Pavilion CreditOSPavilion CreditOS
Pavilion CreditOS · REST API · v1.0.8

Developer Guide

Product scope

Pavilion exposes a lender-grade control plane for ingestion, experimentation, variance monitoring, treasury-grade stress packs, governance checkpoints, and integration automation. Every tenant call is routed through hardened edge infrastructure (HTTPS, modern TLS suites, audited logging) scoped to Bearer credentials you provision per environment.

The matrix below mirrors the production surface shipped on api.pavilioncredit.com. Each row carries a verbatim curl example and representative JSON payloads so QA, risk engineering, and partners can parity-test integrations without chasing tribal knowledge.

Authentication

  • Production keys: Authorization: Bearer sk_live_.... Keys are bcrypt-hashed server-side and never shown again once issued.
  • Isolation: Each key inherits the tenant RBAC posture; headless callers include auth_kind: "api_key" responses from GET /v1/auth/me.
  • Delegated sessions: Browser operators may still mint short-lived JWTs for workflows that mutate named user identities (profile, password); those sandbox-only routes remain documented for completeness.
HTTP
curl -s "https://api.pavilioncredit.com/v1/auth/me" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Platform

1 endpoints
GET/health

Health check

Liveness probe for load balancers. No authentication required.

Example request

curl
curl -s "https://api.pavilioncredit.com/health"

Sample JSON response

json
{"ok":true,"service":"pavilion-creditos-backend"}

Caller context

1 endpoints
GET/v1/auth/me

Caller context

Returns the active principal. Tenant API keys surface as role integration with auth_kind api_key; interactive users receive auth_kind user_jwt.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/auth/me" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "user": {
    "id": "01JC0KEYULID",
    "email": "api-key@service.pavilioncredit.internal",
    "name": "Production automation",
    "role": "integration",
    "tenant_id": "01JC0TENANT",
    "tenant_name": "Partner Bank Lending Ltd",
    "phone": null,
    "job_title": null,
    "auth_kind": "api_key"
  }
}

Portfolio & simulation

5 endpoints
POST/v1/portfolio/datasets

Ingest a loan book snapshot

Upload a JSON array of validated loan rows. Pavilion materialises datasets, facility transactions, cohorts, and analytics bindings for the tenant.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/portfolio/datasets" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"loans":[{"loan_id":"LN-1001","principal":320000,"tenor_months":36,"channel":"embedded","segment":"thin_file","status":"active","interest_rate_bps":2100}],"label":"Q1 ingestion"}'

Sample JSON response

json
{
  "dataset_snapshot_id": "01JC0DATASET999",
  "tenant_id": "01JC0TENANT",
  "summary": {
    "dataset_snapshot_id": "01JC0DATASET999",
    "loan_count": 1,
    "total_principal": 320000,
    "portfolio_default_rate": 0,
    "first_payment_default_proxy": 0,
    "by_segment": [],
    "by_channel": []
  }
}
GET/v1/portfolio/datasets/:dataset_snapshot_id/summary

Dataset summary refresh

Computes rollup metrics for an existing snapshot that belongs to the tenant.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/portfolio/datasets/01JC0DATASET999/summary" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "summary": {
    "dataset_snapshot_id": "01JC0DATASET999",
    "loan_count": 842,
    "total_principal": 128400000,
    "portfolio_default_rate": 0.112,
    "first_payment_default_proxy": 0.064
  }
}
POST/v1/simulations

Run a policy simulation

Applies overlays and optional curated stress presets. Pass Idempotency-Key on retries. Set explain:true for committee attribution objects.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/simulations" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: 7b2c9f1a-4e3d-4c1a-9f2b-0d8e6a5b4c3d" \
  -d '{"dataset_snapshot_id":"01JC0DATASET999","policy_overlay":{"limit_delta_pct":4,"tenor_delta_months":0,"pricing_delta_bps":25,"approval_cutoff_shift":-0.02},"stress_preset_id":"baseline","explain":true}'

Sample JSON response

json
{
  "run_id": "01JC0RUN",
  "dataset_snapshot_id": "01JC0DATASET999",
  "status": "complete",
  "baseline": {
    "approval_rate": 0.74,
    "disbursement_volume_index": 1.0,
    "default_rate": 0.104,
    "expected_loss_rate": 0.041,
    "revenue_index": 1.0,
    "net_profit_index": 1.0,
    "risk_adjusted_return_index": 0.92
  },
  "projected": {
    "approval_rate": 0.71,
    "disbursement_volume_index": 1.03,
    "default_rate": 0.118,
    "expected_loss_rate": 0.048,
    "revenue_index": 1.01,
    "net_profit_index": 0.97,
    "risk_adjusted_return_index": 0.89
  },
  "delta": {
    "default_rate_pp": 0.014,
    "expected_loss_rate_pp": 0.007,
    "net_profit_index_delta": -0.03
  },
  "confidence": {
    "default_rate": { "low": 0.101, "mid": 0.118, "high": 0.136 },
    "expected_loss_rate": { "low": 0.038, "mid": 0.048, "high": 0.059 },
    "net_profit_index": { "low": 0.91, "mid": 0.97, "high": 1.04 }
  },
  "drivers": ["Limit delta increased average exposure.", "Pricing delta modestly offsets loss lift."],
  "computed_at": "2026-05-09T10:00:00.000Z",
  "explainability": { "...": "Present when explain=true" }
}
GET/v1/simulations/:run_id

Fetch simulation results

Retrieves persisted JSON payloads by run identifier.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/simulations/01JC0RUN" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "run_id": "01JC0RUN",
  "dataset_snapshot_id": "01JC0DATASET999",
  "status": "complete",
  "baseline": {
    "approval_rate": 0.74,
    "disbursement_volume_index": 1.0,
    "default_rate": 0.104,
    "expected_loss_rate": 0.041,
    "revenue_index": 1.0,
    "net_profit_index": 1.0,
    "risk_adjusted_return_index": 0.92
  },
  "projected": {
    "approval_rate": 0.71,
    "disbursement_volume_index": 1.03,
    "default_rate": 0.118,
    "expected_loss_rate": 0.048,
    "revenue_index": 1.01,
    "net_profit_index": 0.97,
    "risk_adjusted_return_index": 0.89
  },
  "delta": {
    "default_rate_pp": 0.014,
    "expected_loss_rate_pp": 0.007,
    "net_profit_index_delta": -0.03
  },
  "confidence": {
    "default_rate": { "low": 0.101, "mid": 0.118, "high": 0.136 },
    "expected_loss_rate": { "low": 0.038, "mid": 0.048, "high": 0.059 },
    "net_profit_index": { "low": 0.91, "mid": 0.97, "high": 1.04 }
  },
  "drivers": ["Limit delta increased average exposure.", "Pricing delta modestly offsets loss lift."],
  "computed_at": "2026-05-09T10:00:00.000Z",
  "explainability": { "...": "Present when explain=true" }
}
GET/v1/simulations

List simulation history

Optionally constrain to a dataset with dataset_snapshot_id and limit (default 50, max 100).

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/simulations?dataset_snapshot_id=01JC0DATASET999&limit=20" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "dataset_snapshot_id": "01JC0DATASET999",
  "runs": ["<SimulationResult payloads identical to GET /v1/simulations/:run_id>"]
}

Workspace intelligence

8 endpoints
GET/v1/dashboard/overview

Executive overview

High-level disbursement pacing, KPI stats, simulation counts, open warnings.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/dashboard/overview" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "stats": {
    "portfolio_health": {"label":"Stable","detail":"Book inside tolerance","trend":"up"},
    "segments_on_watch": {"value":"2","detail":"Elevated cohorts","trend":"down"},
    "simulation_runs": {"value":148,"detail":"Rolling history","trend":"up"},
    "open_warnings": {"value":6,"detail":"Outstanding alerts","trend":"down"}
  },
  "disbursement_pace": {
    "change_pct": 3.8,
    "subtitle": "Week-over-week origination pacing",
    "buckets": [{"index":0,"disbursements":120,"label":"Week 1"}],
    "range_label": "Last 8 weeks"
  },
  "quick_actions": {"open_warnings":6,"committee_packs_ready":3,"integration_copy":"All feeds nominal"},
  "dataset_snapshot_id": "01JC0DATASET999"
}
GET/v1/dashboard/activity

Recent underwriting activity

Feed used by dashboards for facility outcomes (limit capped at 50).

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/dashboard/activity?limit=15" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "items": [
    {
      "id": "01JC0TX",
      "cohort": "repeat · embedded",
      "cohortDetail": "segment.repeat",
      "outcome": "Aligned to simulation",
      "status": "approved",
      "facilityAt": "2026-05-08T09:45:12.000Z"
    }
  ]
}
GET/v1/analytics/portfolio

Analytics workspace payload

Portfolio analytics tiles, KPIs, and illustrative series powering the Analytics screen.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/analytics/portfolio" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "time_range": "30d",
  "kpis": [
    {"label":"Actual vs expected","value":"Aligned","change":"Within tolerance band","positive":true}
  ],
  "activity_series": [
    {"day":"Mon","activityIndex":0.62,"varianceSignals":3}
  ],
  "top_channels": [{"name":"embedded","percentage":44}],
  "stress_drivers": [],
  "recent_metrics": []
}
GET/v1/alerts

List alerts

Filter by optional status (pending|reviewing|resolved…), severity, or search text.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/alerts?status=pending&severity=high" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "alerts": [
    {
      "id": "01JC0ALT",
      "severity": "high",
      "title": "Loss intensity · thin_file",
      "description": "...",
      "cohortLabel": "...",
      "cohortDetail": "...",
      "amountLabel": "Stress watch",
      "location": "National book",
      "status": "pending",
      "createdAt": "2026-05-08T12:00:00.000Z"
    }
  ],
  "counts": {"pending":4,"reviewing":1,"high":2}
}
PATCH/v1/alerts/:alert_id

Update alert workflow

Valid statuses: pending, reviewing, resolved.

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/alerts/01JC0ALT" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"status":"resolved"}'

Sample JSON response

json
{"ok":true}
GET/v1/transactions

Paginated facility ledger

page defaults to 1; page_size defaults to 20 (max 100).

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/transactions?page=1&page_size=25" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "items": [
    {
      "id":"01JC0FAC",
      "cohortLabel":"repeat · embedded",
      "cohortDetail":"segment.repeat",
      "outcomeLabel":"Aligned to simulation",
      "status":"approved",
      "facilityAt":"2026-05-07T07:08:09.000Z",
      "riskScore":62,
      "method":"Automated decision path"
    }
  ],
  "page":1,
  "page_size":25,
  "total":18420
}
GET/v1/customers/cohorts

Borrower cohort summaries

Volume-weighted aggregates per segment.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/customers/cohorts" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{
  "cohorts":[
    {"id":"01JCOC","segment":"repeat","loanCount":2400,"volume":3800000000,"defaultRate":0.08,"riskScore":34,"engagement":"Routine reviews","lastActivity":"Synced from book"}
  ]
}
POST/v1/customers/cohorts

Create manual cohort skeleton

Useful before warehouse sync jobs hydrate counts.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/customers/cohorts" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"segment":"smb_watch"}'

Sample JSON response

json
{
  "cohort": {"id":"01JCNEW","segment":"smb_watch","loanCount":0,"volume":0,"defaultRate":0,"riskScore":18,"engagement":"Manual cohort","lastActivity":"Added manually"}
}

Models & reporting

5 endpoints
GET/v1/models

List registered models

Returns training status, accuracy, throughput labels.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/models" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"models":[{"id":"01JZMDL","name":"Core simulator","version":"v2.4.1","type":"Classification","status":"active","accuracy":98.7,"predictions":"1.2M","lastTrained":"2 days ago","description":"..."}]}
POST/v1/models

Register a model artefact

Bootstraps lifecycle metadata prior to artefacts landing in blob storage.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/models" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Affordability v3","version":"v3.0.2","type":"Classification","description":"Vintage-aware affordability stack"}'

Sample JSON response

json
{
  "model":{"id":"01JZNEW","name":"Affordability v3","version":"v3.0.2","type":"Classification","status":"training","accuracy":null,"predictions":"—","lastTrained":"Training…","description":"Vintage-aware affordability stack"}
}
PATCH/v1/models/:id

Control model lifecycle

Actions: pause, resume, retrain, complete_retrain.

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/models/01JZMDL" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"action":"pause"}'

Sample JSON response

json
{"ok":true}
GET/v1/reports

List generated artefacts

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/reports" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"reports":[{"id":"01JZRP","name":"Monthly disbursement cadence","description":"…","type":"Disbursements","format":"PDF","generatedAt":"2026-05-01","status":"ready","size":"2.4 MB"}]}
POST/v1/reports

Queue a report bundle

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/reports" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Committee variance pack","description":"Rolling 30d","type":"Monitoring","format":"PDF"}'

Sample JSON response

json
{"report":{"id":"01JZRPNEW","name":"Committee variance pack","description":"Rolling 30d","type":"Monitoring","format":"PDF","generatedAt":"2026-05-09","status":"ready","size":"—"}}

Integrations & secrets

11 endpoints
GET/v1/integrations

Catalog snapshot

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/integrations" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"integrations":[{"id":1,"integrationKey":"stripe","name":"Stripe","category":"Payments","status":"connected","lastSync":"2 min ago","description":"Payment processing"}]}
POST/v1/integrations/catalog

Register custom connector metadata

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/integrations/catalog" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Custom LOS bridge","category":"Origination","description":"Server-to-server feed into Pavilion","icon":"🔗"}'

Sample JSON response

json
{"integration":{"id":12,"name":"Custom LOS bridge","description":"Secure connector …","category":"Origination","icon":"🔗","status":"connected","lastSync":"just now"}}
PATCH/v1/integrations/catalog/:id

Connect or disconnect integrations

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/integrations/catalog/12" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"status":"disconnected"}'

Sample JSON response

json
{"ok":true}
GET/v1/integration-webhooks

List outbound webhook targets

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/integration-webhooks" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"webhooks":[{"id":"01JWH","name":"Facility decisions","url":"https://partner.example/webhooks/pavilion","events":["simulation.completed"],"status":"active","lastTriggered":"5 min ago","successRate":"99.8%","createdAt":"2026-04-12T00:00:00.000Z"}]}
POST/v1/integration-webhooks

Create webhook

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/integration-webhooks" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Facility decisions","url":"https://partner.example/webhooks/pavilion","events":["simulation.completed","portfolio.dataset.ingested"]}'

Sample JSON response

json
{"ok":true,"id":"01JWHNEW"}
PATCH/v1/integration-webhooks/:id

Update webhook

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/integration-webhooks/01JWH" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"status":"paused"}'

Sample JSON response

json
{"ok":true}
DELETE/v1/integration-webhooks/:id

Delete webhook

Example request

curl
curl -s -X DELETE "https://api.pavilioncredit.com/v1/integration-webhooks/01JWH" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"ok":true}
GET/v1/integration-api-keys

List API key prefixes

Secrets are never returned after creation; only prefixes are listed.

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/integration-api-keys" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"api_keys":[{"id":"01JKEY","name":"Production automation","keyPrefix":"sk_live_9f2","permissions":["read","write"],"createdAt":"2026-05-01T00:00:00.000Z","lastUsedAt":"2026-05-09T08:20:00.000Z"}]}
POST/v1/integration-api-keys

Issue API key

The raw sk_live value is returned exactly once. Store it in a secrets manager.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/integration-api-keys" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Production automation","permissions":["read","write"]}'

Sample JSON response

json
{"ok":true,"id":"01JKEYNEW","api_key":"sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","warning":"Store this key securely; it will not be shown again."}
DELETE/v1/integration-api-keys/:id

Revoke API key

Example request

curl
curl -s -X DELETE "https://api.pavilioncredit.com/v1/integration-api-keys/01JKEY" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"ok":true}
POST/v1/integration-api-keys/:id/rotate

Rotate API key

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/integration-api-keys/01JKEY/rotate" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"ok":true,"api_key":"sk_live_yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy","warning":"Store this key securely; it will not be shown again."}

Portfolio intelligence

5 endpoints
GET/v1/intelligence/context

Intelligence workspace context

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/intelligence/context" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"dataset_snapshot_id":"01JC0DATASET999","loan_count":842000,"has_book":true}
GET/v1/intelligence/slices

Multidimensional slices

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/intelligence/slices" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"dataset_snapshot_id":"01JC0DATASET999","loan_count":842000,"portfolio":{"total_principal":3800000000,"portfolio_default_rate":0.112,"first_payment_default_proxy":0.064},"dimensions":{"segment":[],"channel":[],"tenor_band":[],"principal_band":[],"status":[]},"crosstabs":{"segment_by_channel":[]}}
GET/v1/intelligence/capital-ranking

Capital allocation ranking

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/intelligence/capital-ranking" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"dataset_snapshot_id":"01JC0DATASET999","ranked":[{"key":"embedded","kind":"channel","loan_count":120000,"volume":900000000,"default_rate":0.09,"allocation_score":0.812,"recommendation":"increase_exposure","rationale":"..."}],"summary_note":"Ranking uses heuristic…"}
GET/v1/intelligence/backtest-calibration

Backtest calibration snapshot

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/intelligence/backtest-calibration" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"dataset_snapshot_id":"01JC0DATASET999","status":"ok","actual_default_rate":0.112,"mean_simulated_projected_default_rate":0.118,"mean_absolute_error_pp":0.015,"calibration_score":0.87,"runs_used":25}
GET/v1/intelligence/stress-presets

Curated stress presets

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/intelligence/stress-presets" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"presets":[{"id":"baseline","label":"Baseline (no macro shock)","description":"...","narrative":"..."}]}

Governance

4 endpoints
GET/v1/governance/policy-packages

List policy workflow packages

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/governance/policy-packages" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"packages":[{"id":"01JGOV","title":"Q2 committee pack","status":"committee_review","simulationRunId":"01JC0RUN","committeeNotes":null,"createdAt":"2026-05-06T09:12:01.000Z","updatedAt":"2026-05-08T12:42:51.000Z"}]}
POST/v1/governance/policy-packages

Create policy package draft

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/governance/policy-packages" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"title":"Cap lift — repeat borrowers","simulation_run_id":"01JC0RUN998"}'

Sample JSON response

json
{"package":{"id":"01JGOVNEW","title":"Cap lift — repeat borrowers","status":"draft","simulationRunId":"01JC0RUN998","committeeNotes":null,"createdAt":"2026-05-09T10:00:00.000Z","updatedAt":"2026-05-09T10:00:00.000Z"}}
PATCH/v1/governance/policy-packages/:id

Update package status or notes

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/governance/policy-packages/01JGOV" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"status":"committee_review","committee_notes":"Ready for Risk sign-off."}'

Sample JSON response

json
{"ok":true,"updated_at":"2026-05-09T10:30:00.000Z"}
DELETE/v1/governance/policy-packages/:id

Delete draft package

Example request

curl
curl -s -X DELETE "https://api.pavilioncredit.com/v1/governance/policy-packages/01JGOV" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"ok":true}

Account & people

7 endpoints
PATCH/v1/account/profile

Update signed-in user profile

Requires a user JWT. Tenant API keys receive HTTP 403 because there is no interactive user record.

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/account/profile" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Ada Orji","job_title":"Head of Portfolio Risk","phone":"+2348000000000"}'

Sample JSON response

json
{
  "user": {
    "id": "01JC0USER",
    "email": "ada@partnerbank.com",
    "name": "Ada Orji",
    "role": "admin",
    "tenant_id": "01JC0TENANT",
    "tenant_name": "Partner Bank Lending Ltd",
    "phone": null,
    "job_title": "Head of Portfolio Risk",
    "auth_kind": "user_jwt"
  }
}
PATCH/v1/account/tenant

Rename organization

Admin or service credentials can update the tenant display name.

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/account/tenant" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Partner Bank Lending Ltd"}'

Sample JSON response

json
{"ok":true,"tenant_name":"Partner Bank Lending Ltd"}
PATCH/v1/account/password

Rotate user password

Blocked for API keys; use SCIM or support flows for break-glass rotation when headless.

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/account/password" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"current_password":"old-passphrase","new_password":"NewSecurePhrase9!"}'

Sample JSON response

json
{"ok":true}
GET/v1/team/members

List workspace members

Example request

curl
curl -s -X GET "https://api.pavilioncredit.com/v1/team/members" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"members":[{"id":"01JC0USER","email":"ada@partnerbank.com","name":"Ada Orji","role":"admin","status":"active","lastActive":"2026-05-09T08:00:00.000Z"}]}
POST/v1/team/invite

Invite teammate

Requires admin or service credential. Returns a temporary password for first login.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/team/invite" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"email":"risk@partnerbank.com","name":"T. Adeyemi","role":"analyst"}'

Sample JSON response

json
{"ok":true,"user":{"id":"01JNEW","email":"risk@partnerbank.com","name":"T. Adeyemi","role":"analyst","status":"pending"},"temporary_password":"Base64TokenHere"}
PATCH/v1/team/members/:user_id

Update teammate

Example request

curl
curl -s -X PATCH "https://api.pavilioncredit.com/v1/team/members/01JNEW" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json" \
  -d '{"role":"viewer","status":"active"}'

Sample JSON response

json
{"ok":true}
DELETE/v1/team/members/:user_id

Remove teammate

Example request

curl
curl -s -X DELETE "https://api.pavilioncredit.com/v1/team/members/01JNEW" \
  -H "Authorization: Bearer sk_live_your_secret_key_here"

Sample JSON response

json
{"ok":true}

Sandbox JWT helpers (optional)

2 endpoints
POST/v1/auth/register

(Sandbox only) Bootstrap tenant via email

Used for ephemeral sandboxes only. Production lenders receive tenants and secrets through Pavilion onboarding.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/auth/register" \
  -H "Content-Type: application/json" \
  -d '{"email":"ops@partnerbank.com","password":"StrongPassphrase99","organizationName":"Partner Sandbox","firstName":"Ada","lastName":"Orji"}'

Sample JSON response

json
{"access_token":"jwt…","expires_in":604800,"user":{ "...": "" }}
POST/v1/auth/login

(Sandbox only) Obtain user JWT

Use only when your integration requires an interactive JWT (for example, testing profile mutations). Prefer sk_live tenant keys everywhere else.

Example request

curl
curl -s -X POST "https://api.pavilioncredit.com/v1/auth/login" \
  -H "Content-Type: application/json" \
  -d '{"email":"ops@partnerbank.com","password":"StrongPassphrase99"}'

Sample JSON response

json
{"access_token":"jwt…","token_type":"Bearer","expires_in":604800,"user":{ "...": "" }}

Errors & retries

Structured failures serialize as RFC 7807-style problem payloads. Always log request_id with your service correlation IDs so Pavilion SOC operations can reconcile incidents quickly.

json
{
  "type": "about:blank",
  "title": "Forbidden",
  "status": 403,
  "detail": "Use a workspace user JWT for profile and password flows. Tenant API keys are for automation only.",
  "request_id": "019afb4c-sample"
}
429 rate limiting

Honor Retry-After; exponential backoff preserves cluster stability.

5xx failover

Retries must be safe: reuse Idempotency-Key headers on mutation endpoints so Pavilion deduplicates cleanly.

Outbound webhooks

Pavilion dispatches HTTPS callbacks for simulation completion, dataset ingestion acknowledgement, governance state transitions, and alert escalations. Signing headers, replay windows, IP allowlists, and example verification code ship in your onboarding bundle.

json
{
  "id": "wh_019afb",
  "type": "simulation.completed",
  "tenant_id": "01JC0TENANT",
  "dataset_snapshot_id": "01JC0DATASET999",
  "run_id": "01JC0RUN",
  "occurred_at": "2026-05-09T10:00:00Z"
}

Enterprise integration desk

Enterprise contracts can include OpenAPI specs, Postman collections, sandbox environments, webhook signing guides, and release notes. Scope and delivery timelines are agreed per engagement; speak with integrations to align artifacts with your rollout.

Speak with integrationsEmail support