Developer Documentation
The StreetMP OS API is an OpenAI-compatible REST interface with enterprise-grade compliance enforcement. Every request passes through the V71 Prompt Firewall, V67 DLP engine, and V25 Trust Scorer before reaching any model provider.
https://os.streetmp.comv1Getting Started
Get your first secure AI response in under 60 seconds.
Create an Account
Register at os.streetmp.com and verify your email address.
Generate an API Key
Navigate to API Keys in the dashboard. Your key is shown once — copy it immediately.
Make Your First Call
Use the code examples below. Your V35 compliance certificate is generated automatically.
Authentication
All API requests must include a Bearer token in the Authorization header.
API keys are shown once
StreetMP stores only the SHA-256 hash of your API key. If you lose it, generate a new one — there is no recovery mechanism.
Authorization: Bearer sk_live_your_api_key_here
X-Tenant-ID: your-tenant-idPOST /api/v1/execute
The primary AI execution endpoint. Routes your prompt through the V71 Firewall, V67 DLP engine, and V25 Trust Scorer before forwarding to the provider.
| Parameter | Type | Required | Description |
|---|---|---|---|
prompt | string | ✓ | The user prompt. PII is tokenised before dispatch. |
provider | string | ✗ | openai | anthropic | google | meta (default: openai) |
model | string | ✗ | Model ID e.g. gpt-4o, claude-3-5-sonnet (default: gpt-4o) |
options | object | ✗ | { temperature, max_tokens, top_p } — provider-specific options |
user_id | string | ✗ | Optional user identifier for per-user audit log attribution |
Node.js Example
Using the native fetch API (Node.js ≥18). No SDK required.
const response = await fetch('https://os.streetmp.com/api/v1/execute', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer YOUR_API_KEY',
'X-Tenant-ID': 'your-tenant-id',
},
body: JSON.stringify({
prompt: 'Summarise the following contract clause: ...',
provider: 'openai',
model: 'gpt-4o',
options: {
temperature: 0.3,
max_tokens: 1024,
},
}),
});
const data = await response.json();
console.log(data.response.completion); // AI output (PII-scrubbed)
console.log(data.trust_score); // V25 Trust Score (0–100)
console.log(data.certificate.trace_id); // V70 Trace ID for auditPython Example
Using the requests library (pip install requests).
import requests
API_URL = "https://os.streetmp.com/api/v1/execute"
API_KEY = "YOUR_API_KEY"
TENANT_ID = "your-tenant-id"
payload = {
"prompt": "Summarise the following contract clause: ...",
"provider": "openai",
"model": "gpt-4o",
"options": {
"temperature": 0.3,
"max_tokens": 1024,
},
}
headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {API_KEY}",
"X-Tenant-ID": TENANT_ID,
}
res = requests.post(API_URL, json=payload, headers=headers, timeout=30)
res.raise_for_status()
data = res.json()
print(data["response"]["completion"]) # AI output (PII-scrubbed)
print(data["trust_score"]) # V25 Trust Score (0–100)
print(data["certificate"]["trace_id"]) # V70 Trace ID for auditcURL
Quick test from terminal.
curl -X POST https://os.streetmp.com/api/v1/execute \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: your-tenant-id" \
-d '{
"prompt": "What is the capital of Singapore?",
"provider": "openai",
"model": "gpt-4o"
}'Response Schema
Every successful response includes the AI completion, a V25 Trust Score, and a V35 Compliance Certificate with Merkle root and V70 Trace ID.
{
"success": true,
"response": {
"completion": "The capital of Singapore is Singapore City.",
"model": "gpt-4o",
"provider": "openai",
"tokens": { "prompt": 14, "completion": 9, "total": 23 }
},
"trust_score": 98,
"certificate": {
"trace_id": "v70-8a3f-2e91-bc4d",
"zk_signature": "sha256-Hv3kP9...",
"merkle_root": "a4f2b8c1...",
"timestamp": "2026-04-01T01:47:33.421Z",
"dlp_scan_result": "PASS",
"nemo_guardrail": "PASS",
"frameworks": ["PDPA_SG", "MAS_TRM"]
}
}trust_scoreV25 Trust Score (0–100). Scores ≥95 indicate full compliance posture.
certificate.trace_idV70 Trace ID. Use this in audit queries and support tickets.
certificate.merkle_rootSHA-256 Merkle root anchoring this execution to the V35 Audit Ledger.
Error Codes
All errors follow a consistent shape: { success: false, error: { code, message, trace_id } }
// HTTP 403 — Prompt blocked by V71 Firewall
{
"success": false,
"error": {
"code": "GUARDRAIL_BLOCKED",
"message": "Prompt failed V71 safety evaluation (injection detected).",
"trace_id": "v70-err-9b2a-..."
}
}| Error Code | HTTP | Description |
|---|---|---|
GUARDRAIL_BLOCKED | 403 | Prompt blocked by V71 Prompt Firewall (injection or jailbreak detected). |
DLP_POLICY_VIOLATION | 403 | Prompt contained raw PII that could not be safely tokenised before dispatch. |
REGULATORY_SOVEREIGNTY_VIOLATION | 403 | Requested inference region violates active APAC compliance framework. |
QUOTA_EXCEEDED | 429 | Tenant token quota exhausted. Upgrade plan or wait for reset. |
RATE_LIMIT_HIT | 429 | Too many requests. Default: 60 req/min per tenant. |
INVALID_API_KEY | 401 | API key missing, expired, or revoked. |
MODEL_UNAVAILABLE | 503 | Requested model is temporarily unavailable. Use streetmp-auto for fallback. |
INTERNAL_ERROR | 500 | Unexpected internal error. Sentry-tracked. Include trace_id in support ticket. |
APAC Compliance Headers
Request jurisdiction-specific DLP enforcement by setting the X-Compliance-Framework header.
MAS_TRM🇸🇬 SingaporeEnables NRIC/FIN tokenisation and routes to ap-southeast-1 (Singapore).
X-Compliance-Framework: MAS_TRMBNM_RMIT🇲🇾 MalaysiaEnables MyKad tokenisation and routes to ap-southeast-3 (Malaysia/Jakarta).
X-Compliance-Framework: BNM_RMITPDPA_SG🇸🇬 SingaporeLightweight PDPA enforcement — NRIC/FIN masking, 3-year log retention.
X-Compliance-Framework: PDPA_SGDPDP_IN🇮🇳 IndiaAadhaar and PAN number masking, routes to ap-south-1 (Mumbai).
X-Compliance-Framework: DPDP_INRate Limits
Limits are enforced per tenant, per endpoint. Exceeding limits returns 429 RATE_LIMIT_HIT.
| Plan | Requests / min | Tokens / month | Concurrent |
|---|---|---|---|
| Free | 10 | 100,000 | 2 |
| Growth | 60 | 5,000,000 | 10 |
| Enterprise | ∞ | Unlimited | ∞ |
Ready to build?
Create your account, generate an API key, and make your first compliant AI call in under 60 seconds.