RESTful JSON, multilingual, scoped, audited. Forty-plus endpoints across customer, contract, billing, and network operations. The same surface Aelita uses internally is what tenants and partners get for their own integrations. Reference documentation is supplied directly.
Every vendor matrix says "API: yes." What that usually means: a handful of read-only endpoints, undocumented quirks, no rate-limit story, no auth model beyond a static token, no audit trail, and a webhook story that consists of "you can poll us."
The result is that integrators spend the first month of the engagement reverse-engineering what the API actually does, the second month working around what it can't do, and the third month convincing the vendor to add the missing endpoint.
The ISPCQ API was built against real production demands from day one. Aelita uses it for every AI capability she ships. Reseller portals use it for partner-managed customer portfolios. Internal cron jobs use it for billing reconciliation, network monitoring, and dispatch automation.
That means the surface is exercised, the auth is tested, the rate limits are calibrated, and the documentation reflects what actually exists, not what was promised in a deck.
The full reference goes to tenants and integrators with their access keys. Below is the architectural shape so a CTO can evaluate the fit before the conversation.
Read customer profiles, contract lists with status filtering, billing-balance summaries, address coverage checks, multi-criteria customer search. The customer-and-contract surface is the most-trafficked part of the API and the one most integrators start with.
Per-contract network state. Live ONU status with optional realtime OLT query for the freshest signal data. ARPING for layer-3 connectivity. ONU port link status for cable-vs-router diagnosis. Outage-cluster detection. Remote ONU reboot with cooldown and audit log.
Read access to the billing layer with the same depth the operations team sees. Balance with debit / credit semantics, debit-order health and reject history, payment history (multi-channel), tolerance status for service-expiry risk, paginated invoice history, payment verification by amount / date / reference.
API-key authentication via X-API-Key header or Authorization Bearer. Five access tiers (internal, service, partner, customer, public) with calibrated rate limits. ACL v2 scopes for fine-grained permission control. Per-key IP whitelisting. Customer-tier keys auto-restricted to their own UCN.
Error messages translated via URL prefix (`/en/api/v1/...`, `/af/api/v1/...`). Every response uses the same envelope shape: success boolean, data payload, meta block with request_id, timestamp, version, response time. Error codes are stable strings (UNAUTHORIZED, RATE_LIMITED, INVALID_UCN, CUSTOMER_NOT_FOUND, ...) so client code can branch reliably.
Sensitive operations (ONU reboot, service stop, contract termination, MAC update) write three audit records: ACL v2 audit log (compliance-grade, immutable), a contract note visible in the ERP timeline, and a dedicated API log file for forensics. Every API call carries a unique request ID surfaced in response headers and server logs.
Reseller portals. Partner-managed customer portfolios. Resellers see only their own customers (per-key scoping enforced by ACL v2), can view billing balances, raise terminations, update MAC addresses, and run remote diagnostics. The portal is theirs; the operational surface is ours.
Customer-facing apps. Mobile and web applications where the end customer self-services: pay a bill, check balance, see signal quality, reboot their own ONU, request a plan change. The customer-tier key is auto-scoped to the linked UCN so the app cannot leak across customers.
Internal automation. Cron-driven reconciliation, monitoring integrations, dispatch automations, status-page feeds, third-party CRM syncs. The same API surface that powers Aelita is available for the team's own scripts, with the same auth and audit story.
An API is not a one-shot deliverable; it is a long-running contract with the people who built against it. ISPCQ's release discipline reflects that.
The full API reference (endpoint listings, request and response shapes, error tables, scope requirements, audit details) is provided privately to tenants and integrators on confirmation of an integration relationship. The marketing surface is this page; the working surface is shipped to the people building against it.
Email us with what you're building and the expected scope (read-only, write, full). We'll provision keys at the appropriate tier with the right IP whitelist and reply with the current reference within one business day. No automated sales sequences.