{ "schema": "https://saferpage.de/schemas/trust-api-operations.v1", "generated_at": "2026-06-09T22:23:26+00:00", "domain": "abokiste24.de", "available": true, "scan": { "id": "70f2d2dc-ee21-46bc-9886-318f828d5b1e", "checked_at": "2026-06-09 21:44:56.598895+02" }, "status": "trust_api_operations_blueprint_ready", "summary": "Trust API Operations für abokiste24.de: 11 Endpunkte, 5 Token-Regeln, 5 Sync-Jobs, Score 100.", "metrics": { "endpoint_count": 11, "token_policy_count": 5, "sync_job_count": 5, "payload_contract_count": 5, "runbook_item_count": 5, "guardrail_count": 6, "readiness_score": 100 }, "endpoint_catalog": [ { "id": "api_token", "label": "API Token Lifecycle", "method": "HEADER", "path": "X-API-KEY", "purpose": "Token ausstellen, rotieren, widerrufen und keinem Public Export beifügen.", "required_scope": "admin:api_tokens", "risk_level": "high", "allowed_fields": [ "token_id_hash", "scope", "created_at", "expires_at", "last_used_at" ] }, { "id": "authorization_requests", "label": "Authorization Requests lesen", "method": "GET", "path": "/api/v2/exchange/authorization_requests", "purpose": "Access Requests für Trust-Center-Freigaben abrufen und in Review-Queues routen.", "required_scope": "trust_audience:read", "risk_level": "medium", "allowed_fields": [ "request_id", "company_domain", "status", "requested_at", "requested_resources" ] }, { "id": "authorization_request_update", "label": "Authorization Request bearbeiten", "method": "PATCH", "path": "/api/v2/exchange/authorization_requests/{id}", "purpose": "Request ignorieren, eskalieren oder Status serverseitig aktualisieren.", "required_scope": "trust_audience:write", "risk_level": "high", "allowed_fields": [ "request_id", "status", "reason_code", "reviewer_role" ] }, { "id": "authorization_create", "label": "Authorization erstellen", "method": "POST", "path": "/api/v2/exchange/authorizations", "purpose": "Freigabe auf Basis einer E-Mail oder eines bestehenden Requests vorbereiten.", "required_scope": "trust_audience:approve", "risk_level": "high", "allowed_fields": [ "authorization_id", "request_id", "email_domain_hash", "expires_at", "access_groups" ] }, { "id": "access_groups", "label": "Access Groups lesen", "method": "GET", "path": "/api/v2/exchange/access_groups", "purpose": "Gruppen für Audience Preview, Dokumentzugriff und Connection-Zuweisungen synchronisieren.", "required_scope": "trust_access_groups:read", "risk_level": "medium", "allowed_fields": [ "group_id", "label", "updated_at" ] }, { "id": "documents", "label": "Dokumente und Ordner verwalten", "method": "GET/POST/PATCH/DELETE", "path": "/api/v2/exchange/documents", "purpose": "Dokumentmetadaten, Ordner und Access-Level mit Review-Gates synchronisieren.", "required_scope": "trust_documents:write", "risk_level": "high", "allowed_fields": [ "document_id", "title", "access_level", "owner", "expires_at" ] }, { "id": "subprocessors", "label": "Subprozessoren pflegen", "method": "GET/POST/DELETE", "path": "/api/v2/exchange/subprocessors", "purpose": "Subprozessorenliste und Änderungsnotices mit Betreiberfreigabe aktualisieren.", "required_scope": "trust_designer:write", "risk_level": "medium", "allowed_fields": [ "vendor_name", "purpose", "region", "transfer_basis", "notice_status" ] }, { "id": "analytics_interactions", "label": "Analytics Interactions lesen", "method": "GET", "path": "/api/v2/analytics/interactions", "purpose": "Aggregierte Interaktionen für Trust Analytics, CRM-Routing und Content-Priorisierung abrufen.", "required_scope": "trust_analytics:read", "risk_level": "medium", "allowed_fields": [ "interaction_id", "connection_hash", "resource_id", "event_type", "timestamp" ] }, { "id": "knowledge_qa", "label": "Curated Q&A pflegen", "method": "GET/POST/PATCH", "path": "/api/v2/knowledge_base/questions", "purpose": "Q&A aus Review-Workflows in Knowledge Sources übernehmen.", "required_scope": "knowledge:write", "risk_level": "medium", "allowed_fields": [ "question_id", "question", "answer", "source_ids", "review_status" ] }, { "id": "questionnaires", "label": "Questionnaires importieren und aktualisieren", "method": "GET/POST/PATCH", "path": "/api/v2/questionnaires", "purpose": "Kundenfragebögen serverseitig erstellen, aktualisieren und Antwortstatus synchronisieren.", "required_scope": "questionnaires:write", "risk_level": "high", "allowed_fields": [ "questionnaire_id", "company_domain_hash", "due_at", "status", "owner_role" ] }, { "id": "one_off_questions", "label": "One-off Questions stellen", "method": "GET/POST", "path": "/api/v2/questions", "purpose": "Einzelfragen aus Sales, Slack oder Trust Center mit Quellenbindung beantworten.", "required_scope": "questions:write", "risk_level": "medium", "allowed_fields": [ "question_id", "prompt_hash", "source_scope", "confidence", "review_required" ] } ], "token_policies": [ { "id": "scoped_tokens", "label": "Separate Tokens pro System, Umgebung und Zweck", "status": "required", "evidence": "Scope-Liste, Owner, Ablaufdatum" }, { "id": "no_public_secret", "label": "Secrets nie in JSON/CSV/Markdown, HTML oder Client-JavaScript ausgeben", "status": "enforced", "evidence": "Secret-Referenz statt Klartext" }, { "id": "rotation", "label": "Token-Rotation und Widerruf mit Auditlog planen", "status": "required", "evidence": "Rotationstermin, letzter Zugriff, Revocation-Event" }, { "id": "least_privilege", "label": "Read-, Write- und Approval-Scopes strikt trennen", "status": "required", "evidence": "Scope-Matrix und Team-Rollen-Link" }, { "id": "network_policy", "label": "Serverseitige API-Aufrufe mit Allowlist, Timeout und Retry-Limit ausführen", "status": "recommended", "evidence": "Egress-Policy, Retry-Backoff" } ], "sync_jobs": [ { "id": "access_request_sync", "label": "Access Request Queue synchronisieren", "cadence": "5-15min", "mode": "read_then_review", "idempotency_key": "request_id + status + reviewed_at" }, { "id": "document_metadata_sync", "label": "Dokumentmetadaten und Access-Level abgleichen", "cadence": "hourly_or_on_publish", "mode": "dry_run_before_write", "idempotency_key": "document_id + version + access_level" }, { "id": "subprocessor_sync", "label": "Subprozessoren-Änderungen vorbereiten", "cadence": "daily_or_release", "mode": "approval_required", "idempotency_key": "vendor_name + purpose + notice_version" }, { "id": "analytics_ingest", "label": "Interaktionen aggregiert importieren", "cadence": "hourly", "mode": "read_aggregate_redact", "idempotency_key": "event_id + day_bucket" }, { "id": "questionnaire_job", "label": "Questionnaire-Status und Evidence-Links synchronisieren", "cadence": "on_upload_or_status_change", "mode": "malware_scan_then_review", "idempotency_key": "questionnaire_id + revision" } ], "payload_contracts": [ { "id": "access_request_payload", "label": "Access Request Payload", "allowed": [ "request_id", "domain_hash", "status", "resource_ids", "nda_required" ], "forbidden": [ "plain_email", "full_name", "ip_address", "magic_link" ] }, { "id": "authorization_payload", "label": "Authorization Payload", "allowed": [ "authorization_id", "domain_hash", "expires_at", "access_group_ids", "reviewer_role" ], "forbidden": [ "invite_token", "private_download_url", "raw_contract_text" ] }, { "id": "document_payload", "label": "Document Payload", "allowed": [ "document_id", "title", "access_level", "owner_role", "version" ], "forbidden": [ "document_binary", "private_url", "watermark_identity" ] }, { "id": "analytics_payload", "label": "Analytics Payload", "allowed": [ "event_id", "connection_hash", "resource_id", "event_type", "day_bucket" ], "forbidden": [ "plain_email", "full_ip", "raw_user_agent", "crm_contact_id" ] }, { "id": "question_payload", "label": "Question / AI Payload", "allowed": [ "question_id", "prompt_hash", "source_scope", "confidence", "review_required" ], "forbidden": [ "chat_transcript_raw", "secret_token", "customer_file_content" ] } ], "runbook": [ { "id": "dry_run", "label": "Jeden Write-Endpunkt zuerst als Dry-Run gegen lokale Payload-Regeln prüfen", "owner": "Platform/Compliance" }, { "id": "approval_gate", "label": "High-Risk-Schreibpfade brauchen Team-Rollen-Approval und Audit-Event", "owner": "Trust Owner" }, { "id": "rate_limit", "label": "Rate-Limits, Retry-Backoff und Dead-Letter-Queue pro Integration setzen", "owner": "Platform" }, { "id": "rollback", "label": "PATCH/POST-Änderungen mit vorherigem Snapshot und Rücksetzplan dokumentieren", "owner": "Trust Operations" }, { "id": "privacy_review", "label": "Viewer-, Questionnaire- und Analytics-Felder vor Export pseudonymisieren", "owner": "Datenschutz" } ], "guardrails": [ { "id": "no_live_calls_public", "label": "Öffentliche SaferPage-Seite ruft keine fremden Trust-Center-APIs live auf", "status": "enforced" }, { "id": "no_secret_export", "label": "API-Keys, Bearer Tokens, Webhook-Secrets und Magic Links werden nie exportiert", "status": "enforced" }, { "id": "write_requires_approval", "label": "POST/PATCH/DELETE brauchen Betreiberfreigabe, Rollenprüfung und Idempotency-Key", "status": "required" }, { "id": "read_minimization", "label": "Read-Jobs importieren nur erlaubte Felder und hashen Personenbezug", "status": "required" }, { "id": "audit_every_call", "label": "Jeder produktive API-Aufruf erzeugt Auditlog mit Scope, Zweck und Ergebnis", "status": "required" }, { "id": "region_and_dpa", "label": "DACH/EU-Betrieb prüft AVV/DPA, Transferstatus und Löschpfade vor Integration", "status": "required" } ], "api_contract": { "does_not_call_external_apis": true, "does_not_export_tokens": true, "does_not_grant_access": true, "required_before_live": [ "operator_auth", "api_token_store", "scope_engine", "egress_allowlist", "rate_limits", "idempotency_store", "write_approval", "audit_log", "viewer_privacy_cleanup" ] }, "links": { "html": "https://saferpage.de/trust/abokiste24.de/api", "json": "https://saferpage.de/trust/abokiste24.de/api-json", "csv": "https://saferpage.de/trust/abokiste24.de/api-csv", "markdown": "https://saferpage.de/trust/abokiste24.de/api-md", "trust_center": "https://saferpage.de/trust/abokiste24.de", "api_access": "https://saferpage.de/api-zugriff", "integrations": "https://saferpage.de/integrationen", "team_permissions": "https://saferpage.de/trust/abokiste24.de/team-rollen", "access_requests": "https://saferpage.de/datenraum/abokiste24.de/zugriffe", "access_groups": "https://saferpage.de/trust/abokiste24.de/gruppen", "documents": "https://saferpage.de/trust/abokiste24.de/dokumente", "subprocessors": "https://saferpage.de/trust/abokiste24.de/subprozessoren", "analytics": "https://saferpage.de/trust-analytics/abokiste24.de", "questionnaire_intake": "https://saferpage.de/trust/abokiste24.de/questionnaire-intake", "questionnaire_integrations": "https://saferpage.de/trust/abokiste24.de/fragebogen-integrationen", "communications": "https://saferpage.de/trust/abokiste24.de/kommunikation" }, "disclaimer": "Trust API Operations ist ein Betreiber-Blueprint. Diese öffentliche Seite ruft keine fremden APIs auf, exportiert keine Tokens und gewährt keine echten Trust-Center-Zugriffe." }