Receipts are issued where decisions happen — inside your pipeline.
Assurance bolted on after the fact is reconstruction. Summit's APIs put receipt issuance, policy evaluation, and intelligence export at the point of decision — in your CI/CD, your SIEM, your services — not in a portal someone checks later.
The integration surface
Five ways in, one evidence model underneath. Everything issued through the API lands in the same signed chain as everything issued through the platform.
REST APIs
Receipt issuance in CI/CD
TAXII 2.1 endpoint↗
SIEM export
Webhook integrations
The API is the product. Everything the platform proves — receipts, verdicts, certificates — is issued and verified through endpoints you can call from anywhere decisions are made.
Two calls to proof
Issue a receipt for a decision; verify it independently. The verify call requires no credentials — anyone holding a receipt can check it.
# 1 — issue a receipt at the point of decision curl -X POST https://decrec.summitcognitive.ai/v1/receipt \ -H "Authorization: Bearer $SUMMIT_TOKEN" \ -d '{"decision": "release.approve", "evidence": ["sha256:4c19…b3e7"], "policy_version": "2026.06"}' # 2 — verify it. no account, no token, no trust in us. curl https://decrec.summitcognitive.ai/v1/receipt/SUM-RCPT-v1-4c19…b3e7/verify { "verdict": "ADMIT", "signature": "ed25519 · valid", "replay": "deterministic" }
fig. 1 — endpoint shown for illustration; full reference in the documentation.
Instrument the pipeline, not the portal.
The documentation covers authentication, receipt issuance, graph queries, TAXII access, and webhook configuration. The playground lets you issue and verify receipts before you write a line of code.