Governance
All three API surfaces are subject to the same governance framework. There is no privileged surface that bypasses governance — an action blocked by org policy is blocked whether it originates from a Telegram message, a Platform API call, or an Integration API tool execution.
Budget Enforcement
API-initiated interactions and jobs consume budget the same as conversational interactions. Budget limits are evaluated before work begins. If a budget would be exceeded, the request fails with a 403 budget_exceeded error rather than allowing the work to proceed and charging retroactively.
Budget enforcement is per-org and per-team. Team budgets are nested within org budgets — exhausting a team budget does not affect other teams, but exhausting the org budget affects all teams.
Policy Evaluation
Tool restrictions, content rules, and approval requirements apply regardless of which API surface is in use. If an org policy requires human approval before an agent uses a particular tool, that approval requirement applies to Platform API job dispatch just as it does to conversational interactions.
Policies are evaluated at the point of action, not at API key creation time. Changing a policy immediately affects all subsequent API calls.
Audit Trail
Every action through every API surface is logged with full context:
- The originating surface (channel, platform, integration)
- The authentication identity (API key ID, scoped org/team/agent)
- The action taken
- The policy evaluation result
- The cost attributed
Audit logs are available in the dashboard and can be streamed to an external SIEM via event subscriptions.
Rate Limiting
Each surface has independently configured rate limits, enforced by the same mechanism. Rate limits are per API key, not per IP address. If you need higher limits, contact support — limits can be increased for verified partners.