docs/api.md
- Source: docs/api.md
Imported Content
API Surface
Base path
/api/v1
Required headers
x-workspace-id: required on tenant-scoped routes.Idempotency-Key: required on all mutating routes.x-correlation-id: optional; generated if absent.Authorization: Bearer <jwt>: required unlessAUTH_MODE=disabled.x-agentfield-signature: required on workflow callback when webhook secret is configured.x-agentfield-delivery: required on workflow callback when signatures are enforced.x-hub-signature-256: required on GitHub webhook when enabled.x-github-delivery: required on GitHub webhook when enabled.
Role model (JWT roles claim)
msp_admin: full platform accessops_engineer: operations + telemetry + execution accessautomation_operator: allowed to execute agentsintegration_admin: accounting/notification adapter operationsbilling: financial resource accessdata_admin: import/export and broad write capabilitiesviewer: read-only operational visibilityplatform_admin: non-tenant platform configuration and secret managementendpoint_agent: telemetry ingest + edge policy accessclient_portal: scoped client-facing read access
Aggregation endpoints
GET /api/v1/dashboard/summary: server-side KPI/event/execution aggregation for operator console.GET /api/v1/portal/summary: portal counters, approvals queue, ticket and invoice summary.GET /api/v1/ops/summary: incident/change/billing lane summaries for ops workbench.
Portal action interfaces
POST /api/v1/portal/session/exchangePOST /api/v1/portal/session/terminateGET /api/v1/portal/invitesPOST /api/v1/portal/invitesPOST /api/v1/portal/invites/{id}/revokeGET /api/v1/portal/knowledge-baseGET /api/v1/portal/clientsGET /api/v1/portal/ticketsGET /api/v1/portal/quotesGET /api/v1/portal/invoicesGET /api/v1/portal/paymentsPOST /api/v1/portal/ticketsPOST /api/v1/portal/tickets/{id}/updatePOST /api/v1/portal/quotes/{id}/decisionPOST /api/v1/portal/invoices/{id}/acknowledgePOST /api/v1/portal/invoices/{id}/payment-intent
Operations action interfaces
POST /api/v1/ops/alerts/{id}/link-ticketPOST /api/v1/ops/tickets/{id}/link-assetPOST /api/v1/ops/tickets/{id}/link-runbookPOST /api/v1/ops/tickets/{id}/escalatePOST /api/v1/ops/tickets/{id}/resolve
Workflow control interfaces
GET /api/v1/workflow-executions/{id}POST /api/v1/workflow-executions/{id}/retryPOST /api/v1/workflow-executions/{id}/cancel
WorkflowExecution includes:
inputRef,outputRef,evidenceRefdurationMs,retryCount,failureCode
Agent runtime visibility interfaces
GET /api/v1/agent-runtime/healthGET /api/v1/agent-runtime/queuesGET /api/v1/agent-runtime/failuresGET /api/v1/agent-runtime/agentsPOST /api/v1/agent-runtime/outbox-failures/{id}/retryPOST /api/v1/agent-runtime/job-failures/{id}/retryPOST /api/v1/agent-runtime/smoke
Telemetry enrollment interfaces
GET /api/v1/edge-agent/enrollmentPOST /api/v1/edge-agent/enrollment/rotateGET /api/v1/edge-agent/ingest-status
Primary endpoints
GET /healthGET /api/v1/healthGET /.well-known/engine-statusGET /api/v1/openapiGET /api/v1/events/outboxGET /api/v1/events/ingest-batchesPOST /api/v1/events/ingestGET /api/v1/edge-agent/policyGET /api/v1/edge-agent/enrollmentPOST /api/v1/edge-agent/enrollment/rotateGET /api/v1/edge-agent/ingest-statusPOST /api/v1/execute/{agent}.{reasoner}GET /api/v1/workflow-executionsGET /api/v1/workflow-executions/{id}POST /api/v1/workflow-executions/{id}/retryPOST /api/v1/workflow-executions/{id}/cancelGET /api/v1/audit-credentialsGET /api/v1/portal/knowledge-baseGET /api/v1/portal/clientsGET /api/v1/portal/ticketsGET /api/v1/portal/quotesGET /api/v1/portal/invoicesGET /api/v1/portal/paymentsPOST /api/v1/portal/session/exchangePOST /api/v1/portal/session/terminateGET /api/v1/portal/invitesPOST /api/v1/portal/invitesPOST /api/v1/portal/invites/{id}/revokePOST /api/v1/portal/ticketsPOST /api/v1/portal/tickets/{id}/updatePOST /api/v1/portal/quotes/{id}/decisionPOST /api/v1/portal/invoices/{id}/acknowledgePOST /api/v1/portal/invoices/{id}/payment-intentPOST /api/v1/ops/alerts/{id}/link-ticketPOST /api/v1/ops/tickets/{id}/link-assetPOST /api/v1/ops/tickets/{id}/link-runbookPOST /api/v1/ops/tickets/{id}/escalatePOST /api/v1/ops/tickets/{id}/resolveGET /api/v1/agent-runtime/healthGET /api/v1/agent-runtime/queuesGET /api/v1/agent-runtime/failuresGET /api/v1/agent-runtime/agentsPOST /api/v1/agent-runtime/outbox-failures/{id}/retryPOST /api/v1/agent-runtime/job-failures/{id}/retryPOST /api/v1/agent-runtime/smokePOST /api/v1/webhooks/workflow-completedPOST /api/v1/integrations/github/webhookPOST /api/v1/integrations/accounting/syncPOST /api/v1/integrations/notifications/testPOST /api/v1/importsPOST /api/v1/exportsGET /api/v1/jobsGET /api/v1/platform/settingsPUT /api/v1/platform/settingsGET /api/v1/platform/secretsPOST /api/v1/platform/secrets/{key}GET /api/v1/workspace/settingsPUT /api/v1/workspace/settingsGET /api/v1/workspace/secretsPOST /api/v1/workspace/secrets/{key}
Resource endpoint pattern
For each resource (clients, tickets, invoices, etc.):
GET /api/v1/{resource}GET /api/v1/{resource}/{id}POST /api/v1/{resource}PUT /api/v1/{resource}/{id}PATCH /api/v1/{resource}/{id}DELETE /api/v1/{resource}/{id}
List routes support shared query conventions:
limit: page sizeoffset: page offsetsortBy: whitelisted sort fieldsortOrder:ascordescq: free-text filter across serialized payload
List responses return envelope metadata:
data: list payloadpage:{ limit, offset, returned, total }sort:{ by, order }filters: current filter state
Job contract fields
GET /api/v1/jobs returns expanded lifecycle metadata:
queuedAt,startedAt,completedAtretryCounterrorCode,errorMessageartifactUrl
Event topics
ticket.createdticket.sla_breachedasset.state_changedalert.triggeredinvoice.overduepipeline.failedworkflow.completed
Integration notes
- GitHub webhook route returns
404whenGITHUB_WEBHOOK_ENABLED=false. - Telemetry ingest enforces
Idempotency-Keyfor replay-safe ingestion.