FuseGuard

On-demand snapshot

Capture a fresh schema snapshot for the watch bound to an ingested trip — no free-form URL.

POST /v1/fuseguard/snapshots Security checklist →

Authorizations

Authorization
requiredstring

Bearer API key. Requires fuseguard_prod overlay on a paid plan.

Body

application/json

tripId
requiredstring

Trip UUID from a prior POST /v1/fuseguard/trips call. The trip must include a watchId.

eventId
string

Optional metering id for fuseguard.snapshot usage events.

Responses

201 — snapshot captured. Returns snapshot and audit.runId.

400 — missing tripId or trip has no associated watch.

403 — watch URL blocked (SSRF / private IP policy).

404 — trip or watch not found for this account.

429 — rate limit exceeded (10/day, burst 3/hour). Response may include Retry-After.

Rate limits & safety

  • 10 snapshots per account per calendar day
  • Burst limit of 3 per hour
  • Watch URL must pass public HTTP(S) SSRF checks — no RFC1918 or metadata hosts
  • No arbitrary URL field in the request body
curl --request POST \
  --url https://driftguard.org/v1/fuseguard/snapshots \
  --header 'Authorization: Bearer dg_live_…' \
  --header 'Content-Type: application/json' \
  --data '{"tripId": "550e8400-e29b-41d4-a716-446655440000"}'