Developer docs

Build on Sentinel.

A typed REST surface, signed webhooks, and an interactive OpenAPI explorer. The API reads and writes the same workspace your team uses - risk scores included on every read.

Bearer token auth·HMAC-SHA256 webhook signing·OpenAPI 3.0 spec

Surfaces

API reference

OpenAPI 3.0

Interactive OpenAPI explorer. Hit endpoints, see schemas, copy curl.

Webhooks

HMAC-SHA256

Real-time, HMAC-signed event deliveries with retries and a 30-day inspection log.

Authentication

Every request needs a Bearer token in the Authorization header. Tokens are workspace-scoped - they read and write only the workspace they were issued for.

Header: Authorization: Bearer <token>
Scope: Workspace
Rotation: Manual via settings

bashexample

curl -X GET "https://api.sentinel.dev/api/deals" \
  -H "Authorization: Bearer your_api_token" \
  -H "Content-Type: application/json"

List deals

GET /api/deals returns paginated deals scoped to the token's workspace. Filter by stage, owner, or risk band via query params. Risk score and reasons are computed on read.

Method: GET
Path: /api/deals
Pagination: limit + cursor

jsonexample

{
  "success": true,
  "data": [
    {
      "id": "clx123abc",
      "name": "Acme Corp",
      "stage": "negotiation",
      "value": 50000,
      "riskLevel": "Low",
      "riskScore": 0.25
    }
  ],
  "nextCursor": null
}

Webhook events

Configure outbound webhooks to receive real-time notifications when deals change. Each delivery is signed with HMAC-SHA256 over the JSON body using your webhook secret.

Signature: X-Webhook-Signature
Algorithm: HMAC-SHA256
Retry: Exponential backoff

Event	Description
deal.created	New deal added to pipeline.
deal.updated	Deal fields changed.
deal.stage_changed	Deal moved to a different stage.
deal.at_risk	Deal crossed the at-risk threshold.
deal.closed_won	Deal successfully closed.
deal.closed_lost	Deal lost.
team.member_added	Member added to a team.
team.member_removed	Member removed from a team.

Webhook payload

Every webhook delivery has a stable envelope: id, event, timestamp, and a typed data block. Always verify the X-Webhook-Signature header before trusting the body.

jsonexample

{
  "id": "evt_abc123",
  "event": "deal.stage_changed",
  "timestamp": "2026-05-10T12:00:00Z",
  "data": {
    "id": "clx123abc",
    "name": "Acme Corp",
    "oldStage": "proposal",
    "newStage": "negotiation",
    "value": 50000
  }
}

javascriptexample

import crypto from "node:crypto";

const signature = req.headers["x-webhook-signature"];
const expected = crypto
  .createHmac("sha256", webhookSecret)
  .update(JSON.stringify(req.body))
  .digest("hex");

const valid = crypto.timingSafeEqual(
  Buffer.from(signature),
  Buffer.from(expected)
);

if (!valid) {
  return res.status(401).end();
}

Try a request against your workspace.

The API reference embeds your token-aware Swagger UI. Hit any endpoint live, copy the curl, and ship.

Open API reference Get help

Sentinel · loading

Opening the desk.

Fetching the book… (0s)

Back to home API reference →

Developer docs

Build on Sentinel.

A typed REST surface, signed webhooks, and an interactive OpenAPI explorer. The API reads and writes the same workspace your team uses - risk scores included on every read.

Bearer token auth·HMAC-SHA256 webhook signing·OpenAPI 3.0 spec

Surfaces

API reference

OpenAPI 3.0

Interactive OpenAPI explorer. Hit endpoints, see schemas, copy curl.

Webhooks

HMAC-SHA256

Real-time, HMAC-signed event deliveries with retries and a 30-day inspection log.

Authentication

Every request needs a Bearer token in the Authorization header. Tokens are workspace-scoped - they read and write only the workspace they were issued for.

Header: Authorization: Bearer <token>
Scope: Workspace
Rotation: Manual via settings

bashexample

curl -X GET "https://api.sentinel.dev/api/deals" \
  -H "Authorization: Bearer your_api_token" \
  -H "Content-Type: application/json"

List deals

GET /api/deals returns paginated deals scoped to the token's workspace. Filter by stage, owner, or risk band via query params. Risk score and reasons are computed on read.

Method: GET
Path: /api/deals
Pagination: limit + cursor

jsonexample

{
  "success": true,
  "data": [
    {
      "id": "clx123abc",
      "name": "Acme Corp",
      "stage": "negotiation",
      "value": 50000,
      "riskLevel": "Low",
      "riskScore": 0.25
    }
  ],
  "nextCursor": null
}

Webhook events

Configure outbound webhooks to receive real-time notifications when deals change. Each delivery is signed with HMAC-SHA256 over the JSON body using your webhook secret.

Signature: X-Webhook-Signature
Algorithm: HMAC-SHA256
Retry: Exponential backoff

Event	Description
deal.created	New deal added to pipeline.
deal.updated	Deal fields changed.
deal.stage_changed	Deal moved to a different stage.
deal.at_risk	Deal crossed the at-risk threshold.
deal.closed_won	Deal successfully closed.
deal.closed_lost	Deal lost.
team.member_added	Member added to a team.
team.member_removed	Member removed from a team.

Webhook payload

Every webhook delivery has a stable envelope: id, event, timestamp, and a typed data block. Always verify the X-Webhook-Signature header before trusting the body.

jsonexample

{
  "id": "evt_abc123",
  "event": "deal.stage_changed",
  "timestamp": "2026-05-10T12:00:00Z",
  "data": {
    "id": "clx123abc",
    "name": "Acme Corp",
    "oldStage": "proposal",
    "newStage": "negotiation",
    "value": 50000
  }
}

javascriptexample

import crypto from "node:crypto";

const signature = req.headers["x-webhook-signature"];
const expected = crypto
  .createHmac("sha256", webhookSecret)
  .update(JSON.stringify(req.body))
  .digest("hex");

const valid = crypto.timingSafeEqual(
  Buffer.from(signature),
  Buffer.from(expected)
);

if (!valid) {
  return res.status(401).end();
}

Try a request against your workspace.

The API reference embeds your token-aware Swagger UI. Hit any endpoint live, copy the curl, and ship.

Open API reference Get help