● Getting started
Authentication
Every request carries a bearer protocol key. Keys are organization-bound and scope-limited: an operation runs only if the key holds its scope (62 scopes across the surface, e.g. judgments:validate, packets:export).
Authorization: Bearer md_live_xxxxxxxxxxxxxxxx MD-Version: 2026-06-11 Idempotency-Key: 4f8a-bd31 # all write operations, 24h replay window
Envelope headers
| Header | |
|---|---|
| MD-Version | Date-pinned API version. Pinned at first call if omitted; breaking changes only ship under a new date. |
| Idempotency-Key | Safe retries on every write. Any string up to 255 characters — a UUID v4 is recommended. Same key + same body inside the 24-hour replay window returns the original result; same key + a different body returns 409 conflict. |
| MD-Request-Id | Returned on every response. Include it in support and audit queries. |
| MD-Signature | HMAC-SHA256 signature on every webhook delivery: t=<ts>,v1=<sig>. |
Pagination
Every list operation returns one envelope and accepts the same three query parameters. Walk forward by passing the id of the last item you have as starting_after; stop when has_more is false.
{
"object": "list",
"data": [ { "matter_id": "mtr_4Fa1...", ... } ],
"has_more": true
}
| Parameter | |
|---|---|
| limit | Page size, 1–100. Defaults to 20. |
| starting_after | Cursor: the id of the last item on the page you have. Returns the page after it. |
| ending_before | Cursor: the id of the first item on the page you have. Returns the page before it. |
curl "https://sandbox.api.microndelta.com/v1/matters?limit=20&starting_after=mtr_4Fa1xxxxxxxx" \ -H "Authorization: Bearer md_test_xxxxxxxxxxxxxxxx" \ -H "MD-Version: 2026-06-11"
The gates are the contract
Three domain gates sit above scopes and never soft-pass: authority_required, sanctions_gate, stay_in_effect. A blocked call is the protocol working as designed. See errors →