Powerful Features.
Faster Development.
Better Apps.
EU-based self-building App Platform. Build powerful backends in minutes — not months. No US corporate dependency.
POST /api/endpoints
{
"name": "products",
"fields": [
{ "name": "title", "type": "string" },
{ "name": "price", "type": "decimal" },
{ "name": "in_stock", "type": "boolean" }
]
}Create API in Seconds
Define your endpoint model and start with a clean API foundation.
Request
Response
Data Residency Controls Built Into the API
Define policy-level storage boundaries per endpoint, enforce region restrictions, and generate attestations for compliance teams.
Per-endpoint residency policies
Assign one policy per endpoint with allowed and blocked regions, strict enforcement, and default region settings.
Compliance checks and attestations
Run residency compliance scans and generate policy certificates for auditors and governance workflows.
Region catalog with jurisdiction metadata
Use built-in region metadata (country, jurisdiction, availability) and violation notifications for ongoing control.
Integrated storage, with complete S3 API
Storage is a native part of the Vault56 App Platform, designed for predictable cost control, reliability, and governed data ownership.
Storage Module Pricing
Current integrated storage pricing within the Vault56 App Platform.
Flat Storage
€8
/mo/TB
Extended Security Storage
€12
/mo/TB
Multi-Location Storage
€16
/mo/TB
- Reserved capacity pricing is available for larger commitments.
- 1 TB annual prepay and 20+ TB reserved capacity options are available.
Activate and manage storage from the admin panel as part of your app platform workspace.
Integrated Storage Capabilities
EU-aware data residency
Apply residency controls alongside your endpoint and workflow policies.
S3-compatible API
Integrate existing tools and workflows quickly.
Snapshots and object versioning
Recover previous versions and restore data from known good states.
Lifecycle policies
Automate archival and retention rules by object class.
Strong encryption
Encryption at rest and in transit as baseline security.
Binary delta revisioning
Track binary changes efficiently for historical traceability and rollback.
Build Complex Backends at High Speed
Use documented API primitives to create endpoints, evolve schema safely, automate workflows, and expose data through REST, GraphQL, and event channels.
Dynamic Endpoint Builder
Create endpoints with typed fields and optional `namespace_path`; missing namespaces are created in the same request.
Safe Schema Evolution
Field updates are validated against stored data, blocking incompatible changes and allowing additive growth safely.
Access and Perimeter Controls
Combine field permissions, ABAC policies, geo-blocking, and endpoint IP allowlists for layered API access control.
Workflow Automation
Use state-machine workflows, multi-step approval chains, and WASM/script hooks to automate business logic.
POST /api/endpoints
{
"name": "products",
"fields": [
{
"name": "title",
"type": "string",
"required": true
},
{
"name": "price",
"type": "decimal",
"precision": 10,
"scale": 2
},
{
"name": "in_stock",
"type": "boolean",
"default": true
},
{
"name": "category_id",
"type": "uuid",
"reference": "categories"
},
{
"name": "tags",
"type": "string[]"
}
]
}Rich Field Types
Use strings, numbers, booleans, arrays, objects, email fields, and endpoint references in one schema model.
Namespace-Aware Endpoints
Create nested namespace paths in one call and expose private or public data URLs directly.
Search and Aggregation
Run full-text search, filters, and aggregation queries for counts, sums, and time-series analysis.
Async Batch Processing
Run large batch jobs asynchronously, monitor progress, and scale bulk import/export workloads.
Built for API Automation
Agent-driven and scripted workflows can use documented endpoints to provision, integrate, and operate backend systems consistently.
# Agent workflow provisions a complete backend
$ curl -X POST /api/endpoints \
-d '{"name":"categories","fields":[...]}'
✓ categories endpoint created
$ curl -X POST /api/endpoints \
-d '{"name":"products","fields":[...]}'
✓ products endpoint created
$ curl -X POST /api/endpoints \
-d '{"name":"orders","fields":[...]}'
✓ orders endpoint created
$ curl /api/openapi.json
✓ Full OpenAPI spec exported
# Core setup: endpoints plus OpenAPI exportOpenAPI-Based SDKs
Generate TypeScript, Python, Go, Java, PHP, and more clients from the OpenAPI specification.
OpenAPI / Swagger
Use `/openapi.json` and `/docs/openapi.yaml` for codegen, testing, and contract governance.
Postman Import Flow
Import the OpenAPI URL directly into Postman to generate complete, ready-to-test collections.
Structured Error Codes
Use the documented error code catalog to build deterministic retries and fallback handling.
Event-Driven and Real-Time
Connect record events, approvals, hooks, and delivery pipelines with predictable APIs for high-change production workloads.
WebSocket & SSE
Bi-directional channels, endpoint event streams, message replay, and REST-to-WebSocket publishing.
Presence Tracking
Know who is online, typing indicators, and user activity status in real time.
State Machine Workflows
Define states, transitions, and transition hooks, then retrieve full workflow history per record.
Approval Chains
Multi-step approval workflows with digital signatures and audit trails.
WASM & Script Hooks
Run custom validation and transformation logic with script hooks and WASM runtime hooks (also called WASP hooks) on API events.
Reliable Webhooks
At-least-once delivery with exponential retries, dead-letter queues, replay windows, delivery logs, and HMAC signing keys.
Scheduled Actions
Queue future CRUD operations and orchestrate timed automations without external schedulers.
Cross-Record Automations
Trigger actions across tables when data changes — no code required.
WebSockets, Presence, and Live Event Streams
Build live collaboration and notification flows with documented WebSocket channel APIs, typing/cursor events, read receipts, and SSE subscriptions.
WebSocket Channel APIs
Create and manage realtime channels, list active connections, publish messages, and fetch channel history by API.
Typing and Presence
Publish typing start/stop and cursor state updates so teams see presence and active editing context immediately.
Read Receipts and Events
Track per-channel read receipts and emit custom realtime events for workflow and collaboration UIs.
SSE Subscriptions
Use subscription endpoints and server-sent event streams when one-way push is preferred over full duplex sockets.
WebSocket Channel Lifecycle
GET /api/websocket/info
POST /api/websocket/channels
POST /api/websocket/channels/{id}/publish
GET /api/websocket/channels/{id}/messages?limit=50&offset=0Live Presence + SSE Stream
POST /api/realtime/channels/{channelId}/typing/start
POST /api/realtime/channels/{channelId}/cursor
POST /api/subscriptions
GET /api/subscriptions/{subscription_id}/streamMulti-Step Approval Workflows With Signatures and Auditability
Define endpoint-level approval workflows, route create/update/delete changes through reviewer steps, and track each approval request lifecycle with certificates and verification endpoints.
Workflow Definitions
Create approval chains per endpoint with ordered steps, approver roles/users/groups, and timeout actions.
Approval Requests
Submit proposed create/update/delete changes into approval queues before data is applied.
Review Actions
Approve, reject, request changes, or cancel requests with clear API actions and pending queues.
Signing and Verification
Register signing keys and verify approval signatures and certificates for compliance evidence.
Create Workflow + Submit Request
POST /api/endpoints/{endpointId}/approval-workflows
{
"name": "Engineering Change Approval",
"trigger_on": ["update"],
"require_signatures": true
}
POST /api/approval-requestsReview Queue + Decision
GET /api/approval-requests/pending
POST /api/approval-requests/{id}/approve
POST /api/approval-requests/{id}/reject
POST /api/approval-requests/{id}/verifyDelivery Targets, Triggers, and Realtime Inbox Updates
Configure notification targets and trigger rules, inspect logs, and power in-app inbox experiences with unread counts and realtime WebSocket delivery.
Target Management
Create and test webhook/email/SMS/push targets and route notifications through stable delivery destinations.
Trigger Rules
Attach trigger definitions to events and conditions so notifications run automatically from data changes.
Operational Logs
Query notification logs to validate delivery outcomes and debug routing behavior.
Inbox APIs
Use inbox endpoints for unread counts and read status while connected clients receive realtime WebSocket updates.
Targets + Triggered Notifications
POST /api/notifications/targets
POST /api/notifications/targets/{targetId}/test
POST /api/notifications/triggers
GET /api/notifications/logsInbox + Read State
GET /api/notifications/inbox
GET /api/notifications/inbox/unread-count
PUT /api/notifications/inbox/{id}/read
POST /api/notifications/inbox/read-allHigh-Throughput Data Channels for Streams and Devices
Ingest and query channel data with append APIs, latest-value lookups, aggregates, batching, schema validation, and per-channel operations for production telemetry and event workloads.
Channel Ingestion
Create channels and write records using channel public IDs and tokens for controlled producer access.
Latest and History APIs
Read latest values, paginated history, and channel stats for dashboards, alerting pipelines, and analytics jobs.
Aggregates and Queries
Use aggregate/query endpoints for interval math, filtering, and derived metrics without external stream processors.
Schema and Lifecycle
Manage channel schema, transformations, retention, and token rotation through documented management endpoints.
Create + Ingest + Read
POST /api/channels
POST /api/channels/{public_id}/data
GET /api/channels/{public_id}/latest
GET /api/channels/{public_id}/data?limit=100Aggregate + Batch + Retention
GET /api/channels/{public_id}/aggregate?field=temperature&function=avg&interval=1h
POST /api/channels/{public_id}/batch
PUT /api/channels/{id}/retention
POST /api/channels/{id}/regenerate-write-tokenGenerate Forms That Write Directly to Endpoints
Build customer forms, internal intake flows, and multi-step polls from endpoint schema. Every submission can be validated, versioned, and inserted directly into your API data model.
Schema-Driven Builder
Generate forms from endpoint fields with typed inputs, required rules, defaults, and field groups.
Direct Endpoint Insert
Map submit actions to `POST /api/data/{endpoint}` so responses become records without custom glue code.
Polls and Surveys
Create NPS, voting, and feedback flows with conditional questions, scoring, and live result aggregation.
Review and Revisions
Track form schema revisions, rollback safely, and enforce approval workflows before publishing changes.
Example generated form connected to an endpoint with direct or review-based submission mode.
Create Form Bound To Endpoint
POST /api/forms
{
"name": "Lead Intake Form",
"endpoint_id": "uuid-of-leads-endpoint",
"submission_mode": "direct",
"allowed_fields": ["email", "company_size"]
}Review Queue + Publish
POST /api/forms
{
"name": "Feature Priorities Q2",
"endpoint_id": "uuid-of-feature-votes-endpoint",
"submission_mode": "review"
}
POST /api/forms/{id}/publishEnterprise Organization Controls With All the Bells and Whistles
Run multiple teams and business units in one platform with strict boundaries, centralized governance, and high-velocity developer workflows.
Multi-Org Workspaces
Create isolated organizations with dedicated endpoints, storage policies, environments, and billing scopes.
SSO + SCIM Provisioning
Integrate SAML/OIDC identity providers and automate user/group lifecycle with SCIM sync.
RBAC + ABAC Policies
Combine role-based and attribute-based access control for fine-grained authorization at org, project, and endpoint level.
Approval Gates
Require change approvals for schema revisions, script activation, webhook updates, and production promotions.
Create Organization + Environments
POST /api/organizations
{
"name": "North Europe Retail",
"slug": "ne-retail",
"environments": ["dev", "staging", "prod"],
"residency_policy": "eu-strict"
}Enable SSO + Role Templates
POST /api/organizations/{id}/members
{
"email": "developer@example.com",
"role": "member"
}Validate Changes Safely Before Production
Run every change through isolated dev, test, and staging environments with full API support for snapshots, schema revisions, scripted checks, approvals, and controlled promotion.
Environment Isolation
Keep dev/test/staging/prod data and credentials separated to eliminate accidental production writes.
Snapshot-Based Testing
Clone known-good snapshots into test environments to validate migrations and business logic safely.
Promotion Gates
Require approvals and automated checks before promoting revisions from staging to production.
Fast Rollback
Use revision history and snapshots to roll back quickly if any post-release issue appears.
Create Test Environment from Snapshot
POST /api/environments
{
"name": "test-release-2026-02",
"source_snapshot_id": "snap_8827",
"protect_production_data": true
}
GET /api/environments/{id}/promote/previewApprove and Promote to Production
POST /api/approval-requests
{
"endpoint_id": "products-endpoint-id",
"record_id": "rec_7841",
"action": "update"
}
POST /api/environments/{id}/promote
{
"target_environment_id": "prod-env-id",
"sync_mode": "full_sync"
}Enterprise Modules With API Control
Compose enterprise capabilities from documented modules: files, email, channels, DNS, plugins, and revision history.
File Processing
Asynchronous image and document pipelines for resize, crop, convert, watermark, optimization, and PDF extraction.
Email Integration
Manage accounts, messages, drafts, and sending, with automation rules, calendar events, and email security controls.
Data Channels
IoT data ingestion, sensor streams, and real-time data buffers for high-throughput applications.
DNS Management
Manage domains and records (A, AAAA, CNAME, MX, TXT, NS, SRV, CAA), ownership verification, and optional DNSSEC.
Plugin Marketplace
Install marketplace extensions including WASM hooks, endpoint templates, and connectors to accelerate delivery.
Revision History
Track revisions with binary delta storage, time-travel queries, data lineage, and endpoint activity streams.
Security Without Shortcuts
Security features are exposed as APIs: encryption, token controls, residency policies, compliance reporting, webhook audit logs, and policy enforcement.
Client-Side Encryption
Client-side encryption with searchable blind indexes, key sharing, and key-vault backup options.
2FA / TOTP
JWT auth with optional TOTP second factor, refresh token rotation, and profile-scoped access controls.
ABAC, Geo, and IP Controls
Enforce attribute-based policies, country blocking, and endpoint-level IP allowlists for sensitive APIs.
PII and Compliance Reports
Run PII scans, classify sensitive fields, manage DSAR workflows, and generate GDPR/CCPA/HIPAA/SOC2 reporting artifacts with access-log evidence.
Complete GDPR Workflows With API Control
Use dedicated compliance APIs for PII inventory, DSAR handling, consent tracking, masking, retention policies, and residency attestations so personal data stays governed end-to-end.
PII Inventory and Scans
Discover and classify personal data with endpoint scans and maintain legal basis and retention metadata per field.
DSAR Automation
Run access, erasure, rectification, portability, restriction, and objection requests through documented DSAR endpoints.
Consent Management
Capture consent, track legal basis, revoke consent, and export consent history for audits and data portability.
Data Masking Controls
Apply field-level masking rules for shares and exports, including role-based bypass and preview before rollout.
Retention Enforcement
Define retention policies with preview endpoints to enforce lifecycle cleanup without guesswork.
Residency and Attestation
Attach residency policies, run compliance checks, and generate downloadable certificates for external auditors.
GDPR Reports + DSAR Processing
POST /api/compliance/reports
{
"type": "gdpr_data_inventory",
"format": "pdf"
}
POST /api/compliance/dsar
{
"type": "erasure",
"subject_identifier": "john.doe@example.com",
"identifier_type": "email"
}Masking + Consent + Retention + Residency
POST /api/masking-rules
{
"endpoint_id": "customers-endpoint-id",
"field_name": "email",
"masking_type": "email"
}
POST /api/consents
POST /api/retention-policies
POST /api/data-residency/compliance-checkPowerful Query Controls and Search Index Operations
Use documented list query parameters for deterministic filtering and sorting, plus Search API modes and reindex operations for fast discovery at scale.
List Query Parameters
Filter by field value and control ordering with `_sort`, `_order`, `_limit`, `_offset`, and `_expand` on data endpoints.
Search Modes
Run `contains`, `exact`, `prefix`, or `fulltext` search modes depending on recall, precision, and ranking needs.
Scope and Field Control
Search one endpoint, multiple endpoints, group scopes, or namespace scopes, and optionally narrow with `fields`.
Reindex Operations
Rebuild endpoint full-text indexes with `POST /api/search/reindex/{endpoint}` after large imports or schema changes.
Documented Data Filtering + Sorting
GET /api/data/products
?in_stock=true
&_sort=price
&_order=asc
&_limit=10
&_offset=0
&_expand=category_idSearch Modes + Reindex
POST /api/search/customers?q=john&mode=fulltext&fields=name,email&limit=20
POST /api/search/reindex/customers
GET /api/views/{id}/execute?limit=25Developer Velocity, Unlocked
Documented endpoints for querying, compliance workflows, script/WASM hooks, and webhook reliability make platform behavior explicit and automatable.
Filtering & Sorting
GET /api/data/products
?in_stock=true
&_sort=created_at
&_order=desc
&_limit=25
&_offset=0
&_expand=category_idData Residency Policy
POST /api/data-residency/policies
{
"name": "EU Only Policy",
"allowed_regions": [
"eu-west-1",
"eu-central-1"
],
"enforce_strict": true,
"notification_on_violation": true
}Webhook Replay
POST /api/webhooks/{webhookId}/replay
{
"from": "2026-01-01T00:00:00Z",
"to": "2026-01-01T23:59:59Z",
"target_url": "https://recovery-endpoint.example.com/webhook"
}Compliance APIs
PII inventory scans, DSAR exports, and framework reporting for GDPR/CCPA/HIPAA/SOC2.
Webhook Controls
Inspect deliveries, retry failures, resolve dead letters, and replay events by time range.
Script Hooks
Lightweight JavaScript hooks for request-time validation and data transformation.
WASM Hooks
Sandboxed high-performance runtime hooks for advanced business logic and event processing.
More API Examples
Representative calls teams use for compliance operations, workflows, event recovery, and custom runtime logic.
Compliance Report Generation
POST /api/compliance/reports
{
"type": "gdpr_data_inventory",
"format": "pdf",
"date_range": {
"start": "2026-02-01",
"end": "2026-02-28"
}
}Workflow State Transition
POST /api/workflows/{workflowId}/transition
{
"record_id": "record-uuid",
"to_state": "approved",
"comment": "Approved after review"
}Webhook Replay Window
POST /api/webhooks/{webhookId}/replay
{
"from": "2026-02-15T00:00:00Z",
"to": "2026-02-15T23:59:59Z",
"target_url": "https://recovery.example.com/webhook"
}WASM Hook Registration
POST /api/wasm/hooks
{
"name": "validate_customer_limits",
"event": "record.before_create",
"endpoint_id": "endpoint-uuid",
"module_id": "wasm-module-uuid"
}Start Building with Documented APIs
Create your account, open the admin panel, and start shipping against a fully documented platform surface.