ACI FRAMEWORK v1.0 — METHODOLOGY
Deterministic risk methodology for digital credit.
Methodology, computation engine, and verification layer
Effective1 April 2026
CRO sign-offrequired for changes
Deterministicby design
Version-controlled
API Documentation
ACI Framework v1.0 · base URL https://api.aethoncredit.com
Authentication
API keys are passed via the x-api-key header. Keys are scoped to a workspace and a tier.
curl https://api.aethoncredit.com/api/v1/methodology \ -H "x-api-key: aci_live_..."
Rate limits (sliding 1-hour window)
| Tier | Requests / hour |
|---|---|
| FREE | 100 |
| PROFESSIONAL | 1,000 |
| ENTERPRISE | 10,000 |
| CUSTOM | 10,000 |
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/scores | List scores |
| GET | /api/v1/scores/{providerId} | Single provider score snapshot |
| GET | /api/v1/methodology | Methodology version + threshold metadata |
| GET | /api/v1/status | Platform uptime + freshness |
| GET | /api/public/changelog | Public score-change feed (no auth) |
| POST | /api/public/score-request | Submit a score request (no auth, rate-limited) |
HMAC signature verification
Webhooks are signed with HMAC-SHA-256 over the raw request body. The shared secret is shown once at workspace creation.
// Node.js
import crypto from 'crypto';
const sig = req.headers['x-aci-signature'];
const expected = crypto
.createHmac('sha256', SECRET)
.update(rawBody)
.digest('hex');
if (sig !== expected) throw new Error('invalid signature');# Python
import hmac, hashlib
expected = hmac.new(SECRET.encode(), raw_body, hashlib.sha256).hexdigest()
if request.headers['x-aci-signature'] != expected:
raise ValueError('invalid signature')Scoring response shape (excerpt)
{
"provider_id": "uuid",
"final_score": 78.42,
"risk_band": "MEDIUM",
"confidence": 0.91,
"framework_version": "ACI Framework v1.0",
"score_verified_at": "2026-04-26T12:00:00Z"
}Every weight, threshold, and hard cap is published here
Read full methodology →