SteveExternal API Overview
What integrators can build with Steve's live API-keyed HTTP surface.
Steve's external API is a headless workflow processing and submission review platform.
At a high level, an integration can:
- Discover which workflows its company is allowed to use.
- Create a session and upload files directly to Cloudflare R2.
- Submit the session for asynchronous processing.
- Receive completion via webhook or poll the session job endpoint.
- Read the resulting submission, resolve fraud matches, and approve, reject, or cancel it.
Namespace
Every endpoint in this namespace requires:
Endpoint map
Workflows
| Endpoint | Purpose |
|---|---|
GET /api/v1/workflows | List workflows accessible to the authenticated company |
GET /api/v1/workflows/{slug} | Read the currently published workflow summary |
GET /api/v1/workflows/{slug}/versions/{version} | Read the immutable upload and output contract for one workflow version |
POST /api/v1/workflows/{slug}/sessions | Create an upload session and receive pre-signed R2 URLs |
POST /api/v1/workflows/{slug}/sessions/{sessionId}/submit | Queue a session for processing |
Session utilities
| Endpoint | Purpose |
|---|---|
GET /api/v1/jobs/{sessionId} | Poll asynchronous session state and the current business outcome |
POST /api/v1/webhooks/test | Verify webhook reachability before enabling production deliveries |
GET /api/v1/companies | List active companies for setup or migration tooling |
Submission review
| Endpoint | Purpose |
|---|---|
GET /api/v1/submissions | List submissions visible to the authenticated company |
GET /api/v1/submissions/{submissionId} | Fetch full submission detail, files, fraud matches, and event history |
POST /api/v1/submissions/{submissionId}/approve | Approve a submission in review |
POST /api/v1/submissions/{submissionId}/reject | Reject a submission in review |
POST /api/v1/submissions/{submissionId}/cancel | Cancel a submission before it is approved or synced |
Fraud
| Endpoint | Purpose |
|---|---|
GET /api/v1/submissions/{submissionId}/fraud-matches | Inspect duplicate or suspicious match candidates |
POST /api/v1/submissions/{submissionId}/fraud-matches/{matchId}/resolve | Resolve an individual fraud match |
Contract boundaries
- This is a server-to-server API. Do not embed Steve API keys in browsers or mobile apps.
- The API is company-scoped. A key only sees workflows and submissions for the company attached to that key.
- Workflow outputs are versioned. Use the workflow version endpoint when you need a stable machine-readable contract.
- Workflow authoring, API key self-service, company management, and admin-only routes are not part of this external contract.
- The file upload step is direct-to-R2. Steve coordinates the session, not the file transfer itself.
- All body field names are camelCase. All body timestamps are ISO 8601 strings.
- Every non-2xx response uses RFC 9457
application/problem+json.