Changelog

A versioned history of the Regulatory Snapshot API. All entries are dated; breaking changes are explicitly called out and ship with a deprecation window where possible.

The API is versioned in the URL path (/v1). Within v1, additions are non-breaking; removals or shape changes ship as /v2 with an overlap window. The OpenAPI spec at api.regsn.app/openapi/regsn-v1.yaml is the source of truth for the current shape.

2026-05-14 · v1 launch

Initial public release.

New endpoints:

• POST /v1/keys · GET /v1/keys · POST /v1/keys/:id/revoke — API key lifecycle.
• POST /v1/scans · GET /v1/scans/:id · GET /v1/scans/:id/stream — Scan creation, status polling, and SSE progress.
• GET /v1/snapshots · GET /v1/snapshots/:id — List and retrieve.
• GET /v1/snapshots/:id/items · /trends · /executive-summary · /executive-narrative · /drift — Sub-resource projections.
• POST /v1/exports · GET /v1/exports/:id — Async export jobs.
• GET /v1/usage — Per-day / per-endpoint / per-key telemetry.

SDKs:

• Python regsn v0.1.0 — Python ≥ 3.8, stdlib only.
• JavaScript @regsn/api v0.1.0 — Node 18+, ESM.

Cross-cutting:

• Bearer authentication (regsn_live_<32 chars>) with SHA-256-hashed storage and immediate revocation.
• Idempotency-Key on POST /v1/scans and POST /v1/exports with a 24-hour replay window.
• Per-key rate limits — reads 60/min, scans 6/hour, exports 30/hour.
• RFC 9457 problem-details for every error; X-Request-Id on every response.
• Sentry capture on every 5xx with request-id correlation.

See also

• API overview — what the API is, what you can build.
• Quickstart — first request in five minutes.
• Core concepts — scan, snapshot, and changes, explained from the product side.