{
  "ok": true,
  "data": {
    "service": "platphorm-invoices",
    "publicReadAccess": true,
    "publicOperatorMode": true,
    "auth": {
      "backendServiceKey": "PLATPHORM_API_KEY",
      "acceptedHeaders": [
        "Authorization: Bearer $PLATPHORM_API_KEY",
        "X-PlatPhorm-API-Key: $PLATPHORM_API_KEY"
      ],
      "forbiddenPlatformKeyNames": [
        "TRACE_API_KEY",
        "CLAWS_API_KEY",
        "BROWSEROPS_API_KEY",
        "DOCS_API_KEY",
        "EVALS_API_KEY",
        "MCP_ADMIN_API_KEY",
        "PLATPHORM_MCP_API_KEY",
        "OPENCLAW_API_KEY"
      ]
    },
    "trustedDomains": [
      "*.platphormnews.com",
      "barbineworldwide.com"
    ],
    "canonicalDiscoverySources": [
      "https://platphormnews.com/api/network/graph",
      "https://base.platphormnews.com/sitemap-index.xml"
    ],
    "dataExposureBoundary": "Starter invoice and customer data is public and non-sensitive. Secrets, cookies, raw IPs, payment tokens, and PLATPHORM_API_KEY must never be exposed.",
    "policy": "Web dashboard, public-safe discovery, browser-based operations, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace inspection, and agentic workflow discovery are intentionally supported for public read-only debugging and operator workflows. Mutating, administrative, ingestion, replay, fork, remediation, deployment, sync, test-triggering, reporting, and write actions require PLATPHORM_API_KEY."
  }
}
