Steve API
Platform

Project Overview

Product and operational context for the Steve platform behind the HTTP APIs.

Steve is an image-based submission platform built for Open Loyalty workflows. Customers submit evidence in the mobile app, reviewers process it in the admin panel, and the Convex backend coordinates storage, AI analysis, fraud checks, review state, and optional Open Loyalty sync.

Primary actors

ActorSurfaceResponsibility
CustomerMobile appCapture evidence, submit workflows, track status, review results
ReviewerAdmin panelClaim work, inspect files, resolve fraud, approve or reject
AdminAdmin panelReviewer capabilities plus company and customer management
Super adminAdmin panelWorkflow builder, AI config, fraud policies, API keys, workflow agent
External integratorHTTP APIAPI-key-backed server-to-server integration

Product surfaces

Admin panel

Current admin capabilities include:

  • dashboard and inbox
  • company and customer management
  • fraud policy configuration
  • image moderation configuration
  • API key management
  • reporting and usage views
  • workflow list and workflow builder
  • unified submission queue
  • submission review detail
  • trash and restore flow

Mobile app

The mobile app is the customer-side capture client. Today it exposes four workflow entrypoints backed by the unified submission system:

  • document-ocr
  • compliance-vm
  • tire-replacement
  • roof-cleaning-inspection

Backend

The backend provides:

  • role-aware auth and profile separation
  • workflow CRUD and versioning
  • submission creation, review, and audit history
  • optional image moderation pre-check before workflow processing
  • AI analysis with configurable providers and fallback models
  • fraud detection using perceptual hashes and extracted-data comparison
  • Open Loyalty schema push and event sync
  • API keys, API sessions, webhook signing, and a partial external HTTP surface

How the platform is modeled

Steve is built around a generic workflow engine rather than separate hardcoded "document" and "compliance" backends:

workflow
  -> versioned configuration
  -> submission
     -> files
     -> events
     -> fraud matches

Each workflow version stores six stages:

  1. Upload
  2. Enhancement
  3. AI analysis
  4. Fraud detection
  5. Review
  6. Sync

That makes the same backend usable for OCR, store-compliance checks, and before/after verification flows.

A separate global image moderation pre-step can run before those stages. It is configured outside workflow versions because it is intended to protect all submission flows consistently.

Submission lifecycle

created -> processing -> review -> approved -> synced
                     \-> failed

Reviewers can also:

  • claim or unclaim review items
  • edit extracted data
  • resolve fraud findings
  • reprocess failed or review-state submissions
  • retry sync from approved state
  • cancel active work
  • move submissions to trash and restore them later

Current integrations

IntegrationPurpose
Convex AuthAuth and sessions
Cloudflare R2Direct file storage and presigned uploads
OpenRouterPrimary AI provider for workflow analysis and image moderation
ResendInvitation emails
Open LoyaltyCustom event schema push and event sync

Important current constraint

The repository contains a larger design for a full upload-session API, but the live external HTTP surface is still smaller than that design.

Live /api/v1 routes today:

  • GET /api/v1/companies
  • GET /api/v1/jobs/{sessionId}
  • POST /api/v1/webhooks/test

Planned upload-session routes are documented separately under Upload Session API.

  1. Read Technical Architecture for the system model.
  2. Review Authentication and Errors and Rate Limits.
  3. Use the live pages under API Reference for implementation work.

Previous

Upload Session API

Next

Technical Architecture

On this page