openapi: 3.0.1 info: title: Ledgy GraphQL API description: >- HTTP modeling of the Ledgy equity-management GraphQL API. Ledgy exposes a single native GraphQL endpoint at https://app.ledgy.com/graphql; all operations (auth, companyCaptable, companyTransactions, portfolioCaptable, portfolioPerformance, portfolioTransactions) are issued as HTTP POST requests carrying a GraphQL document in the JSON body. This OpenAPI document models that single transport endpoint - it is not a REST decomposition of the schema. See graphql/ledgy-schema.graphql and graphql/ledgy-graphql.md for the GraphQL surface. termsOfService: https://www.ledgy.com/legal/terms contact: name: Ledgy Support url: https://www.ledgy.com/contact version: '1.0' servers: - url: https://app.ledgy.com description: Ledgy production GraphQL transport security: - bearerAuth: [] paths: /graphql: post: operationId: postGraphql tags: - GraphQL summary: Execute a Ledgy GraphQL query. description: >- Single GraphQL transport endpoint. POST a GraphQL document (and optional variables / operationName) as JSON. Authenticate with a company API key as a Bearer token. Rate limited to 20 requests per 5 seconds per company. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GraphQLRequest' examples: auth: summary: Resolve authenticated company value: query: "{ auth { companyId companyName } }" companyCaptable: summary: Cap table grouped by stakeholder value: query: >- query($groupBy: [CaptableGroupBy!]) { companyCaptable(groupBy: $groupBy) { rows { stakeholderName issued diluted vested fullyDilutedOwnership value } } } variables: groupBy: - stakeholderName companyTransactionsGrants: summary: List ESOP grants value: query: >- query($types: [TransactionType!]) { companyTransactions(types: $types) { rows { ... on Grant { transactionId grantType stakeholderName granted grantVested strikePrice equityPlanName } } } } variables: types: - grant responses: '200': description: >- GraphQL response. Returns HTTP 200 even for GraphQL-level errors, which are reported in the errors array per the GraphQL spec. content: application/json: schema: $ref: '#/components/schemas/GraphQLResponse' '401': description: Missing or invalid Bearer API key. '429': description: >- Rate limit exceeded (more than 20 requests per 5 seconds per company). components: securitySchemes: bearerAuth: type: http scheme: bearer description: >- Company API key sent as a Bearer token. Reveal it from your company's general settings page in the Ledgy app. schemas: GraphQLRequest: type: object required: - query properties: query: type: string description: The GraphQL query or mutation document. operationName: type: string description: Name of the operation to run when the document has several. variables: type: object additionalProperties: true description: Map of GraphQL variable values. GraphQLResponse: type: object properties: data: type: object additionalProperties: true nullable: true description: Result data keyed by the requested root fields. errors: type: array nullable: true items: $ref: '#/components/schemas/GraphQLError' GraphQLError: type: object properties: message: type: string path: type: array items: type: string locations: type: array items: type: object properties: line: type: integer column: type: integer extensions: type: object additionalProperties: true