Public APIs — read-only, sanitized, fair-use.
The two endpoints below power the public-facing parts of Orbit (the live brain feed + the Scout transparency stats). Both are open-access — no auth required, no API key needed, fair-use rate limits. We document them here because if you're evaluating Orbit's architecture, you should be able to inspect the wire format yourself.
Returns the most recent ~50 Orbit events sanitized for public consumption. Powers the live event feed on /orbit/brain.html. Cached 60s in-memory + 60s browser. Falls back to a static demo feed when no live events are present.
Try it
curl https://bizbottech.com/api/orbit-brain-public-feed
Response shape
{
"events": [
{
"module": "Voice",
"event_type": "MissedCallDetected",
"summary": "Missed call — 0s, status busy",
"ts": "2026-05-08T03:14:22.184Z"
},
...
],
"demo": false
}
What's exposed
- module — Voice / Recall / Confirm / Stars / Scout / Chat / Invoicing
- event_type — e.g.
MissedCallDetected,CustomerReplyReceived,AppointmentCreated - summary — short human-readable description; for SMS replies includes a 40-char prefix of the customer text
- ts — ISO-8601 timestamp
- demo — true if the response is a fallback static feed (no live events in window)
Rate limit
60 requests / minute / IP, enforced at the edge. Polite scrapers welcome — Cache-Control: public, max-age=60 means you should rarely need to hit it twice in a row.
Aggregated stats from the Scout lead-discovery catalog. Powers the live counters on /orbit/scout/. Cached 6h in-memory + 6h browser. No PII — only aggregate counts and top-N lists.
Try it
curl https://bizbottech.com/api/scout-stats
Response shape
{
"total": 0,
"noWebsite": 0,
"avgGapScore": 0,
"byVertical": { "siteline": 0, "agentedge": 0, ... },
"topCities": [{ "city": "Pittsburgh", "count": 0 }, ...],
"topStates": [{ "state": "PA", "count": 0 }, ...],
"last7Days": 0,
"dateRange": { "earliest": null, "latest": null },
"updatedAt": "2026-05-08T..."
}
Rate limit
30 requests / minute / IP. Cached aggressively — successive calls return the same payload for 6 hours.
What we never expose
- No customer phone numbers — the brain feed sanitizer strips them. The orbit_events table stores only a SHA-256 hash truncated to 32 chars internally; the public feed doesn't include the hash either.
- No customer names, emails, or addresses — those live in
customer_profileswhich has zero public-facing endpoints. - No business IDs — the public feed doesn't reveal which BizBot tenant generated which event.
- No raw payloads — only short pre-summarized strings. The orchestrator decision logs, the full SMS bodies, the call transcripts, the review texts — none of those go public.
- No write endpoints, ever — there is no public write API. The seed endpoint (
POST /api/orbit-brain-seed) requiresx-orbit-adminheader and is admin-only.
A note on transparency-as-architecture.
We made the choice to publish a public sanitized event feed because we wanted prospects evaluating us against Rosie / Smith.ai / Podium to be able to verify our claims about the orchestrator architecture without needing a sales call or an NDA. The endpoint above is what backs that public feed. Read the source if you want — api/orbit-brain-public-feed.js, ~120 lines, in the deployed bundle. The sanitizer is straightforward; we're not hiding logic.
Watch the events actually stream.
The /orbit/brain.html dashboard polls the endpoint above every 60 seconds. Click the "Run sample chain" button to see a 5-event simulated chain client-side without polluting the real feed.