Documentation Index
Fetch the complete documentation index at: https://docs.exorde.io/llms.txt
Use this file to discover all available pages before exploring further.
Two scopes, one analytics surface
Every analytical endpoint in the Intel API runs against a scope. There are two kinds, and both expose the same surface — the only thing that changes is the path prefix.
| Scope | What | Maintained by | Available on |
|---|
| Curated topic | Named, stable slice (global, cyber, finance, disinfo) | Exorde | Every tier; topic scope per key |
| Custom watchlist | Your own keyword, phrase, entity, or domain scope | You | See and Know |
Curated topics
The four public curated topics:
| Topic | What it tracks | Typical signal |
|---|
global | Top storylines across the global conversation — geopolitics, macro, mainstream news | Iran-Israel exchange, ECB rate decision, Eurovision aftermath |
cyber | Cybersecurity incidents, threat actors, vulnerabilities, ransomware, breaches | ”dark web” 6.67σ spike on breach disclosures |
finance | Markets, central banks, crypto, earnings, macro indicators | Fed pivot rumours, Bitcoin ETF flows, earnings beats |
disinfo | Coordinated narrative ops, bot activity, deepfake claims, info-warfare signals | Multi-platform synchronised posting around an election |
Additional curated slices (defense, energy, geopolitics, MENA, ai_tech, named-entity slices) are available to enterprise Know customers on request — email [email protected] with the desired scope. GET /v1/me returns your topics array. A Watch-tier trial is scoped to global only.
curl https://intel-v1.exorde.io/v1/topics/cyber/trending \
-H "X-API-Key: $EXORDE_API_KEY"
403 topic_denied. The error envelope tells you which topics you do have:
{
"error": "topic_denied",
"message": "Key not authorised for topic 'cyber'",
"requested_topic": "cyber",
"allowed_topics": ["global"],
"trace_id": "8b3a47ce91d04f17"
}
Listing topics
curl https://intel-v1.exorde.io/v1/topics \
-H "X-API-Key: $EXORDE_API_KEY"
{
"topics": [
{ "topic": "global", "is_default": true, "description": "Global conversation" },
{ "topic": "cyber", "is_default": false, "description": "Cybersecurity" },
{ "topic": "finance", "is_default": false, "description": "Markets & macro" },
{ "topic": "disinfo", "is_default": false, "description": "Information operations" }
],
"count": 4,
"default_topic": "global"
}
Analytics endpoints on curated topics
The full surface, by tier. Concept pages cover the response envelopes in depth.
| Endpoint | Purpose | Watch | See | Know |
|---|
/v1/topics/{t}/trending | Top terms by rolling z-score | ✅ | ✅ | ✅ |
/v1/topics/{t}/volume | Time-series of conversation volume | ✅ | ✅ | ✅ |
/v1/topics/{t}/volume/keywords | Per-keyword volume breakdown | ✅ | ✅ | ✅ |
/v1/topics/{t}/narrative | Editorial summary + sub-narrative weights (alpha) | ✅ | ✅ | ✅ |
/v1/topics/{t}/alerts | LLM-validated volume-spike alerts | ✅ | ✅ | ✅ |
/v1/topics/{t}/clusters | Conversation clusters with titles + entities | ❌ | ✅ | ✅ |
/v1/topics/{t}/entities | Named-entity leaderboard | ❌ | ✅ | ✅ |
/v1/topics/{t}/entities/cooccurrence | Entity co-occurrence graph | ❌ | ✅ | ✅ |
/v1/topics/{t}/entities/timeline | Entity mention time-series | ❌ | ✅ | ✅ |
/v1/topics/{t}/platforms | Source-platform breakdown | ❌ | ✅ | ✅ |
/v1/topics/{t}/search | Full-text search across topic | ❌ | ✅ | ✅ |
/v1/topics/{t}/narratives/history | Time-series of narrative shifts | ❌ | ✅ | ✅ |
/v1/topics/{t}/posts (cluster/entity/narrative evidence) | Source posts | ❌ | ✅ | ✅ |
/v1/topics/{t}/reports/latest | Editorial intelligence reports | ❌ | ❌ | ✅ |
/v1/topics/{t}/reports/archive | Historical reports | ❌ | ❌ | ✅ |
403 upgrade_required with current_tier, required_tier, and feature in the envelope. See Errors.
Custom watchlists
Watchlists are your private scopes. You define the terms; the API runs the same analytics against the matching post stream.
Term types
| Type | Matches | Example |
|---|
keyword | Substring match against entity names and cluster themes | ransomware |
phrase | Same mechanism as keyword; may contain spaces | zero day exploit |
entity | Exact lowercase match on cluster entities | lockbit |
domain | Exact match on cluster top domains | bleepingcomputer.com |
keyword (brand name + variants), domain (corporate sites), and entity (key executives). A threat-intel watchlist combines entity (named threat actors) and keyword (CVE families, malware names).
Create a watchlist
curl -X POST https://intel-v1.exorde.io/v1/watchlists \
-H "X-API-Key: $EXORDE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "acme-monitoring",
"base_topic": "global",
"terms": [
{ "type": "keyword", "value": "acme" },
{ "type": "keyword", "value": "acme corp" },
{ "type": "domain", "value": "acme.com" },
{ "type": "entity", "value": "jane doe" }
]
}'
{
"id": "wl_01HXYZ7DKMSV2X9WJEQ5RQ4N3F",
"client_id": "see_a8c41d92",
"name": "acme-monitoring",
"base_topic": "global",
"terms": [
{ "type": "keyword", "value": "acme" },
{ "type": "keyword", "value": "acme corp" },
{ "type": "domain", "value": "acme.com" },
{ "type": "entity", "value": "jane doe" }
],
"term_count": 4,
"created_at": "2026-05-19T13:00:00Z",
"updated_at": "2026-05-19T13:00:00Z"
}
base_topic defines the universe the watchlist filters from. global matches the broadest stream; cyber filters to cybersecurity-tagged posts only. Most brand watchlists base on global; most threat-intel watchlists base on cyber.
Query a watchlist
The full analytics surface mirrors topic endpoints, with /watchlists/{id}/... instead of /topics/{topic}/.... Same JSON shapes, same tier gates.
# All See-tier:
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../trending -H "X-API-Key: $K"
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../narrative -H "X-API-Key: $K"
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../alerts -H "X-API-Key: $K"
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../entities -H "X-API-Key: $K"
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../platforms -H "X-API-Key: $K"
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../volume -H "X-API-Key: $K"
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../posts -H "X-API-Key: $K"
# Know-tier only:
curl https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ.../clusters -H "X-API-Key: $K"
{
"watchlist_id": "wl_01HXYZ7DKMSV2X9WJEQ5RQ4N3F",
"name": "acme-monitoring",
"snapshot_id": "2026-05-19T13:00:00Z",
"terms": [
{ "term": "acme", "score": 142.3, "rank": 1, "delta_24h": 0.4 },
{ "term": "ceo", "score": 87.1, "rank": 2, "delta_24h": 1.2 },
{ "term": "earnings", "score": 61.8, "rank": 3, "delta_24h": 3.7 }
],
"data_freshness": { "snapshot_age_seconds": 312, "level": "ok" }
}
/topics/{t}/trending, with watchlist_id + name swapping in for topic. Code written for one works on the other.
Update or delete
# Rename
curl -X PATCH https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ... \
-H "X-API-Key: $EXORDE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "acme-brand-q3"}'
# Replace terms (whole-array replacement)
curl -X PATCH https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ... \
-H "X-API-Key: $EXORDE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"terms": [{"type":"keyword","value":"acme"},{"type":"domain","value":"acme.com"}]}'
# Delete
curl -X DELETE https://intel-v1.exorde.io/v1/watchlists/wl_01HXYZ... \
-H "X-API-Key: $EXORDE_API_KEY"
terms is whole-array replacement, not a delta. Send the full intended term list; anything missing from the new array is removed.
Limits and validation
| Quota | Watch | See | Know |
|---|
| Custom watchlists | — | 4 | 20 |
| Terms per watchlist | — | 10 | 50 |
{
"error": "watchlist_limit_reached",
"message": "Your tier allows up to 4 watchlists",
"current_tier": "see",
"limit": 4,
"current": 4,
"trace_id": "8b3a47ce91d04f17"
}
error | When |
|---|
watchlist_term_limit_reached | More than allowed terms in payload |
validation_error | Empty terms, missing name, invalid term_type |
unknown_topic | base_topic not in curated set |
duplicate_watchlist_name | Name already used by this client |
Webhooks (push delivery)
See and Know tiers can register webhook URLs to receive alerts and watchlist signals as they fire, instead of polling.
curl -X POST https://intel-v1.exorde.io/v1/subscriptions \
-H "X-API-Key: $EXORDE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"type": "alert",
"scope": { "kind": "topic", "topic": "cyber" },
"delivery": {
"kind": "webhook",
"url": "https://your.app/exorde-webhook",
"secret": "whsec_..."
}
}'
| Quota | Watch | See | Know |
|---|
| Webhook subscriptions | — | 20 | 50 |
delivery_id for dedup and an HMAC-SHA256 signature in the X-Exorde-Signature header for verification. Full setup, signature verification, and dedup pattern: Alerts → Webhook delivery.
When to use which
- Use a curated topic when your use case aligns with one of the four public slices. Less setup, same analytics, baselines already learned over months of data.
- Use a watchlist for anything outside the curated slices — a specific brand, actor, campaign, domain, or niche.
- Combine both. A common pattern: poll
/v1/topics/cyber/alerts for industry-wide signals and maintain a watchlist scoped to your own brand for company-specific monitoring.
- Know-tier customers can request private curated topics — a topic that behaves like
cyber or finance but is exclusive to your account, with bespoke baselines and audience-tuned narrative voice. Email [email protected] with the desired scope.
Last reviewed: 2026-05-19. API version 1.2.8.
