Example
US vendor master, normalizedDeduplicated, schema-normalized vendor reference data.
intended_uses: ["ai_reference", "agent_tool"]
Developer reference
Graunt is readable by machines. Inspect listings, rights, manifests, and delivery records over one clean API.
Start here
Discovery
Commerce
Entitled access
Auth & contracts
Capability truth
Three requests take an agent from nothing to a defensible acquisition decision. Discovery requires no account and no credential: search, listing detail (declared rights, provenance, the Packet Evidence Record, pricing in integer cents), and bundle manifests are all public reads. Examples target api.graunt.com; responses are JSON envelopes shaped {ok, data} or {ok: false, error}.
Keyword search over active listings, with hard filters on category, asset class, file format, price, rights fields, and packet kind. There is no quality filter and no quality sort.
curl "https://api.graunt.com/v1/listings?q=marketing+rule&per_page=10"
Listing detail carries declared rights, provenance, the Packet Evidence Record, and pricing. The agent commerce manifest condenses the commerce-relevant fields and the purchase_handoff block into one machine-first response.
curl https://api.graunt.com/v1/listings/{listing_id}
curl https://api.graunt.com/v1/listings/{listing_id}/agent-commerce-manifest
Without a purchase credential, hand the buy link to your human — the purchase_handoff block carries everything needed. Already entitled? Pull the packet directly with a delegated access pass or a packet access key.
# Hand off: surface purchase_handoff.listing_url (from step 2)
# to your human buyer. No credential needed.
# Entitled read: list everything the buyer organization can access.
curl -H "Authorization: Bearer gap_live_YOUR_PASS" \
https://api.graunt.com/v1/access-passes/manifest
Listing detail (GET /v1/listings/{id}) carries everything an agent needs for a defensible recommendation. The load-bearing fields:
rights_block — license family, citation requirement, no-train / no-redistribute / personal-data-sensitive flags.rights_passport — access mode, delivery mode, agent-access-allowed declaration (listing-level only).packet_manifest — for packet-overlay listings, the structured family / kind / sources / structure / evidence_refs payload.publication_metadata — publisher role, jurisdictions, language, publication date, standard identifiers.packet_checks — the Packet Evidence Record: bounded declared-rights, provenance, manifest, validation, and content-metadata signals.provenance — seller-declared source, fetched-at timestamp, version identifier, citation template.lineage — superseded_by_listing_id / replaces_listing_id for declarative supersession.pricing + purchase_handoff — integer-cent price and the hand-to-your-human block (below).Two identifiers live on every listing and should never be conflated: seller_org_name is the organization that packaged and listed the asset on Graunt; publication_metadata.publisher_name is the source authority that originated the underlying material, classified by publisher_role (GOVERNMENT, STANDARDS_BODY, REGULATORY_AGENCY, etc.). Surface both: who packaged it and where the material comes from. The distinction is provenance clarity only — every packet follows the same public machine contract.
For bundle listings, GET /v1/listings/{id}/manifest returns the full per-asset inventory before any purchase — kind: "PACKET_BUNDLE_MANIFEST_PUBLIC", the bundle manifest_sha256, and an assets[] array with each asset’s ordering, role, original_filename, file_format, file_size_bytes, and content_sha256. Presigned download URLs are never returned here; those are issued only to entitled buyers after acquisition. Humans see the same inventory at /listings/{listing_id}/contents.
For pilot-stage signed listings, the manifest endpoint’s integrity headers carry the signing-key id, custody tier, and signature. See also /llms.txt for the orientation manifest.
Listing search is hard-filter first. The machine-readable contract at /v1/meta/search-contract (schema_version 3) describes every supported filter, groups them under filter_groups, and enumerates the canonical taxonomy under tag_taxonomy. Agents reading the contract can construct valid queries without scraping human pages.
Ranking is ts_rank_cd × title_coef. There is no quality coefficient, no seller-prestige boost, no agent-reputation multiplier, no composite trust score, and no hidden rerank. Common agent guesses that are not supported live under unsupported_filters with their reason — the contract's anti-hallucination guard.
Try queries live against the catalog at /explore or GET /v1/listings?q=; seller-side discoverability guidance is the deterministic seller_discoverability_guidance block on the contract.
is_free=true; confirm rights_block.training_allowed, rights_passport.agent_access_allowed, and the bundle asset_count + manifest_sha256.POST /v1/auth/login returns a 24-hour JWT. (One-time setup: POST /v1/auth/register with type=BOTH and complete email verification.)POST /v1/purchases with body {listing_id, idempotency_key, declared_use}. Free listings clear immediately to status=COMPLETED with free_acquisition=true; client_secret is null (Stripe is skipped on the free path).GET /v1/entitlements/{entitlement_id}/packet-bundle. Returns a manifest body with asset_count, manifest_sha256, and one short-lived presigned URL per asset.price_cents > 0 and the commercial_terms block surfaces processing fee, delivery fee, and buyer total. Full pricing metadata: GET /v1/meta/pricing.verification_tier must clear the listing’s min_buyer_tier (default REGISTERED — verified email).POST /v1/purchases. The response includes a Stripe client_secret for the PaymentIntent created on the buyer’s behalf, along with the listing’s delivery_kind./checkout/{listing_id} (Stripe Elements mounted on Graunt). The publishable key comes from GET /v1/meta/stripe-publishable-key; the client confirms the PaymentIntent against the same Stripe account that issued the secret.COMPLETED and creates the entitlement. Poll GET /v1/purchases/{id} or GET /v1/entitlements?per_page=10.GET /v1/entitlements/{entitlement_id}/packet-bundle. Same shape as the free path.SELLER or BOTH, status ACTIVE).POST /v1/packet-upload-sessions with body {idempotency_key, name, description}. Returns session_id and a new bundle_id.POST /v1/packet-upload-sessions/{sid}/assets with {original_filename, declared_size_bytes, declared_content_sha256, declared_role, ordering, file_format}. Returns a presigned PUT URL with the matching content-type.PUT the file to the presigned URL. Include header x-amz-server-side-encryption: AES256.POST /v1/packet-upload-sessions/{sid}/finalize with {idempotency_key}. Returns bundle_revision_id, manifest_sha256, and the validated asset_count.POST /v1/listings with body referencing packet_bundle_revision_id, plus price_cents, tags, rights_block, rights_passport, publication_metadata, industry_tag_codes, intended_uses, aup_version_acknowledged, aup_text_hash_acknowledged, idempotency_key.PENDING_REVIEW and a publication-trust run starts automatically. Listings that clear the deterministic checks publish to the public catalog with no manual step; ones missing required information return a fix request to the seller; only flagged or sensitive-category listings hold for human review. Every seller path runs the same automated gate.Test first: validate a packet manifest before you upload with POST /v1/refinery/validate (public, no auth) — the same deterministic presence / validation / coherence checks the Refinery runs on ingest. The contract is at GET /v1/meta/packet-assembly-contract; a human/agent reference plus a live validator are at /build-a-packet.
Idempotency: every write that creates a new resource accepts an idempotency_key (≥32 chars). Replays return the original response without re-executing side effects. Errors carry a machine-readable error.code (e.g., VALIDATION_ERROR, BUNDLE_NOT_FOUND, BUNDLE_ARCHIVED, EMAIL_VERIFICATION_REQUIRED, ORG_NOT_ACTIVE, EMAIL_IN_USE).
An agent that finds a useful packet does not need purchase credentials to act on it: it hands the buy link to its human buyer. Both GET /v1/listings/{id} and GET /v1/listings/{id}/agent-commerce-manifest carry a purchase_handoff object with listing_url, checkout_url, price_cents, currency, is_free, and a locked instruction sentence.
GET /v1/listings?q=... requires no credential or account.purchase_handoff block from the listing detail JSON or the agent commerce manifest.purchase_handoff.listing_url and the price to your human buyer. The human opens the link, signs in, and completes checkout at checkout_url. Free listings carry checkout_url: null and route through the free-acquisition path instead.The handoff itself needs no scope, token, or registration. Purchase execution remains with the authenticated human buyer organization; agents holding a scoped buy:execute credential can instead use the agent purchase endpoints in the surface map.
Once an organization holds an entitlement, an agent can pull the packet in the format its runtime supports. Pick the access mode by what the client can do.
POST /v1/entitlements/{id}/packet-access-keys, returned once) sent as Authorization: Bearer to GET /v1/entitlements/{id}/packet-access-manifest. Best for agents and apps that can send HTTP headers.GET /v1/entitlements/{id}/machine-zip returns a short-lived download URL for a ZIP with the packet manifest, router, indexes, content units, and the agent guide. Best for tools that work from uploaded files.POST /v1/entitlements/{id}/agent-access-links.POST /v1/entitlements/{id}/llm-access-profiles with the tools you use returns the best access format for each known client. It does not claim to work with every client.Every Graunt credential is also usable as one paste-able read-only URL. Assistants that fetch URLs can read entitled content through a pass link; API agents can continue to use Bearer credentials. Responses are Markdown by default; send Accept: application/json for the JSON envelope.
GET /p/{pass} (root with manifest / content / ask / resources links), /p/{pass}/content (licensed content with citations), /p/{pass}/ask?q={question} (cited source passages, no synthesis), /p/{pass}/resources/{id}. Read-only: it cannot purchase, change, or revoke anything.GET /k/{key} (root + instructions), /k/{key}/search?q={keywords} (attributed catalog metadata — hit/no-hit plus rights, price, and the purchase_handoff block), /k/{key}/listings/{id}. Public metadata only; never entitled content.Original source files and Refinery-generated machine files are listed and counted separately in the manifest. Responses never carry a raw key, a verifier hash, or a long-lived storage URL.
Sellers prepare supply in the Refinery; what reaches the catalog is an evaluated packet, not a raw file. Every packet an agent reads carries declared rights, declared intended uses, and provenance grounding — all machine-readable before any decision.
ai_training, ai_reference, agent_tool, evaluation, analytics.content_sha256 + packet_manifest_hash for integrity at delivery.Two example shapes (illustrative — browse the Marketplace for live packets):
Example
US vendor master, normalizedDeduplicated, schema-normalized vendor reference data.
intended_uses: ["ai_reference", "agent_tool"]
Example
Invoice-matching evaluation setLabeled cases for scoring an invoice-matching agent.
intended_uses: ["evaluation"]
An agent with a grnt_agent_* credential can submit a prepared packet. Preflight first, then submit — the result enters publication review through the canonical gate; the agent surface never publishes a listing directly.
POST /v1/agents/listings/submit
Authorization: Bearer grnt_agent_YOUR_AGENT_KEY
Content-Type: application/json
{
"title": "US vendor master, normalized",
"summary": "Deduplicated, schema-normalized vendor reference data.",
"packet_kind": "vendor_master_normalization.v1",
"delivery_format": "CSV",
"intended_uses": ["ai_reference", "agent_tool"],
"rights_basis": "owned_original"
}
Validate the shape first with POST /v1/agents/listings/preflight.
Once a buyer holds an entitlement for a packet, fetch the bundle — the manifest, sidecars, and source assets resolve through short-lived presigned URLs scoped to the entitled delivery:
curl -H "Authorization: Bearer YOUR_BUYER_TOKEN" \
https://api.graunt.com/v1/entitlements/{entitlement_id}/packet-bundle
A fixture-backed machine-only observation feed is callable today for an entitled, authenticated principal: GET /v1/feeds/{feedId}/manifest, /latest, /changes, /health, and POST /v1/feeds/{feedId}/sessions. It returns machine-readable observations only — no raw media or stream is included.
/capability-status states the exact state — available, preview, reserved, or provider-not-configured — for every access mode, including provider-backed live feeds, account snapshots, and pools.
Every authenticated route returns structured precondition errors so an agent never has to guess what went wrong. Check GET /v1/auth/me right after login and branch on status + email_verified; gated routes answer with machine-readable codes (EMAIL_VERIFICATION_REQUIRED, ORG_NOT_ACTIVE, SELLER_PAYOUT_SETUP_REQUIRED, PAYMENT_REQUIRED, ENTITLEMENT_REQUIRED) plus a recovery_suggestion string that mirrors the human-page CTA copy. The exhaustive request/response contract is in /openapi.json.
GET /v1/auth/me — JWT-only. Returns {org_id, org_name, type, status, email, email_masked, email_verified, stripe_connect_account_id, stripe_connect_onboarded}. The caller is the org itself, so the full email is returned for that org’s own use; email_masked is for human display.POST /v1/auth/me/resend-verification — JWT-only; returns {message, email_masked, cooldown_seconds: 60}; 502 EMAIL_SEND_FAILED if the mail provider rejects.POST /v1/auth/resend-verification — unauthenticated alias; {email}; 3 / hour / email; generic-success either way (no enumeration).POST /v1/auth/change-email — JWT-only; {new_email, current_password}; allowed only while status=PENDING_VERIFICATION; EMAIL_UNCHANGED if the address is unchanged.EMAIL_VERIFICATION_REQUIRED bodies include next_actions with the resend / change-email / human-recovery URLs — surface these to the buyer-org operator rather than retrying. ORG_NOT_ACTIVE resolution is operator-side. SELLER_PAYOUT_SETUP_REQUIRED / CONNECT_ONBOARDING_REQUIRED: trigger POST /v1/auth/stripe/connect and follow onboarding_url in a browser.Human counterparts live at /account, /account/verify-email, /studio, and /checkout/{listing_id}.
An entitlement is a durable access right, not a finite download coupon. Packet-bundle entitlements grant ongoing access according to listing terms; delivery is protected by per-call rate limits and short-TTL presigned URLs rather than by a lifetime download counter. Entitlement responses (GET /v1/entitlements/{id}) carry the canonical access-policy block:
{
"access_status": "ACTIVE",
"delivery_policy": {
"mode": "RATE_LIMITED",
"lifetime_download_limit": null,
"presigned_url_ttl_seconds": 900,
"max_urls_per_batch": 100
},
"rate_limit": {
"limited": false,
"retry_after_seconds": null,
"policy": "per_org_per_entitlement_delivery_window"
}
}
Consume delivery_policy + rate_limit, not the legacy download_count / max_downloads fields (still echoed for single-file entitlements).
Native packet-bundle delivery is canonical: one packet_bundle_revision per packet, one row per delivered file, one manifest_sha256 over the canonical inventory. Launch caps: 1000 assets per bundle, 5 GB per asset, 50 GB per bundle. The public manifest returns the full inventory in one response; entitled delivery (GET /v1/entitlements/{entitlement_id}/packet-bundle) issues one short-TTL presigned URL per asset. ZIP archive export is a derived convenience artifact generated from the canonical revision — never the source of truth.
Graunt discriminates bearer credentials by literal prefix, and there is no fall-through between credential families — a malformed token of one family is rejected, never reinterpreted as another. Tokens are returned exactly once at issuance, stored server-side only as hashes, and never belong in a URL.
| Credential | Sent as | What it grants |
|---|---|---|
| None | — | Every discovery and meta-contract endpoint, public listing manifests, and this page. |
| Agent discovery key | Authorization: Bearer gdk_live_YOUR_KEY |
Optional tracked identity on public discovery reads (search, listing detail, manifests, meta) plus the anonymous packet-draft surface (/v1/anonymous-drafts — create, upload, validate, submit; drafts stay private to the key and move to the account that claims it). Minted accountless (POST /v1/agent-keys/starter); claimable by an organization later. Never grants entitled access or purchase — buying routes through purchase_handoff to the human buyer. |
| Organization session | Authorization: Bearer <JWT> |
24-hour session from POST /v1/auth/login. Buyer and seller workflows: purchases, entitlements, uploads, listing management. |
| Agent credential | Authorization: Bearer grnt_agent_YOUR_KEY |
Scoped credential issued by a buyer organization (quote:read, buy:execute, sell:submit, receipt:read, bundle:assemble, publish:review_read). Per-credential rate limits, daily spend caps, and the organization’s approval policy are enforced before any charge. |
| Access pass | Authorization: Bearer gap_live_YOUR_PASS |
Read-only delegated pass over the buyer organization’s entitled library. Time-boxed (7 days, 30 days — the default — or 90 days, or no expiry with lazy revocation after 180 days unused), shown once at creation, revocable. Pass-bearing requests can never purchase, publish, or mutate. |
| Packet access key | Authorization: Bearer gpak_live_YOUR_KEY |
Durable read-only key scoped to one entitlement’s packet access manifest. Returned once; revocable. |
| Scoped app key | X-API-Key: grnt_live_YOUR_KEY |
Long-lived scoped app credential (scopes such as listings:read, search:read, entitlements:read). Header only — never a URL parameter; a scope denial never falls through to a broader auth basis. |
The *_YOUR_* forms above are placeholders, never real tokens. Agents connecting over the MCP transport authenticate with the same grnt_agent_* credential; connection details live at /agents/mcp (JSON-RPC 2.0 at POST /v1/mcp/messages).
The agent-relevant endpoint catalog, grouped by job. The full request/response contract for every live endpoint is the OpenAPI 3.1 document at /openapi.json.
| Endpoint | Returns |
|---|---|
GET /v1/listings | Public search with hard filters and free-text q. |
GET /v1/listings/{id} | Declared rights, rights passport, provenance, Packet Evidence Record (packet_checks), packet manifest, purchase_handoff. |
GET /v1/listings/{id}/manifest | Full per-asset bundle inventory with content hashes — readable before any purchase. |
GET /v1/listings/{id}/agent-commerce-manifest | Machine-first commerce summary including purchase_handoff. |
POST /v1/agent-keys/starter | Accountless mint of an agent discovery key (gdk_live_*, raw key returned once; rate-limited per IP). |
POST /v1/agent-keys/starter/claim | JWT-only: binds a minted discovery key to your organization for identity continuity. Permissions are unchanged. |
Discovery reads optionally accept an agent discovery key (Authorization: Bearer gdk_live_YOUR_KEY) for tracked agent identity. The key is optional, never a wall — every discovery read also works with no credential at all.
| Endpoint | Does |
|---|---|
POST /v1/anonymous-drafts | Creates a private packet draft owned by the discovery key (per-IP daily cap). GET lists the key’s drafts; GET /{id} reads one; DELETE /{id} abandons it. |
PATCH /v1/anonymous-drafts/{id} | Sets title, price, and the draft state fields (description, content type, category, tags). |
POST /v1/anonymous-drafts/{id}/uploads | Presigns a source-file upload; POST .../uploads/complete confirms it (upload identified in the body). |
POST /v1/anonymous-drafts/{id}/validate | Deterministic completeness report — what the draft still needs. |
POST /v1/anonymous-drafts/{id}/submission-attestation | Records the key-holder rights attestation; then POST .../submit submits the draft for review. |
Drafts are private and key-scoped — never searchable, never catalog-visible. When the human registers and claims the key, the drafts move to their account. Templates: GET /v1/meta/packet-assembly-contract + GET /v1/meta/packet-assembly-starter-kit (the human zip download is /v1/meta/packet-assembly-starter-kit.zip).
| Endpoint | Does |
|---|---|
POST /v1/auth/register | One-time organization registration (type=BOTH) followed by email verification. |
POST /v1/auth/login | Returns a 24-hour JWT plus account-state fields for branching. |
POST /v1/purchases | Creates a purchase. Free listings clear immediately; paid listings return a Stripe client_secret. |
GET /v1/purchases/{id} | Purchase state for completion polling. |
POST /v1/agents/purchases/preflight | Scoped grnt_agent_* purchase quote — price, fees, and policy checks before any charge. |
POST /v1/agents/purchases/execute | Scoped purchase execution through the same canonical commerce path as human checkout, under per-credential spend caps and rate limits. |
POST /v1/agents/listings/preflight / submit | Scoped seller-side listing submission into the canonical publication review gate. |
| Endpoint | Does |
|---|---|
GET /v1/entitlements | Lists the organization’s entitlements (paginated). |
GET /v1/entitlements/{id} | Entitlement detail with the delivery-policy and rate-limit blocks. |
GET /v1/entitlements/{entitlement_id}/packet-bundle | Bundle delivery manifest: one short-TTL presigned URL per delivered asset. |
POST /v1/entitlements/{id}/packet-access-keys | Durable read-only packet access key (returned once). |
GET /v1/entitlements/{id}/packet-access-manifest | Key-scoped packet manifest read. |
GET /v1/entitlements/{id}/machine-zip | Short-lived download URL for the machine packet ZIP. |
POST /v1/entitlements/{id}/agent-access-links | Scoped, revocable browser link for clients that cannot send headers. |
POST /v1/entitlements/{id}/llm-access-profiles | Best access format per known client runtime. |
POST /v1/access-passes | Delegated read-only pass over the entitled library (raw token returned once). |
GET /v1/access-passes/manifest · /resources | Pass-scoped library projection and entitled-resource list. |
GET /v1/feeds/{feedId}/manifest · /latest · /changes · /health | Machine-only observation feeds for entitled principals. |
| Endpoint | Returns |
|---|---|
GET /v1/meta/pricing | Fee formulas and checkout constraints. All money values are integer cents. |
GET /v1/meta/capabilities | The capability registry — the source of truth for what is live today. |
GET /v1/meta/search-contract | Supported filters, ranking invariants, and the unsupported-filter anti-hallucination block. |
GET /v1/meta/agent-surface | Omnibus agent-readable contract in one deterministic JSON document. |
/.well-known/ai-plugin.json — plugin manifest./openapi.json — full OpenAPI 3.1 contract for the live machine surface./v1/meta/seller-standards — machine-readable seller and agent acceptance standards (evaluated, not verified posture). Paired human page at /sellers/standards./v1/meta/agent-surface — omnibus agent-readable contract: trust primitives, scanner signals, search contract, product direction./v1/meta/agent-participation — role kinds, reward kinds, allocation-ledger status, disclosure rules for gated programs./v1/meta/scanner-signals — scanner-signal catalog with DISCLOSE_ONLY ceiling and bounded-language vocabulary./v1/meta/search-contract — supported filters, ranking formula summary, ranking invariants./v1/meta/requirement-groups — the composable packet requirement groups (SAFE, read-only projection)./v1/meta/content-profiles — registered content profiles with packet family + required requirement groups./v1/meta/constitution — the ratified Packet Constitution version./v1/meta/packet-template — the full Graunt Packet Template: every content family, the metadata contract, the rights declaration, worked examples. One paste teaches an assistant how to build and list packets.The OpenAPI document covers only endpoints that exist at runtime today. Feature-flagged surfaces are intentionally absent from the spec; /capability-status states each capability’s exact state.
Graunt is built for agent-readable commerce: structured packet metadata, declared rights, provenance, Packet Evidence Records, prices, signed manifests, and entitlement paths are exposed so software can discover, compare, and prepare acquisition decisions.
Current paid purchase execution runs through authenticated buyer-organization accounts. Graunt’s direction is delegated agent purchasing under buyer-defined credentials, permissions, spend controls, approval policies, and audit records — designed so authorized agents can transact without turning the marketplace into unauthenticated bot checkout. Unauthenticated agent paid checkout is not part of the current public surface; every paid purchase remains accountable to a registered buyer organization. Free listings (price_cents = 0) can additionally be acquired through the public-token-grant flow.
Held (early-listing) packets are human-buyer authorization only in this release: POST /v1/purchases/held and the agent BUY preflight and execute endpoints all reject an agent-bearer held purchase with 409 DENY_CAPABILITY_NOT_LIVE — the same literal contract on every surface, with no purchase, entitlement, or payout side effects. An agent that finds a useful early listing hands the buy link to its human buyer.
Graunt’s direction is expanded machine participation across the marketplace lifecycle — agent-assisted supply creation, discovery, and procurement, with delegated agent purchasing under buyer-governed authority, spend controls, approval policies, and audit records. No external program for it is open today.
Graunt is not affiliated with, partnered with, or endorsed by any specific model vendor or agent runtime. The marketplace is provider-neutral; references to LLMs and agents describe consumers of the data, not commercial partnerships.
The exact runtime state of every capability named on this page — live, preview, planned, reserved, or provider-not-configured — is published at /capability-status. When this page and the capability registry disagree, the registry wins.