One API to ingest live video and field inputs from cameras, drones, and phones — and turn them into structured, queryable, real-time security intelligence.
curl -X POST https://api.xperimeter.com/v1/scenes/scene_def456/query \ -H "Authorization: Bearer xp_live_..." \ -H "Content-Type: application/json" \ -d '{ "stream_id": "stream_abc123", "query": "What happened near the south entrance in the last 5 minutes?", "window": "5m" }' // response { "stream_id": "stream_abc123", "query": "What happened near the south entrance in the last 5 minutes?", "answered_at": "2026-04-15T14:32:07.218Z", "detections": [ { "type": "person_count", "value": 3, "location": "south_entrance", "confidence": 0.97 }, { "type": "vehicle", "subtype": "unrecognized", "count": 1, "confidence": 0.91 } ], "crowd_density": 0.42, "anomaly_flag": true }
Use Cases
Build real-time physical security products without managing CV pipelines, camera SDKs, or detection logic from scratch.
Ingest crowd density, headcount, and anomalous movement. Query attendance or receive alerts when thresholds are exceeded.
Built on XPerimeter APIDetect unauthorized vehicles, loitering, and gate breaches. Receive structured detections via webhook the moment conditions are met.
Built on XPerimeter APIWatch every entrance of a school, campus, or house of worship around the clock. Alert operators on unknown persons or access violations.
Built on XPerimeter APISchedule automated perimeter sweeps and receive structured detections from drone feeds without building custom CV pipelines.
Built on XPerimeter APIQuery the correct response protocol for any incident type in any venue. Earthquake, medical, active shooter — answered in milliseconds.
Built on XPerimeter APIBuild a full post-event timeline from ingested feeds, detections, and operator actions. Exportable and audit-ready.
Built on XPerimeter APIResidential and gated estate monitoring with vehicle approval lists, visitor detection, and anomaly alerts.
Built on XPerimeter APIBuild real-time operator consoles on top of XPerimeter's detection and alert streams. No camera vendor SDK required.
Built on XPerimeter APIEight composable primitives. One authentication token. Every camera vendor.
Explore the primitives →How it works
Register cameras, drones, or phones as Streams via a single API call. RTSP, WebRTC, and mobile inputs are all first-class sources.
Detections, classifications, and confidence scores are computed continuously and written to a queryable Scene object.
Ask natural-language questions against scene history or subscribe to webhooks that fire when detection conditions are met.
Fire protocols, notify Responders, escalate to operators, and log every action to an immutable audit trail.
import xperimeter client = xperimeter.Client(api_key="xp_live_abc123...") # Query the south entrance scene for the last 5 minutes result = client.scenes.query( scene_id="scene_def456", stream_id="stream_abc123", query="What happened near the south entrance?", window="5m", ) # Access structured detections for detection in result.detections: print(detection.type, detection.value) # Escalate if anomaly detected if result.anomaly_flag: client.incidents.create(stream_id="stream_abc123")
Primitives
Everything you build is a combination of these. Familiar if you've used Stripe or Twilio.
A registered video or sensor source: IP camera, drone feed, or mobile phone.
The current interpreted state of a physical location, updated continuously.
A classified object, person, vehicle, or anomaly observed within a scene.
A natural-language or structured question answered against scene history.
A predefined response playbook triggered automatically by incident type.
A condition-based notification fired when a detection threshold is met.
A grouped set of detections and events with a full timeline and audit trail.
A human or downstream system that receives escalations and protocol triggers.
Integration
curl -X POST https://api.xperimeter.com/v1/streams \ -H "Authorization: Bearer xp_live_abc123..." \ -H "Content-Type: application/json" \ -d '{ "name": "South Entrance Camera", "source_type": "rtsp", "source_url": "rtsp://192.168.1.101:554/stream1", "location": "south_entrance" }'
curl -X POST https://api.xperimeter.com/v1/scenes/scene_def456/query \ -H "Authorization: Bearer xp_live_abc123..." \ -H "Content-Type: application/json" \ -d '{ "stream_id": "stream_abc123", "query": "Any unauthorized persons in the last 10 minutes?", "window": "10m" }'
# Webhook payload — delivered to your registered endpoint # POST https://your-server.com/webhooks/xperimeter # X-Xperimeter-Signature: sha256=... { "event": "detection.anomaly", "stream_id": "stream_abc123", "incident_id": "incident_xyz789", "detection": { "type": "person", "subtype": "unrecognized", "confidence": 0.94, "location": "south_entrance", "timestamp": "2026-04-15T14:32:07.218Z" } }
curl -X POST https://api.xperimeter.com/v1/incidents/incident_xyz789/protocol \ -H "Authorization: Bearer xp_live_abc123..." \ -H "Content-Type: application/json" \ -d '{ "protocol_type": "unauthorized_access", "notify_responders": true, "escalation_level": 2 }'
import XPerimeter from '@xperimeter/sdk'; const client = new XPerimeter({ apiKey: 'xp_live_abc123...' }); const stream = await client.streams.create({ name: 'South Entrance Camera', sourceType: 'rtsp', sourceUrl: 'rtsp://192.168.1.101:554/stream1', location: 'south_entrance', }); console.log(stream.id); // 'stream_abc123'
const result = await client.scenes.query('scene_def456', { streamId: 'stream_abc123', query: 'Any unauthorized persons in the last 10 minutes?', window: '10m', }); console.log(result.detections); // [{ type: 'person', subtype: 'unrecognized', confidence: 0.94 }] console.log(result.anomalyFlag); // true
app.post('/webhooks/xperimeter', async (req, res) => { const event = XPerimeter.webhooks.verify( req.rawBody, req.headers['x-xperimeter-signature'], process.env.XP_WEBHOOK_SECRET ); if (event.type === 'detection.anomaly') { await handleAnomaly(event.data); } res.sendStatus(200); });
const protocol = await client.incidents.triggerProtocol( 'incident_xyz789', { protocolType: 'unauthorized_access', notifyResponders: true, escalationLevel: 2, } ); console.log(protocol.status); // 'active' console.log(protocol.respondersNotified); // 3
import xperimeter client = xperimeter.Client(api_key="xp_live_abc123...") stream = client.streams.create( name="South Entrance Camera", source_type="rtsp", source_url="rtsp://192.168.1.101:554/stream1", location="south_entrance", ) print(stream.id) # stream_abc123
result = client.scenes.query( scene_id="scene_def456", stream_id="stream_abc123", query="Any unauthorized persons in the last 10 minutes?", window="10m", ) print(result.detections) print(result.anomaly_flag) # True
@app.post("/webhooks/xperimeter") async def handle_webhook(request: Request): event = xperimeter.webhooks.verify( await request.body(), request.headers.get("x-xperimeter-signature"), os.environ["XP_WEBHOOK_SECRET"], ) if event.type == "detection.anomaly": await handle_anomaly(event.data) return {"status": "ok"}
protocol = client.incidents.trigger_protocol( incident_id="incident_xyz789", protocol_type="unauthorized_access", notify_responders=True, escalation_level=2, ) print(protocol.status) # active print(protocol.responders_notified) # 3
Why build on XPerimeter
Most physical security systems are closed, proprietary, and hostile to developers. XPerimeter is designed from the ground up as a platform.
No per-vendor SDKs. Register any RTSP, WebRTC, or mobile source and XPerimeter handles the rest.
Ask questions in plain English and receive structured, machine-readable answers backed by real detections.
Designed for real-time, high-stakes scenarios — not async video review. Latency is measured in milliseconds, not minutes.
Every detection, query, operator action, and protocol trigger is logged immutably. Export-ready for compliance and incident review.
Operators can override, pause, or terminate any automated action. Automation assists; humans decide.
Built for security companies and developers building products on top of XPerimeter, not just end users.
Early Adopters
XPerimeter has deep product-market fit in high-risk community security. The platform is general-purpose — these are where it matters most.
Shuls, day schools, JCCs, and community events. High-threat environments where response speed and protocol clarity save lives.
Campus-wide coverage with emergency protocol integration for active threat, medical, and evacuation scenarios.
Crowd monitoring, perimeter sweeps, and real-time incident response for conferences, concerts, and large gatherings.
Gated estates, HOAs, and smart home security products with vehicle approval lists and anomaly detection.
Perimeter breach detection, unauthorized access alerts, and equipment monitoring on active sites.
Build managed security products and operator dashboards on top of XPerimeter. White-label and partner programs available.
Developer Experience
API design that respects your time. Consistent patterns, clear errors, typed SDKs, and a sandbox you can hit from curl.
Clean versioned endpoints. Consistent request and response shapes. Predictable errors with machine-readable codes.
Subscribe to detections, alerts, and incidents in real time. Retry logic, signature verification, and delivery logs included.
Node.js and Python clients. Fully typed, documented, and maintained. Generated from the same OpenAPI spec as the docs.
Working integrations for common use cases in under 10 minutes. From curl to first webhook in a single terminal session.
Test against synthetic scene data without a physical camera. Simulate detections, trigger protocols, and iterate without hardware.
Full request history and event logs. Filterable, exportable, and tied to your incident audit trail.
Security & Trust
XPerimeter is designed for high-stakes physical security. Access control, auditability, and human override are not afterthoughts.
API key scoping, org-level permissions, and fine-grained resource access. Every key has a defined capability set.
Every API call is logged, traceable, and tied to an audit record. Nothing happens in XPerimeter without a trail.
Operators can override, pause, or terminate any automated action at any point. Automation assists. Humans decide.
Streams, detections, and incidents are scoped to your organization. No cross-tenant data leakage by design.
XPerimeter is infrastructure. You bring the product.
// No credit card required · // Sandbox environment included · // Production SLA from day one