# WealthInsight Agent API Guide

Base URL:

```text
https://getwealthinsight.com/api/v1
```

Authentication:

```http
Authorization: Bearer wiag_<token>
```

The user creates tokens at `/pages/agent-access.html`. Tokens are shown once and can be revoked by the user.

## Core Endpoints

- `GET /agent/manifest`: backend capability manifest.
- `GET /agent/openapi.json`: curated OpenAPI document.
- `GET /agent/me`: validate the current Agent Token.
- `GET /agent/context`: retrieve scoped user context.
- `POST /agent/assets`: create an asset with `write:assets`.
- `POST /agent/transactions`: create a transaction with `write:transactions`.
- `POST /agent/expenses`: create an expense with `write:expenses`.
- `GET /agent/tokens`: list the user's tokens, using a browser JWT.
- `POST /agent/tokens`: create a token, using a browser JWT.
- `DELETE /agent/tokens/{token_id}`: revoke a token, using a browser JWT.

## Scopes

- `read:profile`
- `read:assets`
- `write:assets`
- `read:transactions`
- `write:transactions`
- `read:expenses`
- `write:expenses`
- `read:runway`
- `read:ai-history`
- `run:ai-diagnosis`

Use the minimum scope needed. A read-only analysis should not request write scopes.