Expert AI Labs API
Programmatic access to the orchestration layer. Authenticate with a per-tenant API key, work in JSON, get webhooks for everything that matters.
What's live today vs what activates during pilot
The endpoints marked Live below are deployed and callable today against https://www.expertailabs.ai/api/v1/.... You can authenticate with a real bearer key and get real data back. Endpoints marked Roadmap are documented (so you know what's coming) and activate progressively during pilot phase or when a customer enables the related feature (Calls, Claims, etc.).
Get an API key at Dashboard → Settings → API Keys and verify with curl https://www.expertailabs.ai/api/v1/health -H "Authorization: Bearer eal_live_...".
Quickstart
Open Dashboard → Settings → API Keys. Create a key, copy it once (we never show it again), paste into your environment.
Hit /health to verify your key. No data flows; just a pulse check.
Register your endpoint at Settings → Webhooks. Verify each delivery's HMAC-SHA256 signature.
curl https://www.expertailabs.ai/api/v1/health \
-H "Authorization: Bearer YOUR_API_KEY"{
"status": "ok",
"version": "v1",
"tenant_id": "8c2f0a14-0c8a-4a3a-9a4d-3e0f1d6c2a91",
"environment": "live",
"scopes": ["read", "write"],
"timestamp": "2026-04-27T19:22:01.118Z"
}Authentication
All API requests require an API key passed in the Authorization header. Keys are tenant-scoped and have configurable scopes (read, write, admin). Rotate or revoke at any time from the dashboard.
Authorization: Bearer eal_live_a1b2c3d4...eal_live_…, productioneal_test_…, sandbox / no real side effects
read, list and fetch resourceswrite, create and updateadmin, destructive actions and key management
Resources
REST resources exposed by the platform. Click into any resource for the full endpoint reference.
Service-level pulse. With a Bearer key, returns the resolved tenant, environment, and granted scopes, useful as a CI smoke test.
Tenant entities. One organization per franchise location, with optional parent-org hierarchy for multi-franchise networks.
Inbound and outbound lead records with AI-qualification metadata. List, fetch, create, and partial update, every change written to the audit log.
Outbound prospect records produced by the AI qualification pipeline (separate from inbound leads). Activates during pilot phase.
AI-generated blog posts, video scripts, social posts, review responses. Includes draft, publish, and revision workflows.
Email sequences, drafts, sends, replies, suppressions, deliverability events.
Inbound call records, transcripts, classifications, dispatch decisions. Activates during pilot phase with CallRail webhook ingest.
AI-extracted scope items, photo summaries, room dimensions. Read-only generation; never writes to Xactimate. Activates during pilot phase.
Immutable record of every state-changing action. Filter and retrieve via cursor pagination. 7-year retention.
Outbound event subscriptions with HMAC-SHA256 signature verification. Full CRUD plus zero-downtime secret rotation.
Error model
All errors return a JSON envelope. HTTP status follows REST conventions.
{
"error": {
"code": "validation_error",
"message": "Field 'email' is required",
"details": {...}
}
}Rate limits
- Default: 60 requests per minute per API key
- Burst: up to 120/min for short bursts
- Headers:
X-RateLimit-Remaining - 429 response: includes
Retry-After
Pagination
Cursor-based pagination on every list endpoint.
GET /api/v1/leads
?limit=50
&cursor=eyJpZCI6...Response includes next_cursor when more results exist.
Webhooks
Subscribe to events to receive real-time notifications. Every payload is signed with HMAC-SHA256, verify before acting.
import crypto from "crypto"
const signature = req.headers["x-eal-signature"]
const timestamp = req.headers["x-eal-timestamp"]
const body = await req.text() // raw body
const expected = crypto
.createHmac("sha256", process.env.EAL_WEBHOOK_SECRET)
.update(`${timestamp}.${body}`)
.digest("hex")
if (signature !== expected) {
return new Response("invalid signature", { status: 401 })
}Available events
call.receivedNew inbound call ingested from CallRail or other tracker
call.classifiedAI classification finished; includes intent + urgency + qualified flag
call.qualifiedA call was determined to be a qualified lead
lead.createdNew lead added to the system
lead.updatedLead status, score, or fields changed
outreach.email.sentOutbound email sent
outreach.email.repliedReply received and classified
claim.scope.readyInsurance documentation extraction completed and ready for review
review.requestedCustomer was sent a review request after job completion
review.receivedNew review detected on Google or another listing surface
audit.log.eventStream of audit events; opt-in for compliance integrations
Sample event payloads
Every event is wrapped in a common envelope. data is event-specific.
call.qualifiedInbound call passed AI classification and was auto-dispatched.
{
"id": "evt_8w3p1m4q",
"type": "call.qualified",
"created_at": "2026-04-27T17:42:18.001Z",
"organization_id": "8c2f0a14-0c8a-4a3a-9a4d-3e0f1d6c2a91",
"data": {
"call_id": "call_q4n8p2w7",
"caller_number": "+14045550173",
"tracking_number": "+17705550199",
"classification": { "intent": "water", "confidence": 0.96, "urgency": "high" },
"dispatch": { "action": "auto_dispatch", "job_external_ref": "jn_117422" }
}
}lead.createdNew lead captured from a website form or partner source.
{
"id": "evt_2k4n8q9p",
"type": "lead.created",
"created_at": "2026-04-27T13:22:09.218Z",
"organization_id": "8c2f0a14-0c8a-4a3a-9a4d-3e0f1d6c2a91",
"data": {
"lead_id": "9f1c8a32-4d65-4e2b-8a91-3c0e7d4b2f18",
"name": "Sarah Mitchell",
"email": "sarah.mitchell@example.com",
"source": "google_ads",
"lead_score": 87,
"pipeline_stage": "qualified",
"industry": "residential"
}
}claim.scope.readyDocumentation Assist extraction finished, scope items ready for human review.
{
"id": "evt_4n2q8r3p",
"type": "claim.scope.ready",
"created_at": "2026-04-27T18:14:01.000Z",
"organization_id": "8c2f0a14-0c8a-4a3a-9a4d-3e0f1d6c2a91",
"data": {
"claim_id": "clm_8w3p1m",
"job_external_ref": "jn_117422",
"loss_type": "water",
"scope_item_count": 14,
"rooms_documented": ["Basement", "Mechanical Closet"],
"review_url": "https://www.expertailabs.ai/dashboard/claims/clm_8w3p1m"
}
}review.receivedNew customer review detected on Google or another listing surface.
{
"id": "evt_p9w7m2q4",
"type": "review.received",
"created_at": "2026-04-27T15:08:22.118Z",
"organization_id": "8c2f0a14-0c8a-4a3a-9a4d-3e0f1d6c2a91",
"data": {
"review_id": "g_review_z2x8c4v1",
"platform": "google",
"rating": 5,
"sentiment": "positive",
"preview": "PuroClean was at our house within 45 minutes after a pipe burst...",
"auto_response_drafted": true
}
}x-eal-signature, HMAC-SHA256 of{timestamp}.{body}x-eal-timestamp, Unix epoch (seconds)x-eal-event-id, for idempotency
Non-2xx responses are retried with exponential backoff (1m, 5m, 25m, 2h, 8h, 24h, 6 attempts). After exhaustion, the delivery is marked failed and an alert posts to your dashboard.
We may deliver the same event twice during retries. Dedupe on x-eal-event-id or the payload id field.
Building an integration? Let's talk.
We work directly with engineering teams at franchises, partner CRMs, and call-tracking vendors. Tell us your stack and we'll scope the integration during your pilot.