Extensions API
Register webhook-based integrations and ingest external events into Palveron.
The Extensions API connects external tools — Browser Guard, custom telemetry pipelines, third-party AI gateways — into your project's governance fabric.
POST /api/v1/extensions
Register an extension. Returns an ext_ API key that the extension uses for all subsequent calls.
{
"name": "Browser Guard — Sales Team",
"type": "browser_shield",
"description": "Optional notes about the integration",
"scopes": ["webhook:ingest", "shadow_ai:read"]
}| Field | Required | Description |
|---|---|---|
name | ✅ | Human-readable label (max 100 chars) |
type | ✅ | browser_shield, webhook, mcp_relay, or custom |
scopes | ✅ | Array of capabilities — see Scopes below |
description | — | Free text |
The ext_ key is shown once on creation. Store it immediately.
POST /api/v1/webhooks/ingest
Ingest an external governance event. The Browser Guard extension uses this to forward classified browser activity into Palveron's trace store.
{
"source_url": "https://chat.openai.com/...",
"event_type": "prompt_sent",
"agent_id": "agent_...",
"payload": {
"decision": "BLOCKED",
"reason": "PII detected: credit card",
"redacted_input": "I want to use card 4242 **** **** ****"
}
}Authenticate with Authorization: Bearer ext_.... Events are written to the project's trace store and inherit its retention and Flare-anchoring rules.
GET /api/v1/extensions
List registered extensions with status, last-seen timestamp, and ingested-events counter.
DELETE /api/v1/extensions/{id}
Revoke an extension. The ext_ key is invalidated immediately and any further ingest calls return 401.
Scopes
| Scope | Grants |
|---|---|
webhook:ingest | Permission to call POST /webhooks/ingest |
shadow_ai:read | Read access to Shadow AI dashboard data |
shadow_ai:write | Submit Shadow AI detections via POST /ai-discovery/detection |
traces:read | Read traces created by this extension |
Request only the scopes the extension actually needs — minimum-privilege.