Expert AI LabsExpert AI Labs API
Programmatic access to the orchestration layer. Authenticate with a per-tenant API key, work in JSON, get webhooks for everything that matters.
Quickstart
Open Dashboard → Settings → API Keys. Create a key, copy it once (we never show it again), paste into your environment.
Hit /health to verify your key. No data flows; just a pulse check.
Register your endpoint at Settings → Webhooks. Verify each delivery's HMAC-SHA256 signature.
curl https://expertailabs.ai/api/v1/health \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"{
"status": "ok",
"version": "v1",
"tenant_id": "org_2k4n8q...",
"rate_limit_remaining": 59,
"timestamp": "2026-04-24T17:42:11.314Z"
}Authentication
All API requests require an API key passed in the Authorization header. Keys are tenant-scoped and have configurable scopes (read, write, admin). Rotate or revoke at any time from the dashboard.
Authorization: Bearer eal_live_a1b2c3d4...eal_live_…— productioneal_test_…— sandbox / no real side effects
read— list and fetch resourceswrite— create and updateadmin— destructive actions and key management
Resources
REST resources exposed by the platform. Click into any resource for the full endpoint reference.
Tenant entities. One organization per franchise location, with optional parent-org hierarchy for multi-franchise networks.
Captured lead records, prospect targets for outbound, scoring metadata, status transitions.
AI-generated blog posts, video scripts, social posts, review responses. Includes draft, publish, and revision workflows.
Email sequences, drafts, sends, replies, suppressions, deliverability events.
Inbound call records, transcripts, classifications, dispatch decisions, callback events. CallRail webhook ingest.
AI-extracted scope items, photo summaries, room dimensions. Read-only generation; never writes to Xactimate.
Immutable record of every state-changing action. Filter, export to CSV, retain for 7 years.
Outbound event subscriptions with HMAC-SHA256 signature verification. Inbound webhook receivers for CallRail, Resend, Stripe.
Error model
All errors return a JSON envelope. HTTP status follows REST conventions.
{
"error": {
"code": "validation_error",
"message": "Field 'email' is required",
"details": {...}
}
}Rate limits
- Default: 60 requests per minute per API key
- Burst: up to 120/min for short bursts
- Headers:
X-RateLimit-Remaining - 429 response: includes
Retry-After
Pagination
Cursor-based pagination on every list endpoint.
GET /api/v1/leads
?limit=50
&cursor=eyJpZCI6...Response includes next_cursor when more results exist.
Webhooks
Subscribe to events to receive real-time notifications. Every payload is signed with HMAC-SHA256 — verify before acting.
import crypto from "crypto"
const signature = req.headers["x-eal-signature"]
const timestamp = req.headers["x-eal-timestamp"]
const body = await req.text() // raw body
const expected = crypto
.createHmac("sha256", process.env.EAL_WEBHOOK_SECRET)
.update(`${timestamp}.${body}`)
.digest("hex")
if (signature !== expected) {
return new Response("invalid signature", { status: 401 })
}Available events
call.receivedNew inbound call ingested from CallRail or other tracker
call.classifiedAI classification finished; includes intent + urgency + qualified flag
call.qualifiedA call was determined to be a qualified lead
lead.createdNew lead added to the system
outreach.email.sentOutbound email sent
outreach.email.repliedReply received and classified
claim.scope.readyInsurance documentation extraction completed and ready for review
review.requestedCustomer was sent a review request after job completion
review.receivedNew review detected on Google or another listing surface
audit.log.eventStream of audit events; opt-in for compliance integrations
Building an integration? Let's talk.
We work directly with engineering teams at franchises, partner CRMs, and call-tracking vendors. Tell us your stack and we'll scope the integration during your pilot.