# Tripwire ## Docs - [Android SDK](https://tripwirejs.com/docs/android-sdk.md): Collect signals from your Android app and hand a sealed session off to your backend. - [Create an organization API key](https://tripwirejs.com/docs/api-reference/api-keys/create-an-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [List organization API keys](https://tripwirejs.com/docs/api-reference/api-keys/list-organization-api-keys.md): Requires the `api_keys:read` secret-key scope. - [Revoke a organization API key](https://tripwirejs.com/docs/api-reference/api-keys/revoke-a-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [Rotate a organization API key](https://tripwirejs.com/docs/api-reference/api-keys/rotate-a-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [Update an organization API key](https://tripwirejs.com/docs/api-reference/api-keys/update-an-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [Authentication](https://tripwirejs.com/docs/api-reference/authentication.md): API keys, environments, scopes, and the lifecycle of each credential type Tripwire uses. - [Errors](https://tripwirejs.com/docs/api-reference/errors.md): Error envelope shape, HTTP status codes, retry semantics, and how to correlate failures with support. - [List events](https://tripwirejs.com/docs/api-reference/events/list-events.md): List organization events. Requires Authorization: Bearer sk_* with the webhooks:read scope. - [Retrieve an event](https://tripwirejs.com/docs/api-reference/events/retrieve-an-event.md): Retrieve one organization event and its webhook delivery attempts. Requires Authorization: Bearer sk_* with the webhooks:read scope. - [Visitor fingerprints API](https://tripwirejs.com/docs/api-reference/fingerprints.md): Secret-key-only visitor fingerprint lookup endpoints. - [Dashboard login API](https://tripwirejs.com/docs/api-reference/gate-login.md): Create and consume dashboard login sessions via Gate. - [Service registry](https://tripwirejs.com/docs/api-reference/gate-registry.md): Publicly discoverable Gate services available for agentic signup. - [Gate services API](https://tripwirejs.com/docs/api-reference/gate-services.md): Create, read, update, and disable organization-owned Gate service definitions. - [Signup sessions](https://tripwirejs.com/docs/api-reference/gate-sessions.md): Create, poll, approve, and cancel Gate signup sessions. - [Agent tokens API](https://tripwirejs.com/docs/api-reference/gate-tokens.md): Verify and revoke Gate-issued agent tokens. - [Acknowledge Gate delivery receipt](https://tripwirejs.com/docs/api-reference/gate/acknowledge-gate-delivery-receipt.md): Requires Authorization: Bearer gtpoll_.... - [Consume a Gate dashboard login code](https://tripwirejs.com/docs/api-reference/gate/consume-a-gate-dashboard-login-code.md): Requires Authorization: Bearer sk_* with the gate:login_sessions:consume scope. - [Create a Gate dashboard login session](https://tripwirejs.com/docs/api-reference/gate/create-a-gate-dashboard-login-session.md): Requires Authorization: Bearer agt_.... - [Create a Gate service for the authenticated organization](https://tripwirejs.com/docs/api-reference/gate/create-a-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:manage scope. - [Create a Gate signup session](https://tripwirejs.com/docs/api-reference/gate/create-a-gate-signup-session.md) - [Disable a Gate service for the authenticated organization](https://tripwirejs.com/docs/api-reference/gate/disable-a-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:manage scope. This is a soft delete that sets status=disabled. - [Get a Gate service](https://tripwirejs.com/docs/api-reference/gate/get-a-gate-service.md) - [Get one Gate service for the authenticated organization](https://tripwirejs.com/docs/api-reference/gate/get-one-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:read scope. - [List Gate services](https://tripwirejs.com/docs/api-reference/gate/list-gate-services.md) - [List Gate services for the authenticated organization](https://tripwirejs.com/docs/api-reference/gate/list-gate-services-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:read scope. - [Poll a Gate signup session](https://tripwirejs.com/docs/api-reference/gate/poll-a-gate-signup-session.md): Requires Authorization: Bearer gtpoll_.... - [Revoke a Gate agent token](https://tripwirejs.com/docs/api-reference/gate/revoke-a-gate-agent-token.md): Requires Authorization: Bearer sk_* with the gate:agent_tokens:revoke scope. - [Update a Gate service for the authenticated organization](https://tripwirejs.com/docs/api-reference/gate/update-a-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:manage scope. - [Verify a Gate agent token](https://tripwirejs.com/docs/api-reference/gate/verify-a-gate-agent-token.md): Requires Authorization: Bearer sk_* with the gate:agent_tokens:verify scope. - [API introduction](https://tripwirejs.com/docs/api-reference/introduction.md): What the Tripwire API exposes, how it is organized, and where to find the conventions that apply across every endpoint. - [Organizations API](https://tripwirejs.com/docs/api-reference/organizations.md): Secret-key-only endpoints for organizations and API key lifecycle management. - [Create an organization](https://tripwirejs.com/docs/api-reference/organizations/create-an-organization.md): Requires the `organizations:create` secret-key scope. - [Retrieve one organization](https://tripwirejs.com/docs/api-reference/organizations/retrieve-one-organization.md): Requires the `organizations:read` secret-key scope. - [Update a organization](https://tripwirejs.com/docs/api-reference/organizations/update-a-organization.md): Requires the `organizations:update` secret-key scope. - [Pagination](https://tripwirejs.com/docs/api-reference/pagination.md): Cursor-based pagination, response envelopes, and iterating through list endpoints. - [Rate limits](https://tripwirejs.com/docs/api-reference/rate-limits.md): Organization-level rate limits, response headers, 429 handling, and retry strategy. - [Sessions API](https://tripwirejs.com/docs/api-reference/sessions.md): Secret-key-only session result lookup endpoints. - [List sessions](https://tripwirejs.com/docs/api-reference/sessions/list-sessions.md): Requires the `sessions:list` secret-key scope. - [Retrieve one session](https://tripwirejs.com/docs/api-reference/sessions/retrieve-one-session.md): Requires the `sessions:read` secret-key scope. - [Versioning](https://tripwirejs.com/docs/api-reference/versioning.md): How the Tripwire API evolves, what counts as additive vs breaking, and how to keep your integration stable. - [List visitor fingerprints](https://tripwirejs.com/docs/api-reference/visitor-fingerprints/list-visitor-fingerprints.md): Requires the `fingerprints:list` secret-key scope. - [Retrieve one visitor fingerprint](https://tripwirejs.com/docs/api-reference/visitor-fingerprints/retrieve-one-visitor-fingerprint.md): Requires the `fingerprints:read` secret-key scope. - [Create a webhook endpoint](https://tripwirejs.com/docs/api-reference/webhooks/create-a-webhook-endpoint.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. The signing_secret is returned only in this response and rotation responses. - [Disable a webhook endpoint](https://tripwirejs.com/docs/api-reference/webhooks/disable-a-webhook-endpoint.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. - [List webhook endpoints](https://tripwirejs.com/docs/api-reference/webhooks/list-webhook-endpoints.md): Requires Authorization: Bearer sk_* with the webhooks:read scope. - [Rotate a webhook signing secret](https://tripwirejs.com/docs/api-reference/webhooks/rotate-a-webhook-signing-secret.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. The new signing_secret is returned only in this response. - [Send a test webhook](https://tripwirejs.com/docs/api-reference/webhooks/send-a-test-webhook.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. Enqueues a webhook.test delivery for the selected endpoint. - [Update a webhook endpoint](https://tripwirejs.com/docs/api-reference/webhooks/update-a-webhook-endpoint.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. Updating event_types replaces the endpoint subscriptions. - [Browser compatibility](https://tripwirejs.com/docs/browser-compatibility.md): What browsers Tripwire supports, where coverage is strongest, and where you should validate carefully. - [Browser SDK](https://tripwirejs.com/docs/browser-sdk.md): Load the Tripwire browser client, collect signals, and get a sealed session handoff. - [Content Security Policy](https://tripwirejs.com/docs/content-security-policy.md): CSP directives required to run the Tripwire browser SDK on pages with a Content-Security-Policy header. - [Detection categories](https://tripwirejs.com/docs/detection-categories.md): How Tripwire analyzes sessions across environment, fingerprint, behavioral, and anti-tamper categories. - [Tripwire Gate](https://tripwirejs.com/docs/gate/add-gate.md): Enable agentic signup for your product. Let developers sign up via npx signup from their terminal. - [Agent tokens](https://tripwirejs.com/docs/gate/agent-tokens.md): Verify and manage Gate-issued agent tokens in your API. - [CLI reference](https://tripwirejs.com/docs/gate/cli-reference.md): All npx signup commands, flags, and output formats. - [Dashboard login](https://tripwirejs.com/docs/gate/dashboard-login.md): Let developers access your dashboard via npx signup login. - [Gate webhook](https://tripwirejs.com/docs/gate/webhook.md): Provision an account when a developer approves a CLI signup, and return encrypted credentials. - [What is Gate?](https://tripwirejs.com/docs/gate/what-is-gate.md): Agentic signup for developer tools. Let developers sign up for your product from their terminal. - [Going to production](https://tripwirejs.com/docs/going-to-production.md): Rollout checklist, monitoring verdicts, and safely enabling enforcement. - [How it works](https://tripwirejs.com/docs/how-it-works.md): The Tripwire detection pipeline — from browser collection to backend verification. - [Tripwire docs](https://tripwirejs.com/docs/index.md): Detect AI agents and malicious users. Enable agentic signup for your product. - [iOS SDK](https://tripwirejs.com/docs/ios-sdk.md): Collect signals from your iOS app and hand a sealed session off to your backend. - [Security and privacy](https://tripwirejs.com/docs/privacy-and-data.md): How Tripwire secures data in transit and at rest, what we collect, how long we keep it, and what you should disclose to users. - [Quickstart](https://tripwirejs.com/docs/quickstart.md): Load the Tripwire browser client, verify on your backend, and apply policy — in 5 minutes. - [Changelog](https://tripwirejs.com/docs/resources/changelog.md): Version history for Tripwire SDKs, Gate CLI, and API changes. - [Troubleshooting](https://tripwirejs.com/docs/resources/troubleshooting.md): Common errors, debugging tips, and frequently asked questions. - [Frontend JavaScript compatibility](https://tripwirejs.com/docs/runtime-instrumentation.md): How frontend monitoring, analytics, replay, and tag tools can affect browser runtime signals during rollout. - [Server verification](https://tripwirejs.com/docs/server-verification.md): Verify Tripwire handoffs on your backend before you challenge, throttle, or block. - [Testing your integration](https://tripwirejs.com/docs/testing.md): Use test keys, simulate bot traffic, and verify your enforcement logic works. - [API abuse & scraping](https://tripwirejs.com/docs/use-cases/api-abuse.md): Protect authenticated and public APIs from LLM scrapers while keeping legitimate crawlers. - [Checkout & payment](https://tripwirejs.com/docs/use-cases/checkout.md): Add Tripwire signal to your fraud stack without slowing down legitimate purchases. - [KYC fraud reduction](https://tripwirejs.com/docs/use-cases/kyc.md): Catch synthetic-identity, identity-farming, and anti-detect browser fraud before your KYC vendor even runs. - [Login & credential stuffing](https://tripwirejs.com/docs/use-cases/login.md): Stop automated login attempts without trapping humans behind extra challenges. - [Promo & trial abuse](https://tripwirejs.com/docs/use-cases/promo-abuse.md): Stop repeat claims of free trials, referral bonuses, and promo codes across account rotations. - [Signup & account creation](https://tripwirejs.com/docs/use-cases/signup.md): Block automated account creation at registration without breaking real users. - [User-generated content](https://tripwirejs.com/docs/use-cases/user-generated-content.md): Stop LLM-written spam, astroturfing, and automated posting on public content endpoints. - [Verdicts & scoring](https://tripwirejs.com/docs/verdicts-and-scoring.md): How Tripwire classifies sessions, what verdicts mean, and how to use them in your policy. - [Webhooks](https://tripwirejs.com/docs/webhooks.md): Receive signed events from Tripwire when sessions and Gate signups change state. ## OpenAPI Specs - [openapi](https://tripwirejs.com/docs/api-reference/openapi.json)