Meet Maggie · ThreatMinder AI

Ship Maggie into your client's workflow.

Maggie is the ThreatMinder AI agent. Pick an integration surface — MCP for tool-driven clients, Batch API for CSV operations, Batch Analytics for scored documents — and move from first call to working rollout with live examples.

3 integration surfaces Examples included Production URL visible

Open integration studio Visit threatminder.com

Copilots and agents CSV processing Document scoring

Quick examples

Switch surfaces and inspect the first call.

MCP

Tool-first clients

X-API-Key JSON-RPC Session or stateless

01 Initialize

02 List tools

03 Create batch

curl -X POST "__PRODUCTION_URL__/api/v2/mcp" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"create_batch"}}'

Return a batch UUID, then fetch the processed result through the same MCP surface.

Batch API

CSV-driven operations

X-API-Key multipart upload UUID polling

01 Upload CSV

02 Store UUID

03 Poll result

curl -X POST "__PRODUCTION_URL__/api/v2/batch" \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "file=@customers.csv" \
  -F "name=customer-rollout"

Best for operational teams moving CSV payloads through a predictable async contract.

Batch Analytics

Scored document workflows

Bearer document ingest query by intent

01 Ingest docs

02 Run scoring

03 Query batch

curl -X POST "__PRODUCTION_URL__/api/v2/score-data/batch" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"intent":"vendor-risk","documents":[{"uri":"s3://bucket/doc.pdf"}]}'

Use this path when the customer needs scored document outputs instead of raw batch CSV.

Integration Studio

Work inside the surface you are actually implementing.

The primary tabs switch between product surfaces. The nested tabs switch between workflow, examples, and operational reference. That keeps the first screen compact while still putting real payloads one click away.

Step 01

Initialize or go stateless.

Open a stateful session when your client maintains context. Use a single POST when each call is independent.

Step 02

List tools dynamically.

Call tools/list to inspect the current runtime schemas before your client issues tool calls.

Step 03

Create the batch, then retrieve the result.

The current tool set exposes create_batch and get_batch_result so job creation and retrieval stay explicit.

curl -X POST "__PRODUCTION_URL__/api/v2/mcp" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2024-11-05",
      "clientInfo": { "name": "your-client", "version": "1.0.0" },
      "capabilities": {}
    }
  }'

curl -X POST "__PRODUCTION_URL__/api/v2/mcp" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 2,
    "method": "tools/list",
    "params": {}
  }'

curl -X POST "__PRODUCTION_URL__/api/v2/mcp" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "create_batch",
      "arguments": {
        "entityType": "BUSINESS",
        "useCase": "RESTAURANT-ONBOARD",
        "csvContent": "name,address,city,state,zip\nTaco Palace,123 Main St,Austin,TX,78701"
      }
    }
  }'

Available tools

`create_batch`

Accepts entityType, useCase, and csvContent. Returns the batch identity.

Available tools

`get_batch_result`

Accepts a UUID id and returns the processed CSV when the result is ready.

Step 01

Choose entity type and use case.

Batch validation depends on both, so map your source schema before upload.

Step 02

Upload the file and persist the UUID.

Treat the response ID as your job identity for retries, polling, and audit state inside your own system.

Step 03

Poll until the processed CSV is ready.

When the result exists, ThreatMinder returns CSV content containing the enriched output.

PERSON template

first_name,last_name,address,city,state,zip,phone1,email,dob,external_id
Jane,Doe,123 Main St,Austin,TX,78701,5125550199,jane@example.com,1989-08-03,person-001

BUSINESS template

name,address,city,state,zip,phone1,email,external_id
Taco Palace,123 Main St,Austin,TX,78701,5125550148,ops@tacopalace.com,business-001

curl -X POST "__PRODUCTION_URL__/api/v2/batch" \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "entityType=PERSON" \
  -F "useCase=PARTNER-PERSONNEL" \
  -F "file=@./people.csv;type=text/csv"

curl "__PRODUCTION_URL__/api/v2/batch/550e8400-e29b-41d4-a716-446655440000" \
  -H "X-API-Key: YOUR_API_KEY"

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "entityType": "PERSON",
  "useCase": "PARTNER-PERSONNEL"
}

curl -X POST "__PRODUCTION_URL__/api/v2/score-data" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -d '{
    "usecase": "partner-personnel",
    "batchId": "9edbab6e-7d52-4383-b813-cee40345877f",
    "metadata": { "customerId": "acme-42" },
    "docs": [
      {
        "id": "1745029250154",
        "title": "Open source finding",
        "content": "Subject appears in several posts describing threats and fraud.",
        "type": "WEB",
        "source": "https://example.com/report",
        "language": "en"
      }
    ],
    "options": {
      "priority": "sync"
    }
  }'

curl "__PRODUCTION_URL__/api/v2/score-data/9edbab6e-7d52-4383-b813-cee40345877f/summary" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

curl "__PRODUCTION_URL__/api/v2/score-data/9edbab6e-7d52-4383-b813-cee40345877f/risk-keys?limit=50&offset=0&sortBy=count&sortOrder=desc" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

curl "__PRODUCTION_URL__/api/v2/score-data/9edbab6e-7d52-4383-b813-cee40345877f/documents?limit=25&offset=0&sortBy=risk&sortOrder=desc" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Readable views

`/summary` and `/text-summary`

Use these endpoints when the consumer needs fast narrative or executive context.

Operational views

`/documents` and `/risk-keys`

Use these when the consumer needs sortable, filterable, or queue-oriented batch views.

Need the public site?

ThreatMinder.com is one click away.

Use the official site when the reader needs the external brand story. Use the studio above when the reader needs working integration detail, live payloads, and reference context.

Open official site Return to studio Open batch docs

Meet Maggie · API reference

Maggie's APIs, end to end.

Maggie is the ThreatMinder AI agent behind every batch, MCP call, and scored document workflow. This reference documents every endpoint she exposes so your team can wire real customer integrations against the production surface.

Batch · MCP · Analytics X-API-Key & Bearer JSON + multipart

Jump to Batch API Open upstream OpenAPI

Meet Maggie

The AI behind every ThreatMinder call.

Maggie is the AI agent ThreatMinder exposes to customers. Everywhere you see a batch decision, a tool call, or a scored document, Maggie is the one running inference. The integration surfaces in this reference are the ways partner systems can hand her work and pick up her results.

What Maggie is

A production AI agent.

Entity screening, document scoring, and narrative extraction, all running behind a single ThreatMinder surface.

Where she plugs in

Three shaped surfaces.

MCP for tool-driven clients. Batch API for CSV ops workflows. Batch Analytics for scored document pipelines.

Who uses it

Partner & customer integrations.

This reference is for the engineers wiring Maggie into a production customer workflow — not the end user.

Authentication

Maggie exposes two auth schemes depending on the surface. Pick the one that matches the endpoint you're calling — the reference entries below label the expected header in every request.

Batch & MCP

`X-API-Key`

Issued per customer tenant. Send on every request as an HTTP header.

X-API-Key: YOUR_API_KEY

Batch Analytics

`Authorization: Bearer`

Rotating access token acquired out-of-band. Required on every analytics route.

Authorization: Bearer YOUR_ACCESS_TOKEN

Base URL & environments

The production base URL used across this reference is rendered below from the docs environment. Partners typically pin this value in their own config and surface it in their deployment manifests.

Errors

Maggie returns structured JSON for non-2xx responses. Most errors carry a stable code, a human message, and an optional details object for field-level context.

{
  "code": "validation_failed",
  "message": "useCase is required",
  "details": {
    "field": "useCase"
  }
}

Batch API

CSV upload and async retrieval.

The Batch API is the operational surface. Upload a CSV of entities, capture the returned UUID, then poll the retrieval endpoint until the enriched CSV is ready. Two endpoints, one identity, explicit states.

POST __PRODUCTION_URL__/api/v2/batch

Upload a batch CSV

Starts an async batch. Returns the batch identity so you can poll for the result.

Headers

X-API-Key: Tenant API key.

Form fields

entityType: PERSON or BUSINESS.
useCase: Screening use case identifier (e.g. PARTNER-PERSONNEL).
file: Validated CSV matching the selected entity schema.
nameoptional: Label for audit + observability.

curl -X POST "__PRODUCTION_URL__/api/v2/batch" \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "entityType=PERSON" \
  -F "useCase=PARTNER-PERSONNEL" \
  -F "file=@./people.csv;type=text/csv"

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "entityType": "PERSON",
  "useCase": "PARTNER-PERSONNEL"
}

GET __PRODUCTION_URL__/api/v2/batch/:id

Retrieve a batch result

Poll this endpoint with the UUID from upload. When processing completes it returns the enriched CSV payload.

Path

:id: UUID returned by POST /api/v2/batch.

Status behavior

200: Result ready; body contains the enriched CSV.
202: Still processing; poll again.
404: Unknown or expired batch id.

curl "__PRODUCTION_URL__/api/v2/batch/550e8400-e29b-41d4-a716-446655440000" \
  -H "X-API-Key: YOUR_API_KEY"

CSV schemas

Maggie validates uploads against the entity schema bound to entityType. Mapping your source columns up front is the fastest way to ship a stable integration.

PERSON

first_name,last_name,address,city,state,zip,phone1,email,dob,external_id
Jane,Doe,123 Main St,Austin,TX,78701,5125550199,jane@example.com,1989-08-03,person-001

BUSINESS

name,address,city,state,zip,phone1,email,external_id
Taco Palace,123 Main St,Austin,TX,78701,5125550148,ops@tacopalace.com,business-001

MCP

Tool-first JSON-RPC.

MCP is the surface for copilots, agents, and orchestrators that already think in tools and sessions. All calls target a single endpoint and are dispatched by JSON-RPC method.

POST __PRODUCTION_URL__/api/v2/mcp method: initialize

Initialize a session

Open a stateful MCP session. Skip when your client is fully stateless.

Headers

X-API-Key: Tenant API key.
Content-Type: application/json

curl -X POST "__PRODUCTION_URL__/api/v2/mcp" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2024-11-05",
      "clientInfo": { "name": "your-client", "version": "1.0.0" },
      "capabilities": {}
    }
  }'

POST __PRODUCTION_URL__/api/v2/mcp method: tools/list

List available tools

Inspect the current tool schemas before issuing a call.

curl -X POST "__PRODUCTION_URL__/api/v2/mcp" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/list", "params": {} }'

POST __PRODUCTION_URL__/api/v2/mcp method: tools/call

Invoke a tool

Use create_batch to start a run. Retrieve later with get_batch_result.

curl -X POST "__PRODUCTION_URL__/api/v2/mcp" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "create_batch",
      "arguments": {
        "entityType": "BUSINESS",
        "useCase": "RESTAURANT-ONBOARD",
        "csvContent": "name,address,city,state,zip\nTaco Palace,123 Main St,Austin,TX,78701"
      }
    }
  }'

Batch Analytics

Scored documents + queryable batch views.

This surface is for dashboards, queues, and alerting flows. Ingest documents into a batch, then query the batch through summary, document, and risk-key views depending on what the downstream consumer needs.

POST __PRODUCTION_URL__/api/v2/score-data

Ingest documents

Submit one or more documents bound to a batchId. Maggie scores and indexes them for later queries.

curl -X POST "__PRODUCTION_URL__/api/v2/score-data" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -d '{
    "usecase": "partner-personnel",
    "batchId": "9edbab6e-7d52-4383-b813-cee40345877f",
    "metadata": { "customerId": "acme-42" },
    "docs": [
      {
        "id": "1745029250154",
        "title": "Open source finding",
        "content": "Subject appears in several posts describing threats and fraud.",
        "type": "WEB",
        "source": "https://example.com/report",
        "language": "en"
      }
    ],
    "options": { "priority": "sync" }
  }'

GET __PRODUCTION_URL__/api/v2/score-data/:batchId/summary

Batch summary

Narrative + executive rollup for a batch. Also available as /text-summary.

curl "__PRODUCTION_URL__/api/v2/score-data/9edbab6e-7d52-4383-b813-cee40345877f/summary" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

GET __PRODUCTION_URL__/api/v2/score-data/:batchId/documents

List documents

Paginated, sortable view. Use for queues and review tables.

curl "__PRODUCTION_URL__/api/v2/score-data/9edbab6e-7d52-4383-b813-cee40345877f/documents?limit=25&offset=0&sortBy=risk&sortOrder=desc" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

GET __PRODUCTION_URL__/api/v2/score-data/:batchId/risk-keys

Risk keys

Aggregated risk signals across the batch. Drive alerts and dashboards from here.

curl "__PRODUCTION_URL__/api/v2/score-data/9edbab6e-7d52-4383-b813-cee40345877f/risk-keys?limit=50&offset=0&sortBy=count&sortOrder=desc" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Ship Maggie into your client's workflow.

Tool-first clients

CSV-driven operations

Scored document workflows

Work inside the surface you are actually implementing.

Initialize or go stateless.

List tools dynamically.

Create the batch, then retrieve the result.

create_batch

get_batch_result

Choose entity type and use case.

Upload the file and persist the UUID.

Poll until the processed CSV is ready.

/summary and /text-summary

/documents and /risk-keys

ThreatMinder.com is one click away.

Maggie's APIs, end to end.

The AI behind every ThreatMinder call.

A production AI agent.

Three shaped surfaces.

Partner & customer integrations.

Authentication

X-API-Key

Authorization: Bearer

Base URL & environments

Errors

CSV upload and async retrieval.

Upload a batch CSV

Headers

Form fields

Retrieve a batch result

Path

Status behavior

CSV schemas

Tool-first JSON-RPC.

Initialize a session

Headers

List available tools

Invoke a tool

Scored documents + queryable batch views.

Ingest documents

Batch summary

List documents

Risk keys

`create_batch`

`get_batch_result`

`/summary` and `/text-summary`

`/documents` and `/risk-keys`

`X-API-Key`

`Authorization: Bearer`