partnership.list_partnership_requests" \ -H "Authorization: ApiKey <key_id>:<secret>"
A cooperative asks an exporter to take its lots to market.
curl -X POST "https://app.axk.org/api/method/axk_network.api.partnership.request_partnership" \ -H "Authorization: ApiKey <key_id>:<secret>"
The exporter accepts or declines a partnership request.
curl -X POST "https://app.axk.org/api/method/axk_network.api.partnership.respond_partnership" \ -H "Authorization: ApiKey <key_id>:<secret>"
The cooperative withdraws its own open request.
curl -X POST "https://app.axk.org/api/method/axk_network.api.partnership.withdraw_partnership" \ -H "Authorization: ApiKey <key_id>:<secret>"
profile
Profile endpoints.
Email a Finance Eligibility Profile shareable link to a lender/bank.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile.email_finance_profile" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile.get_axk_profile" \ -H "Authorization: ApiKey <key_id>:<secret>"
Return enabled feature flags for the current user's company.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile.get_feature_flags" \ -H "Authorization: ApiKey <key_id>:<secret>"
Resolves the FEP that belongs to the logged-in exporter / cooperative (or farmer / company) and returns the score, breakdown, headline trade stats and the active shareable link (if any). When no profile exists yet we return ``{"has_profile": False}`` so the page can render a clean empty state instead of erroring.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile.get_my_finance_profile" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile.revoke_finance_profile_share" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile.share_finance_profile" \ -H "Authorization: ApiKey <key_id>:<secret>"
profile_overview
Profile Overview endpoints.
The caller's own account fields for the edit modal.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.account_edit_values" \ -H "Authorization: ApiKey <key_id>:<secret>"
Remove a credential matched by (type, reference_number).
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.delete_org_credential" \ -H "Authorization: ApiKey <key_id>:<secret>"
A coop/exporter member sees their org's Lots; a buyer member sees their org's Orders. `scope` ('lots'|'orders') can pin the view when the user wears both hats; otherwise lots win if they belong to a seller org.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.get_my_listings" \ -H "Authorization: ApiKey <key_id>:<secret>"
sell-direct gate, and a listings summary.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.get_org_overview" \ -H "Authorization: ApiKey <key_id>:<secret>"
Scoped to the caller's OWN lots only, using the same coop/exporter org membership ownership as get_my_listings -> _listings_lots. A member with no seller org (e.g. a buyer-only user) sees an empty list.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.my_listings_filter_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
modal prefills authoritative data. Ownership is implicit — it returns the caller's OWN org. An admin may pass an explicit (kind, org) to target one. Returns the org `kind`, its `name`, the editable field `values`, and an `editable` flag (a member, or an admin, may edit).
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.org_profile_edit_values" \ -H "Authorization: ApiKey <key_id>:<secret>"
(credential_type, reference_number); otherwise appends a new one.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.save_org_credential" \ -H "Authorization: ApiKey <key_id>:<secret>"
session user, never another. Email/roles are not editable here.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.update_my_account" \ -H "Authorization: ApiKey <key_id>:<secret>"
profile interface — never the native doctype form. Only a member of the org (admin bypass) may edit, and only the allow-listed descriptive fields for that kind. Verification / KYC / financial / status fields are never writable here. Returns {name, changed, message}.
curl -X POST "https://app.axk.org/api/method/axk_network.api.profile_overview.update_org_profile" \ -H "Authorization: ApiKey <key_id>:<secret>"
readiness
Readiness endpoints.
posture (env, payment mode, AI key presence, wallet balance) which a Website User shouldn't be able to enumerate. { "summary": "ok" | "warn" | "bad", "ok": int, "warn": int, "bad": int, "items": [ ... per-check rows ... ], }
curl -X POST "https://app.axk.org/api/method/axk_network.api.readiness.production_readiness" \ -H "Authorization: ApiKey <key_id>:<secret>"
receivables
Receivables endpoints.
On success: {ok: True, event: "
curl -X POST "https://app.axk.org/api/method/axk_network.api.receivables.assign_receivable" \ -H "Authorization: ApiKey <key_id>:<secret>"
release
Release endpoints.
Public read of an AXK Release by its shareable token.
curl -X POST "https://app.axk.org/api/method/axk_network.api.release.get_by_token"
Returns lightweight metadata only (no canonical JSON / signature) so an enumeration pull stays cheap; full detail comes from ``get_by_token``.
curl -X POST "https://app.axk.org/api/method/axk_network.api.release.list_recent"
settlement_charges
Settlement Charges endpoints.
Read-only. Returns the charge amounts, the rates + their source, and a net-to-seller figure. ``royalty_pct`` / ``withholding_pct`` override the configured rate card when supplied (operator override). Returns {ok, order, base_amount, currency, royalty:{pct, amount, source}, withholding:{pct, amount, source}, total_charges, net_to_seller, rate_configured} or {ok: False, code, error}.
curl -X POST "https://app.axk.org/api/method/axk_network.api.settlement_charges.compute_statutory_charges" \ -H "Authorization: ApiKey <key_id>:<secret>"
signature
Signature endpoints.
Retrieve signatory status and details for an AXK Order.
curl -X POST "https://app.axk.org/api/method/axk_network.api.signature.get_contract_signatories" \ -H "Authorization: ApiKey <key_id>:<secret>"
Request a signature via Africa's Talking USSD/SMS challenge.
curl -X POST "https://app.axk.org/api/method/axk_network.api.signature.request_ussd_signature" \ -H "Authorization: ApiKey <key_id>:<secret>"
Sign the trade contract for an AXK Order.
curl -X POST "https://app.axk.org/api/method/axk_network.api.signature.sign_contract" \ -H "Authorization: ApiKey <key_id>:<secret>"
sla_report
Sla Report endpoints.
`tenant_name` is optional — when omitted, reports against the platform-level SLA (uses the default tier as the binding).
curl -X POST "https://app.axk.org/api/method/axk_network.api.sla_report.monthly_sla_report" \ -H "Authorization: ApiKey <key_id>:<secret>"
status_subscribe
Status Subscribe endpoints.
open (guest) endpoint can't be used to bomb the list with arbitrary emails.
curl -X POST "https://app.axk.org/api/method/axk_network.api.status_subscribe.subscribe"
telemetry
Telemetry endpoints.
Accepts (form/JSON): kind, message, stack, url, ref, status. Everything is best-effort and length-capped; the call always returns ok so the error handler never has to handle an error from the error logger.
curl -X POST "https://app.axk.org/api/method/axk_network.api.telemetry.log_client_error"
tenant
Tenant endpoints.
The actual nginx + certbot work runs as a follow-up task on the box (admin runs `bin/expand-cert
curl -X POST "https://app.axk.org/api/method/axk_network.api.tenant.add_custom_domain" \ -H "Authorization: ApiKey <key_id>:<secret>"
Schedule provisioning on the long-worker queue.
curl -X POST "https://app.axk.org/api/method/axk_network.api.tenant.enqueue_provision" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.tenant.resume" \ -H "Authorization: ApiKey <key_id>:<secret>"
new logins and most writes. Existing sessions get bumped on next request. Reverse with `resume`.
curl -X POST "https://app.axk.org/api/method/axk_network.api.tenant.suspend" \ -H "Authorization: ApiKey <key_id>:<secret>"
a one-shot ops action so an accident doesn't cost data.
curl -X POST "https://app.axk.org/api/method/axk_network.api.tenant.terminate" \ -H "Authorization: ApiKey <key_id>:<secret>"
token
Token endpoints.
Return live AXKT token metrics. Public, no auth.
curl -X POST "https://app.axk.org/api/method/axk_network.api.token.get_metrics"
trade_finance
Trade Finance endpoints.
Approve a Requested advance (admin / bank / platform).
curl -X POST "https://app.axk.org/api/method/axk_network.api.trade_finance.approve_advance" \ -H "Authorization: ApiKey <key_id>:<secret>"
Records a Settlement Payable CREDIT to the borrower NOW — the borrower receives the money immediately (tranche ADVANCE_DISBURSEMENT, paid out through the normal disbursement queue) — and marks the advance Disbursed so the settlement waterfall repays it SENIOR at order settlement. Idempotent: a re-run over an already-Disbursed advance returns without double-crediting (the disbursement payable is deduped on (escrow, party, obligation_ref)).
curl -X POST "https://app.axk.org/api/method/axk_network.api.trade_finance.disburse_advance" \ -H "Authorization: ApiKey <key_id>:<secret>"
it in one step. The funding bank is the SIGNED-IN user — never taken from client input.
curl -X POST "https://app.axk.org/api/method/axk_network.api.trade_finance.fund_position" \ -H "Authorization: ApiKey <key_id>:<secret>"
eligibility score — the bank's underwriting work queue. Only advances whose escrow is STILL Funded are surfaced (a settled / cancelled escrow is no longer fundable).
curl -X POST "https://app.axk.org/api/method/axk_network.api.trade_finance.list_fundable_positions" \ -H "Authorization: ApiKey <key_id>:<secret>"
The caller must be a member of the cooperative or exporter on the order, and the order must have a FUNDED escrow (escrow-backed). Creates a Requested Trade Advance with the borrower + parties DERIVED from the order.
curl -X POST "https://app.axk.org/api/method/axk_network.api.trade_finance.request_advance" \ -H "Authorization: ApiKey <key_id>:<secret>"
transport
Transport endpoints.
Exporter accepts a transport bid. Caller must be the exporter who posted the request.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.accept_bid" \ -H "Authorization: ApiKey <key_id>:<secret>"
Confirm delivery. Caller must be the logistics provider or the buyer.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.confirm_delivery" \ -H "Authorization: ApiKey <key_id>:<secret>"
Transport Request doctype form. Ownership-checked; opens at status Open.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.create_transport_request" \ -H "Authorization: ApiKey <key_id>:<secret>"
a shipment the caller can track. Returns {shipment} or {error}.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.find_shipment" \ -H "Authorization: ApiKey <key_id>:<secret>"
Get transport requests available for bidding.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.get_available_loads" \ -H "Authorization: ApiKey <key_id>:<secret>"
Return current ETA snapshot for a Shipment.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.get_eta" \ -H "Authorization: ApiKey <key_id>:<secret>"
derived status timeline, GPS breadcrumb trail, current position, route, and the dual delivery confirmation. Read-only.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.get_shipment_tracking_snapshot" \ -H "Authorization: ApiKey <key_id>:<secret>"
review screen.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.list_scored_bids" \ -H "Authorization: ApiKey <key_id>:<secret>"
Buyer still needs to confirm via confirm_delivery for full Delivery Confirmed state.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.mark_arrived" \ -H "Authorization: ApiKey <key_id>:<secret>"
Triggers the insurance parametric handler via Shipment.on_update.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.mark_exception" \ -H "Authorization: ApiKey <key_id>:<secret>"
metadata to prefill the form — weight from the lot, origin/destination from the lot's corridor. Excludes lots that already have an open load.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.post_load_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
surfaces this as the suggested accept; the exporter still has to call accept_bid manually.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.recommend_bid" \ -H "Authorization: ApiKey <key_id>:<secret>"
departure_time. Idempotent if already In Transit.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.start_trip" \ -H "Authorization: ApiKey <key_id>:<secret>"
Submit a bid for a transport request. Caller must have AXK Logistics role.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.submit_bid" \ -H "Authorization: ApiKey <key_id>:<secret>"
the exporter's edit modal prefills authoritative data. Also returns whether the request is still in an editable state (before a bid is accepted).
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.transport_request_edit_values" \ -H "Authorization: ApiKey <key_id>:<secret>"
provider's custom interface. Owner-gated (the bid's logistics_provider User; admin bypass) and only while the bid is Pending and its parent request is still Open/Bidding. Allow-listed: proposed_rate, notes.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.update_transport_bid" \ -H "Authorization: ApiKey <key_id>:<secret>"
never the native doctype form. Only the request owner (the exporter User; admin bypass) may edit, only while the request is still Open/Bidding with no bid accepted, and only the allow-listed route/weight/pricing fields. Each value is validated. Allow-listed: origin, destination, required_by, weight_kg, offered_rate, currency, special_instructions. Excluded (system / commitment / identity): lot, exporter, status, accepted_bid, accepted_rate, shipment, company.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.update_transport_request" \ -H "Authorization: ApiKey <key_id>:<secret>"
interface. Owner-gated (the bid's logistics_provider User; admin bypass) and only while the bid is Pending and the parent request is still Open or Bidding (i.e. no bid accepted yet). The Transport Bid status field offers no Withdrawn/Cancelled value, so the withdrawal is a hard delete of the bid document (ignore_permissions). If the parent request has no other live bids, it is rolled back from Bidding to Open so the load no longer shows phantom interest.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transport.withdraw_transport_bid" \ -H "Authorization: ApiKey <key_id>:<secret>"
transporter
Transporter endpoints.
Same visibility filter as list_my_shipments. Capped at 5000 rows.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transporter.export_my_shipments_csv" \ -H "Authorization: ApiKey <key_id>:<secret>"
Paginated AXK Shipment list for the calling transporter.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transporter.list_my_shipments" \ -H "Authorization: ApiKey <key_id>:<secret>"
Powers the commodity dropdown on /app/my-shipments. Reuses the exact transporter scoping + Lot join as list_my_shipments (admin bypass) so the options never leak commodities outside the shipments the caller can already see. Alphabetical, non-empty values only.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transporter.shipment_filter_options" \ -H "Authorization: ApiKey <key_id>:<secret>"
Counts the caller's shipments grouped by status_filter so the dashboard can render four big-number cards without an extra round-trip.
curl -X POST "https://app.axk.org/api/method/axk_network.api.transporter.transporter_summary" \ -H "Authorization: ApiKey <key_id>:<secret>"
ussd
Ussd endpoints.
Authenticated: only an operator / business flow may request a signature (a guest cannot mint challenges for arbitrary phones).
curl -X POST "https://app.axk.org/api/method/axk_network.api.ussd.request_signature" \ -H "Authorization: ApiKey <key_id>:<secret>"
Register this as the USSD callback URL in the Africa's Talking dashboard:: https://app.axk.org/api/method/axk_network.api.ussd.ussd_callback Africa's Talking POSTs form-encoded ``sessionId``, ``phoneNumber``, ``text`` and ``serviceCode`` and expects a plain-text body that begins with ``CON`` (keep the session open) or ``END`` (close it). We always return such a string and never raise — a failure closes the session with a generic ``END`` so the user is never stuck mid-session.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ussd.ussd_callback"
Return whether ``action_ref`` has been USSD-authorized + by whom.
curl -X POST "https://app.axk.org/api/method/axk_network.api.ussd.verify" \ -H "Authorization: ApiKey <key_id>:<secret>"
verification
Verification endpoints.
Manually trigger XRPL anchoring. Restricted to System Manager and AXK Admin.
curl -X POST "https://app.axk.org/api/method/axk_network.api.verification.anchor_to_xrpl" \ -H "Authorization: ApiKey <key_id>:<secret>"
Queries the local Anchor Event journal for a VC_REVOKED event whose payload contains the vc_hash. Revocation is anchored in-process via axk_network.tasks.credentials.revoke_vc which writes an Anchor Event row and submits to Xahau.
curl -X POST "https://app.axk.org/api/method/axk_network.api.verification.check_revocation"
Manually trigger AXK AI analysis. Restricted to System Manager and AXK Admin.
curl -X POST "https://app.axk.org/api/method/axk_network.api.verification.trigger_anhur" \ -H "Authorization: ApiKey <key_id>:<secret>"
Third parties can verify at verify.axk.org without trusting AXK — the proof chain goes: VC hash → XRPL Ledger event → Xahau L1 anchor.
curl -X POST "https://app.axk.org/api/method/axk_network.api.verification.verify_credential"
workspace_dashboards
Workspace Dashboards endpoints.
AI Platform / AXK AI Intelligence — call telemetry, cost, latency.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.ai_platform" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.axk_ai_knowledge_pillar" \ -H "Authorization: ApiKey <key_id>:<secret>"
Hero: last-24h anchored events + spark KPIs: anchor idle min, batch backlog, KYC awaiting, error log 24h Chart: anchor events daily 28d (current 14 vs prior 14 cumulative) Breakdown: tenants by status Feed: last failed events + ageing KYC + recent tenant lifecycle Actions: Open Ops Dashboard, Production Readiness, AXK Tenants
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.axk_operations" \ -H "Authorization: ApiKey <key_id>:<secret>"
Buyer view — verified lots, open bids, price trends.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.buyer_marketplace" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.commodity_trade" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.compliance_and_verification" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.content_and_knowledge" \ -H "Authorization: ApiKey <key_id>:<secret>"
Cooperative network health — members, plots, forecast, approvals.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.cooperative_manager" \ -H "Authorization: ApiKey <key_id>:<secret>"
Border / corridor clearance dashboard.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.corridor_authority" \ -H "Authorization: ApiKey <key_id>:<secret>"
Exporter view — orders, shipments, margins.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.exporter_portal" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.farm_pillar" \ -H "Authorization: ApiKey <key_id>:<secret>"
Farmer's view of their plots, forecasts, and recent payouts.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.farmer_dashboard" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.finance_and_credit" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.finance_intelligence" \ -H "Authorization: ApiKey <key_id>:<secret>"
Network-wide pulse. Total users, live value, recent throughput.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.home" \ -H "Authorization: ApiKey <key_id>:<secret>"
Light, welcoming shape — no deep stats. The page is: - hero : date + greeting + AI-flavoured one-liner + status pill - quick_actions : chips beside the primary Ask AXK AI CTA - pillars : eight pillar shortcut tiles (nav, not metrics) - pulse : live cross-platform stream + needs-you action list - ledger : recent Xahau anchor pills - footer_status : uptime / Xahau / AI / anchor queue
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.home_overview" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.identity_compliance_pillar" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.inspections" \ -H "Authorization: ApiKey <key_id>:<secret>"
Quality Inspector workload — assigned inspections + SLA.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.inspector_dashboard" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.insurance" \ -H "Authorization: ApiKey <key_id>:<secret>"
All queries are guarded by _table_exists so this endpoint is safe on sites that haven't migrated the KYC module yet.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.kyc_dashboard" \ -H "Authorization: ApiKey <key_id>:<secret>"
Fleet pulse — Transport Requests, Bids, Shipments in motion.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.logistics_marketplace" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.logistics_pillar" \ -H "Authorization: ApiKey <key_id>:<secret>"
Marketing / CRM pulse — leads, campaigns, deals.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.marketing" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.member_harvests" \ -H "Authorization: ApiKey <key_id>:<secret>"
Mobility (rideshare) pulse — bookings, drivers, vehicles, trips.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.mobility_dashboard" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.my_farm_season" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.my_farms" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.my_harvests" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.network_pillar" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.operations_pillar" \ -H "Authorization: ApiKey <key_id>:<secret>"
Orders + Escrow joint view — trade + capital flow.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.orders_and_escrow" \ -H "Authorization: ApiKey <key_id>:<secret>"
Admin-only platform pulse — users, live escrow, AI spend.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.platform_administration" \ -H "Authorization: ApiKey <key_id>:<secret>"
Pre-finance pipeline — eligibility profiles + coverage.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.pre_finance_pipeline" \ -H "Authorization: ApiKey <key_id>:<secret>"
Pre-harvest order flow — open pre-orders, matched, forecasts.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.pre_harvest_marketplace" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.shipments_and_logistics" \ -H "Authorization: ApiKey <key_id>:<secret>"
Tokens dashboard — issuance volume, holders, market activity.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.tokens" \ -H "Authorization: ApiKey <key_id>:<secret>"
Function name is preserved (tokens_forge) so the Custom HTML Block wired to it via tier1 stays valid; user-facing copy uses plain English (mint / token / concept) — no internal jargon.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.tokens_forge" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.trade_settlement_pillar" \ -H "Authorization: ApiKey <key_id>:<secret>"
User Support — issues, tickets, response times.
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.user_support" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_dashboards.verification_ledger" \ -H "Authorization: ApiKey <key_id>:<secret>"
workspace_guide
Workspace Guide endpoints.
Return the Guide launchpad for `workspace` (its display name).
curl -X POST "https://app.axk.org/api/method/axk_network.api.workspace_guide.build" \ -H "Authorization: ApiKey <key_id>:<secret>"
yellowcard
Yellowcard endpoints.
curl -X POST "https://app.axk.org/api/method/axk_network.api.yellowcard.channels" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.yellowcard.networks" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.yellowcard.payment_status" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.yellowcard.payout" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.yellowcard.rates" \ -H "Authorization: ApiKey <key_id>:<secret>"
curl -X POST "https://app.axk.org/api/method/axk_network.api.yellowcard.resolve" \ -H "Authorization: ApiKey <key_id>:<secret>"
body alone. Returns fast 200 so YC does not retry a processed event.
curl -X POST "https://app.axk.org/api/method/axk_network.api.yellowcard.webhook"
No operations match your search.
Planned coverage