Documentation
Public API Surface (Redacted Subset)
Voice is the new interface. Kachyng converts probabilistic intent into deterministic, policy-governed execution across enterprise systems.
Control Plane Narrative
Intent in any interface. Execution you can govern.
Agents can speak naturally. Systems still require strict execution controls. Kachyng bridges that gap with identity, risk, policy, and payment orchestration in one governed runtime path.
Internal policy grammar, full schemas, and deployment runbooks remain private.
Scope Note
This page documents public integration contracts only. AGX is one layer inside the broader Kachyng platform, not the full product footprint.
Intent is probabilistic. Execution is policy-governed, challenge-aware, and auditable.
Stable API contract across routing, failover, and settlement lifecycle.
Idempotency, signed events, trace IDs, and webhook delivery semantics.
Public Authentication Journey
High-Level Screenflow
Public documentation exposes control model, not implementation mechanics. Detailed state transitions, branch conditions, and error loops are shared in private architecture reviews.
Capture destination intent, origin context, and session return path.
Present prioritized sign-in methods by client type and device context.
Complete challenge, callback, or verification sequence for chosen method.
Apply regional consent and execution policy before activating app session.
Establish session and route to destination with telemetry and risk hooks.
| Client Lane | Public Summary |
|---|---|
| Business / Admin | Work-first auth posture with enterprise method ordering and policy checks. |
| Consumer (Mobile) | Mobile-first sequence with challenge handling and resilient retry behavior. |
| Consumer (Desktop) | Desktop-first flow with callback hardening and destination resolution. |
Platform Context
Principal identity, delegation lifecycle, and revocation.
Execution control plane turning probabilistic intent into deterministic commerce outcomes.
Runtime trust scoring, policy gating, and adaptive controls.
Processor-agnostic routing, MID portability, and settlement execution.
Additional orchestration, compliance automation, and vertical playbooks are available in private architecture briefings.
Why AGX Is Different
- •Orchestrates multiple enterprise systems, not a single API endpoint.
- •Executes deterministic contracts with policy gates, challenges, and idempotency.
- •Produces signed audit trails across channel, agent, identity, and payment events.
Authentication & Headers
| Header | Value | Description |
|---|---|---|
| Authorization | Bearer <access_token> | Service access token (short-lived). |
| X-Kachyng-Org | org_•••• | Tenant organization context. |
| Idempotency-Key | uuid-v4 | Required for create/mutate endpoints. |
| X-Request-Id | req_•••• | Caller-generated trace correlation ID. |
| X-Signature | sha256=•••• | Optional request signing for high-trust lanes. |
OAuth client onboarding, key rotation, and signing profiles are shared in private integration docs.
Identity (IDX)
Establish principal identity, delegate authority, and revoke in real time.
| Method | Path | Purpose |
|---|---|---|
| POST | /v1/identities/principals | Register or update a principal identity. |
| POST | /v1/identities/delegations | Create scoped, time-bound agent delegation. |
| GET | /v1/identities/delegations/{id} | Fetch delegation status and effective scope. |
| POST | /v1/identities/verify | Verify principal-agent binding and attestation. |
| POST | /v1/identities/revoke | Revoke delegation authority globally. |
Execution & Risk (AGX / KYA)
Authorize intent, score risk, apply policy, and emit auditable events.
| Method | Path | Purpose |
|---|---|---|
| POST | /v1/execution/authorize | Policy decision point for transaction intent. |
| POST | /v1/execution/challenge/respond | Submit step-up response for challenged intents. |
| POST | /v1/execution/evaluate-risk | Run contextual risk evaluation pre-execution. |
| POST | /v1/execution/events/query | Query signed execution/audit events. |
| POST | /v1/execution/policies/simulate | Dry-run intent against policy set. |
Payments (PRX)
Route and settle through processor-agnostic payment operations.
| Method | Path | Purpose |
|---|---|---|
| POST | /v1/payments/route | Resolve route plan across eligible processors/MIDs. |
| POST | /v1/payments/authorize | Authorize payment through selected route. |
| POST | /v1/payments/capture | Capture previously authorized funds. |
| POST | /v1/payments/void | Void authorization before capture. |
| POST | /v1/payments/refund | Issue governed refund with policy checks. |
| GET | /v1/payments/{id} | Retrieve payment state and reconciliation refs. |
Error Model
| Code | HTTP | Meaning |
|---|---|---|
| invalid_scope | 403 | Requested action exceeds delegated scope. |
| policy_denied | 403 | Policy evaluation denied execution. |
| challenge_required | 409 | Step-up verification required before execution. |
| risk_elevated | 409 | Risk threshold exceeded for current channel. |
| idempotency_conflict | 409 | Request conflicts with prior idempotent submission. |
| route_unavailable | 503 | No eligible route available under current constraints. |
Integration Flow
- 1Create or sync principal identity.
- 2Issue scoped agent delegation.
- 3Submit intent to /execution/authorize.
- 4If approved, resolve /payments/route then /payments/authorize.
- 5Capture or void based on fulfillment state.
- 6Consume signed execution/payment events via webhook.
Median partner integration cycle: 2-4 weeks depending on payment stack complexity.
Request / Response Example
POST /v1/execution/authorize
Headers:
Authorization: Bearer <token>
X-Kachyng-Org: org_••••
Idempotency-Key: 2c7db4d4-••••
{
"agent_id": "agt_••••",
"principal_id": "org_••••",
"intent": {
"amount": 1240.00,
"currency": "USD",
"merchant_ref": "mrc_••••",
"channel": "chatpay"
},
"context": {
"session_id": "sess_••••",
"device_trust": "verified",
"risk_signals": ["velocity_ok", "geo_ok"]
}
}
200 OK
{
"decision": "approved|challenge|deny",
"policy_ref": "pol_••••",
"execution_token": "exec_••••",
"route_hint": "prx_••••",
"audit_ref": "aud_••••"
}Webhooks
Delivery model: at-least-once, signed payloads, replay-safe IDs, exponential retry.
event: execution.decision
id: evt_••••
data: {
"org_id": "org_••••",
"decision": "approved",
"execution_ref": "exec_••••",
"timestamp": "2026-03-05T22:00:00Z"
}Full webhook catalog, signature validation recipes, and retry contract available in private docs.