PAI is the privileged internal API plane. It is not publicly reachable and is protected by IP allowlist and PAI keys.
/internal/v1
Internal Swagger UI (requires PAI key + allowlist):
GET /internal/docsGET /internal/openapi.jsonProvide a PAI key via one of:
X-PAI-Key: phx_pai_...X-API-Key: phx_pai_...Authorization: PAIKey phx_pai_...POST /api/v1/admin/pai/request-key POST /api/v1/admin/pai/verify-and-generate
Email verification is required before PAI key issuance. MFA verification is planned but not yet available.
| Endpoint | Purpose |
|---|---|
GET /internal/v1/cve/{cve_id} | Full CVE details + raw NVD record |
GET /internal/v1/phoenix-score/{cve_id} | Full PS-HP output with components |
GET /internal/v1/high-profile | Full high-profile list (no redaction) |
GET /internal/v1/enterprise-watchlist | Full watchlist entries |
POST /internal/v1/calculate-score | Custom PS-HP calculation |
GET /internal/v1/scoring-weights | PS-HP/PS-OSS weights |
GET /internal/v1/threat-actors | Threat actor intelligence |
GET /internal/v1/eol-intelligence | Full EOL intelligence |