/healthzNoneLiveness probe for load balancers and orchestrators.
Request params
None
Response format
GET /healthz
HTTP 200 application/json
{
"status": "ok"
}Managed Agent API
Production HTTP reference for the Managed Agent API: OpenAI Responses–compatible agent runs, durable volumes, workspace management, browser authentication, and API keys. All versioned routes use the /v1 prefix.
Set AGENT_API_BASE_URL to your API origin (no /v1 suffix) and AGENT_API_KEY to a workspace key (sk-…).
curl -sS https://api.agentsway.dev/v1/agent \
-H "Authorization: Bearer $AGENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"preset": "pro-search",
"input": "Summarize the latest agent API trends."
}'from agent_api import AgentAPI
client = AgentAPI() # AGENT_API_KEY, AGENT_API_BASE_URL
response = client.responses.create(
preset="pro-search",
input="What changed in AI this week?",
)
print(response["output_text"])import { AgentAPI } from "@agent-api/sdk";
const client = new AgentAPI();
const response = await client.responses.create({
preset: "pro-search",
input: "What changed in AI this week?",
});
console.log(response.output_text);POST /v1/agent as the canonical create path. POST /v1/responses is an alias for OpenAI Responses SDK compatibility. Both accept the same body and return the same shapes. For install steps, streaming, and pagination, see Official SDKs.Two packages ship from the same public API contract documented below. Source lives in github.com/scalebox-dev/agent-api under sdk/javascript and sdk/python.
Requires Node.js 18+ (JavaScript) or Python 3.10+ (Python). Pin a version with @1.0.5 or ==1.0.5 when you need reproducible builds.
npm install @agent-api/sdk
pip install cloudsway-agent
Pass apiKey / baseURL (JavaScript) or api_key / base_url (Python), or set AGENT_API_KEY and AGENT_API_BASE_URL in the environment. Default base URL is https://api.agentsway.dev. Python also exposes AsyncAgentAPI for async applications.
const client = new AgentAPI({
apiKey: process.env.AGENT_API_KEY,
baseURL: "https://api.agentsway.dev",
timeout: 600_000, // 10 min request timeout
streamTimeout: 3_600_000, // 1 h stream timeout
maxRetries: 2, // exponential backoff on 429/5xx
});client = AgentAPI(
api_key="sk-...",
base_url="https://api.agentsway.dev",
timeout=600.0,
stream_timeout=3600.0,
max_retries=2,
)JavaScript
| Resource | Methods |
|---|---|
| client.responses / client.agent | create, list, listPage, listIterator, retrieve, cancel, listChildren, listEvents |
| client.models | list |
| client.presets | list |
| client.tools | list |
| client.volumes | list, create, retrieve, update, delete, listEntries, searchEntries, readFile, writeFile, deleteFile, reconcileUsage, createDirectory, deleteDirectory |
| client.skills | list, create, discover, focus, createDev, updateFile, retrieve, update, archive, diff, acceptDev, discardDev, exportArchive, importArchive, pushDirectory, pullDirectory, listFiles, readFile, writeFile, deleteFile |
Python
| Resource | Methods |
|---|---|
| client.responses / client.agent | create, list, list_page, list_iterator, retrieve, cancel, list_children, list_events |
| client.models | list |
| client.presets | list |
| client.tools | list |
| client.volumes | list, create, retrieve, update, delete, list_entries, search_entries, read_file, write_file, delete_path, reconcile_usage, create_directory, download_archive, summarize, read_lines, patch_lines, grep |
| client.skills | list, create, discover, focus, create_dev, update_file, retrieve, update, archive, diff, accept_dev, discard_dev, export_archive, import_archive, push_directory, pull_directory, list_files, read_file, write_file, delete_file |
Set stream: true on client.responses.create. The client parses SSE events and yields typed objects — use the patterns in Streaming for event types.
const stream = await client.responses.create({
preset: "fast-search",
input: "Summarize today's AI news.",
stream: true,
});
for await (const event of stream) {
if (event.type === "response.output_text.delta") {
process.stdout.write(event.delta ?? "");
}
}for event in client.responses.create(
preset="fast-search",
input="Summarize today's AI news.",
stream=True,
):
if event["type"] == "response.output_text.delta":
print(event.get("delta", ""), end="")List endpoints return cursor pages. Use listPage / list_page for manual paging, or listIterator / list_iterator to walk all pages.
for await (const item of client.responses.listIterator({ limit: 20 })) {
console.log(item.id, item.status);
}for item in client.responses.list_iterator(limit=20):
print(item["id"], item["status"])Both SDKs raise typed errors mapped from the API envelope — for example AuthenticationError, RateLimitError, NotFoundError, and BadRequestError. Transient network failures, HTTP 429, and 5xx responses are retried with exponential backoff (default two retries). Respect Retry-After when the API returns it.
https://api.agentsway.dev (or api.<your-domain>). Recommended for server-side clients and SDKs.www, apex, and console subdomains also proxy /v1/* for same-origin browser calls; the dedicated API host remains the stable contract.Example: GET https://api.agentsway.dev/v1/models. Liveness: GET /healthz at the host root.
Create keys under Console → API keys or via POST /v1/api_keys. Keys are shown once at creation; store them securely. Scope keys narrowly when possible (see table below).
Sign-up and sign-in return an AuthSession with access_token, token_type: bearer, expiry, workspace id/name/role, and scopes. Refresh uses an HTTP-only cookie on POST /v1/auth/refresh — not a Bearer header.
| Scope | Grants |
|---|---|
| responses:create | POST /v1/agent, POST /v1/responses |
| responses:read | GET response, list, /children, /events |
| responses:cancel | POST /v1/responses/{id}/cancel |
| models:read | GET /v1/models |
| volumes:read | List, read, search, and reconcile durable volumes |
| volumes:write | Create, update, delete volumes and volume files/directories |
| skills:read | List, discover, focus, and read workspace skill artifacts |
| skills:write | Create, update, archive, and review workspace skill artifacts |
| api_keys:read | List and read API key metadata |
| api_keys:write | Create, activate, deactivate, delete keys |
| workspace_members:read | Workspaces, members, invitations, usage |
| workspace_members:write | Create or mutate workspaces, members, invitations |
| notifications:read | List notifications and unread count (/v1/me/notifications*) |
| notifications:write | Mark notifications read |
Routes without a scope in the gateway still require a valid Bearer. Pass X-Request-ID on support tickets when the gateway returns one.
{
"input": "Your question or message",
"preset": "pro-search",
"stream": false,
"tools": [{ "name": "web_search", "type": "search" }],
"memory": { "enabled": true, "read": true, "write": false }
}Presets bundle model defaults, tools, and limits. Built-in values include fast-search, pro-search, deep-research, academic-research, advanced-deep-research, or code-agent for software engineering. Call GET /v1/presets for the live catalog (prompt version, default model, policy). Request fields override preset defaults within platform caps.
web_search, smart_web_search, lite_web_search, scholar_search, fetch_url, custom function, and server skill tools.volume_id attaches a durable workspace volume so the agent can read and write files during the run. Manage volumes via /v1/volumes/* or client.volumes in the SDK.skills attaches platform-managed workspace skills to the run. Each item is { skill_id, branch? }, with branch defaulting to main. Use local_skills for SDK-provided local skill descriptors.previous_response_id threads conversation turns. parent_response_id is rejected on create — sub-agents are spawned via run_sub_agent on the parent response.plan_mode_preference / sub_agent_preference — off | auto | preferred | required for roadmap and delegation behavior.input supports inline images and documents (gateway-enforced size limits; see OpenAPI).language_preference — ISO 639-1 code (e.g. en, zh) when supported.Skills are workspace-scoped artifact trees. The public management API lives under /v1/skills; agent runs can attach selected platform skills through skills or SDK-local descriptors through local_skills. The model-facing primitives are exposed as normal HTTP operations too: discover returns summaries, focus progressively loads manifests and file listings, and update_file writes proposed changes to the dev branch.
The stable branch is main. Model-generated changes land in dev so users can inspect them with diff and then call accept_dev or discard_dev. Accepting dev uses file-level sync:patch keeps main-only files, while mirror makes main match dev.
Skill artifacts can also move as ZIP archives through export and import. SDKs wrap those routes as local directory push/pull helpers, while the HTTP API stays skill-scoped instead of exposing arbitrary volume operations.
Poll GET /v1/responses/{id} or stream (below). List history with GET /v1/responses. Sub-agent runs appear under GET /v1/responses/{id}/children or in run_sub_agent tool results. Cancel with POST /v1/responses/{id}/cancel when a run is still executing on a replica.
The gateway returns Content-Type: text/event-stream. Each event is a JSON object with a type field. Common types include response.output_text.delta, response.tool.invocation.completed, response.plan.updated, response.step.completed, and lifecycle events such as response.completed. Only documented event shapes are returned on the wire and in GET …/events.
SDKs accept stream: true on client.responses.create and iterate events asynchronously.
{
"error": {
"type": "api_error",
"code": "unauthorized",
"message": "…",
"request_id": "…"
}
}Common code values include invalid_request, unauthorized, forbidden, not_found, and service_unavailable when a platform dependency is temporarily unavailable. Streaming failures may emit an SSE error event before the connection closes.
/healthzNoneLiveness probe for load balancers and orchestrators.
None
HTTP 200 application/json
{
"status": "ok"
}/v1/modelsBearer · models:readList models available to the workspace. Each entry id uses vendor/model form (e.g. openai/gpt-5.4).
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "openai/gpt-4.1",
"object": "model",
"owned_by": "openai",
"capabilities": {
"provider": "openai",
"supports_streaming": true,
"supports_tools": true,
"supports_json_schema": true,
"supports_reasoning": false,
"context_window": 128000,
"pricing": { },
"metadata": { }
}
}
]
}
HTTP 503 — service_unavailable/v1/toolsBearerList built-in and registered tools the agent can invoke.
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"object": "tool",
"name": "web_search",
"type": "search",
"description": "Search the web for current information.",
"max_tokens": 4096,
"max_tokens_per_page": 3000
}
]
}
HTTP 503 — service_unavailable/v1/presetsBearerList managed presets (model defaults, tool policy, prompt version).
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"preset": "pro-search",
"prompt_version": "v1",
"default_model": "openai/gpt-4.1",
"model_chain": ["openai/gpt-4.1"],
"max_output_tokens": 4096,
"policy": {
"plan_mode_preference": "auto",
"sub_agent_preference": "auto",
"allowed_tools": ["web_search", "fetch_url"],
"max_steps": 10
}
}
]
}
HTTP 503 — service_unavailable/v1/volumesBearer · volumes:readList durable workspace volumes with usage counters.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| limit | integer | no | Page size. Default 50. |
| page_token | string | no | Opaque cursor from a prior next_page_token. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"volume_id": "vol_abc",
"tenant_id": "wrk_xyz",
"name": "research-notes",
"oss_prefix": "tenants/wrk_xyz/volumes/vol_abc/",
"bytes_used": 4096,
"object_count": 3,
"created_at_unix": 1710000000,
"updated_at_unix": 1710003600
}
],
"next_page_token": null
}
HTTP 503 — service_unavailable/v1/volumesBearer · volumes:writeCreate a durable volume for agent file I/O.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | Human-readable label. |
HTTP 201 application/json — Volume row (same shape as list item) HTTP 503 — service_unavailable
/v1/volumes/{volume_id}Bearer · volumes:readFetch volume metadata and usage.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | Volume id matching vol_*. |
HTTP 200 application/json — Volume row
/v1/volumes/{volume_id}Bearer · volumes:writeRename a volume.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | yes | New display name. |
HTTP 200 application/json — updated Volume row
/v1/volumes/{volume_id}Bearer · volumes:writeDelete a volume and its stored objects.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
HTTP 204 No Content
/v1/volumes/{volume_id}/usage/reconcileBearer · volumes:readRecompute bytes_used and object_count from object storage.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
HTTP 200 application/json — Volume row with usage_reconciled_at_unix when set
/v1/volumes/{volume_id}/entriesBearer · volumes:readList files and directories under a path.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Directory path (default root). |
| limit | integer | no | Page size. Default 200. |
| page_token | string | no | Pagination cursor. |
HTTP 200 application/json
{
"object": "list",
"entries": [
{ "path": "notes/summary.md", "is_dir": false, "size": 128, "modified_at_unix": 1710000000 }
],
"next_page_token": null
}/v1/volumes/{volume_id}/searchBearer · volumes:readSearch entry paths under a directory prefix.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| query | string | yes | Substring to match in paths. |
| path | string | no | Directory prefix to search. |
| limit | integer | no | Page size. Default 200. |
| page_token | string | no | Pagination cursor. |
HTTP 200 application/json — same list shape as /entries
/v1/volumes/{volume_id}/files/{path}Bearer · volumes:readDeliver a file with smart encoding (text, extracted document text, image URL, or base64). Use format=raw for direct binary bytes.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File path within the volume. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| max_bytes | integer | no | Read cap in bytes (0 = server default). |
| format | string | no | Set to raw for binary bytes with X-Volume-Size and X-Volume-Truncated headers. |
HTTP 200 application/json
{
"path": "notes/summary.md",
"encoding": "text",
"mime_type": "text/markdown",
"size": 128,
"truncated": false,
"content": "# Summary\n"
}
HTTP 200 (format=raw) — raw bytes with Content-Type and X-Volume-* headers/v1/volumes/{volume_id}/files/{path}Bearer · volumes:writeWrite or overwrite a file. Request body is raw file bytes.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | Destination file path. |
HTTP 200 application/json
{ "path": "notes/summary.md", "size": 128 }/v1/volumes/{volume_id}/paths/{path}Bearer · volumes:writeDelete a file or directory tree at path.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File or directory prefix to delete. |
HTTP 200 application/json
{ "path": "notes/archive", "recursive": true }/v1/volumes/{volume_id}/summarizeBearer · volumes:readScan the volume and return stats plus text previews. Writes .agent-volume/summary.json.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Optional path prefix to limit the scan. |
HTTP 200 application/json — summary_path, file_count, total_bytes, top_paths_by_size, text_previews
/v1/volumes/{volume_id}/grepBearer · volumes:readSearch file contents for a literal substring.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| pattern | string | yes | Literal substring to find. |
| path | string | no | Directory prefix to search under. |
HTTP 200 application/json — object=list, matches[{path,line_number,line}], files_scanned, scan_truncated/v1/volumes/{volume_id}/file_lines/{path}Bearer · volumes:readRead a 1-based inclusive line range from a text file.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File path. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| start_line | integer | yes | 1-based start line. |
| end_line | integer | no | Inclusive end line; 0 = EOF. |
HTTP 200 application/json — path, start_line, end_line, total_lines, lines[]
/v1/volumes/{volume_id}/file_lines/{path}Bearer · volumes:writeReplace an inclusive line range in a text file.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File path. |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| start_line | integer | yes | 1-based start line. |
| end_line | integer | no | Inclusive end line; 0 = EOF. |
| replacement | string | no | Replacement text. |
HTTP 200 application/json — path, start_line, end_line, total_lines, size
/v1/volumes/{volume_id}/archiveBearer · volumes:readDownload a directory tree as a ZIP archive.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Directory path to archive (default root). |
HTTP 200 application/zip
/v1/volumes/{volume_id}/directoriesBearer · volumes:writeCreate a directory (and parents as needed).
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | yes | Directory path to create. |
HTTP 201 application/json
{ "path": "notes/archive" }/v1/skillsBearer · skills:readList workspace-scoped skills. Skills are opaque filesystem artifact trees with main/dev branches.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| include_archived | boolean | no | Include archived skills. |
| limit | integer | no | Page size. Default 50. |
| page_token | string | no | Opaque cursor from a prior next_page_token. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"object": "skill",
"skill_id": "skl_abc",
"name": "research-helper",
"description": "Research workflow guidance",
"main_digest": "sha256:...",
"dev_digest": "sha256:...",
"has_dev": true,
"archived": false,
"created_at": 1710000000,
"updated_at": 1710003600
}
],
"next_page_token": null
}/v1/skillsBearer · skills:writeCreate a workspace skill metadata record and default SKILL.md on the main branch.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | Skill display name. |
| description | string | no | Short model-facing description. |
| metadata | object | no | String-keyed metadata. |
HTTP 201 application/json — Skill object
/v1/skills/discoverBearer · skills:readModel-facing discovery primitive. Search workspace skills and optional local descriptors without loading full artifacts.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| query | string | no | Search text matched against skill metadata and manifests. |
| branch | main | dev | both | no | Branch view. Defaults to main; dev falls back to main when absent. |
| include_dev | boolean | no | Include skills with dev branch state. |
| limit | integer | no | Maximum summaries to return. |
| local_skills | LocalSkillDescriptor[] | no | Client-side local skill descriptors to include in discovery results. SDKs may include an initial SKILL.md manifest preview. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"object": "skill_summary",
"skill_id": "skl_abc",
"name": "research-helper",
"branch": "main",
"digest": "sha256:...",
"has_dev": true
}
],
"next_page_token": null
}/v1/skills/focusBearer · skills:readModel-facing focus primitive. Load selected skill manifests, file listings, and requested supporting files progressively. Set include_manifest=false on follow-up reads when SKILL.md is already in context.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skills | SkillFocusItem[] | yes | Items with skill_id/branch or local_skill descriptor. Each item may include paths for selected supporting files and include_manifest=false for follow-up reads. |
| fallback_to_main | boolean | no | When focusing dev, read main if dev does not exist. Default true. |
| max_manifest_chars | integer | no | Maximum SKILL.md characters returned per focused skill. |
| max_file_chars | integer | no | Maximum characters returned per requested supporting file. |
HTTP 200 application/json
{
"object": "skill_focus_result",
"data": [
{
"ok": true,
"skill_id": "skl_abc",
"branch": "main",
"skill": {
"object": "focused_skill",
"skill_id": "skl_abc",
"manifest": "# Research helper\n...",
"manifest_truncated": false,
"entries": [{ "path": "SKILL.md", "is_dir": false, "size": 128 }],
"files": [{ "path": "examples.md", "content": "Example...", "truncated": false, "size": 42 }]
}
}
]
}/v1/skills/create_devBearer · skills:writeModel-facing create primitive. Create a new skill with initial files on the dev branch for later user review.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | yes | Skill name. |
| description | string | no | Short description. |
| metadata | object | no | String-keyed metadata. |
| files | SkillFileMutation[] | no | Initial files with path plus content or content_base64. |
HTTP 201 application/json
{
"object": "skill_create_result",
"skill": { "object": "skill", "skill_id": "skl_abc", "name": "research-helper", "has_dev": true },
"branch": "dev",
"files": [{ "path": "SKILL.md", "size": 128 }]
}/v1/skills/update_fileBearer · skills:writeModel-facing update primitive. Write one or more files to skill dev branches. The operation cap is enforced by the gateway.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| updates | SkillFileUpdateMutation[] | yes | Each update includes skill_id, path, and content or content_base64. |
HTTP 200 application/json
{
"object": "skill_update_result",
"data": [
{ "ok": true, "skill_id": "skl_abc", "path": "SKILL.md", "size": 256 }
]
}/v1/skills/{skill_id}Bearer · skills:readFetch skill metadata.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | Skill id matching skl_*. |
HTTP 200 application/json — Skill object
/v1/skills/{skill_id}Bearer · skills:writeUpdate skill metadata.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | New display name. |
| description | string | no | New description. |
| metadata | object | no | Replacement metadata. |
HTTP 200 application/json — updated Skill object
/v1/skills/{skill_id}/archiveBearer · skills:writeArchive a skill. Archived skills are read-only and hidden from normal list/discover results.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
HTTP 200 application/json — archived Skill object
/v1/skills/{skill_id}Bearer · skills:writePermanently delete a skill and its main/dev artifact files.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
HTTP 200 application/json — { "deleted": true }/v1/skills/{skill_id}/accept_devBearer · skills:writeAccept dev changes into main with file-level sync, then clear dev state. Default strategy is patch.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| strategy | patch | mirror | no | Also accepted in JSON body. patch keeps main-only files; mirror deletes main-only files so main matches dev. |
HTTP 200 application/json — Skill object with has_dev=false
/v1/skills/{skill_id}/discard_devBearer · skills:writeDiscard the dev branch and keep main unchanged.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
HTTP 200 application/json — Skill object with has_dev=false
/v1/skills/{skill_id}/exportBearer · skills:readDownload a ZIP archive for a skill branch or subtree. SDKs use this route for local directory pull helpers.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Directory path to export. Default root. |
| branch | main | dev | no | Branch to export. Default main. |
| fallback_to_main | boolean | no | When branch=dev, fall back to main if dev is absent. Default true. |
HTTP 200 application/zip HTTP 400 — invalid_request HTTP 404 — not_found
/v1/skills/{skill_id}/importBearer · skills:writeUpload a ZIP archive into a skill branch or subtree. SDKs use this route for local directory push helpers.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Target directory path. Default root. |
| branch | main | dev | no | Destination branch. Default main. |
| replace | boolean | no | Delete the target subtree before importing. Default false. |
| strip_top_level_dir | boolean | no | Strip one common top-level folder from uploaded archive entries. Default true. |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| archive | application/zip | yes | ZIP archive containing skill artifact files. |
HTTP 200 application/json
{
"object": "skill_import_result",
"branch": "dev",
"file_count": 3,
"byte_count": 4096,
"skill": { "object": "skill", "skill_id": "skl_abc", "has_dev": true }
}
HTTP 400 — invalid_request
HTTP 404 — not_found/v1/skills/{skill_id}/diffBearer · skills:readCompare main and dev branches. Returns file-level statuses and unified text diffs for UTF-8 files under the configured cap.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Directory path to diff. Default root. |
| max_file_chars | integer | no | Character cap for generated text diffs. |
| include_unchanged | boolean | no | Include unchanged file rows. Default false. |
HTTP 200 application/json
{
"object": "skill_branch_diff",
"skill_id": "skl_abc",
"base_branch": "main",
"compare_branch": "dev",
"summary": { "added": 1, "modified": 2, "deleted": 0, "unchanged": 4 },
"files": [{ "path": "SKILL.md", "status": "modified", "text": true, "diff": "--- main/SKILL.md\n+++ dev/SKILL.md\n..." }]
}/v1/skills/{skill_id}/filesBearer · skills:readList files and directories in a skill branch.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Directory path. Default root. |
| branch | main | dev | no | Branch to read. Default main. |
| fallback_to_main | boolean | no | When branch=dev, fall back to main if dev is absent. Default true. |
| limit | integer | no | Page size. |
| page_token | string | no | Pagination cursor. |
HTTP 200 application/json
{
"object": "list",
"branch": "main",
"entries": [{ "path": "SKILL.md", "is_dir": false, "size": 128 }],
"next_page_token": null
}/v1/skills/{skill_id}/files/{path}Bearer · skills:readRead a skill file as text content.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
| path | string | yes | File path inside the skill. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| branch | main | dev | no | Branch to read. Default main. |
| fallback_to_main | boolean | no | When branch=dev, fall back to main if dev is absent. Default true. |
| max_bytes | integer | no | Read cap in bytes. |
HTTP 200 application/json
{
"object": "skill_file",
"path": "SKILL.md",
"branch": "main",
"content": "# Research helper\n...",
"size": 128,
"truncated": false
}/v1/skills/{skill_id}/files/{path}Bearer · skills:writeWrite or overwrite a skill file. User calls may target main or dev; model-facing updates should use dev.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
| path | string | yes | Destination file path. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| branch | main | dev | no | Destination branch. Default main. |
HTTP 200 application/json
{ "object": "skill_file", "path": "SKILL.md", "branch": "dev", "size": 256 }/v1/skills/{skill_id}/files/{path}Bearer · skills:writeDelete a file from a skill branch.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| skill_id | string | yes | skl_* |
| path | string | yes | File path inside the skill. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| branch | main | dev | no | Branch to mutate. Default main. |
HTTP 200 application/json
{ "object": "skill_file", "path": "notes/example.md", "branch": "dev", "recursive": false }/v1/agentBearer · responses:createCreate an agent run (canonical path). model and models accept vendor/model ids from GET /v1/models or, when unique, a bare suffix alias (e.g. gpt-5.4). Returns a stored Response or an SSE stream when stream is true.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| input | Input | yes | User message or multimodal input array (string, message items with input_text/input_image/input_document, function_call, function_call_output). |
| model | string | no | Model reference in vendor/model form (e.g. openai/gpt-5.4) or, when unique in the catalog, a bare suffix alias (e.g. gpt-5.4). Canonical ids from GET /v1/models are recommended. Ignored when models is set. Required if neither models, preset, nor model_routing=auto is provided. |
| models | string[] | no | Ordered model references (vendor/model or unique bare suffix) for chain routing, or an optional candidate pool when model_routing is auto. |
| model_routing | auto | chain | no | Model routing mode. auto selects within an optional models pool using openmark; chain uses strict fallback order. Default chain. |
| routing_strategy | balanced | high-quality | cost-effective | no | Auto routing strategy. Only applies when model_routing is auto. Default balanced. |
| preset | string | no | Managed bundle: fast-search | pro-search | deep-research | academic-research | advanced-deep-research | code-agent. Required if neither model, models, nor model_routing=auto is provided. |
| instructions | string | no | System-level instructions prepended to the run. |
| language_preference | string | no | ISO 639-1 code from server allowlist (e.g. en, zh). Two lowercase letters. |
| stream | boolean | no | When true, returns text/event-stream instead of JSON. Default false. |
| tools | Tool[] | no | Tools to expose: web_search, smart_web_search, lite_web_search, scholar_search, fetch_url, function, skill. |
| tool_choice | string | object | no | Tool selection policy: "auto", "none", "required", or a named-tool object. |
| parallel_tool_calls | boolean | no | Allow parallel tool calls. Default true. |
| memory | MemoryOptions | no | Long-term memory opts: { enabled?, read?, write? }. Thread with previous_response_id. |
| plan_mode_preference | AgentCapabilityPreference | no | Roadmap/plan steering: off | auto | preferred | required. |
| sub_agent_preference | AgentCapabilityPreference | no | Delegation steering for run_sub_agent: off | auto | preferred | required. |
| max_output_tokens | integer | no | Cap on model output tokens (≥ 1). |
| max_steps | integer | no | Agent loop step limit (1–10). |
| reasoning | ReasoningConfig | no | Reasoning effort: { effort: none | minimal | low | medium | high | xhigh }. |
| response_format | ResponseFormat | no | Structured output: { type: json_schema, json_schema: { … } }. |
| previous_response_id | string | no | Prior response id for conversation threading (resp_*). |
| prompt_cache_key | string | no | OpenAI-compatible field; currently accepted but ignored by AgentsWay. |
| metadata | object | no | String-keyed response metadata: up to 16 keys; keys ≤64 chars; values must be string, number, or boolean; string values ≤512 chars. |
| store | boolean | no | OpenAI-compatible field; currently accepted but ignored. Responses are persisted for platform operation. |
| user | string | no | OpenAI-compatible field; currently accepted but ignored. Attribution uses the authenticated user id. |
| volume_id | string | no | Attach a durable workspace volume (vol_*) so the agent can read and write files during the run. |
| skills | SkillReference[] | no | Platform-managed workspace skills to make available to the run. Each item is { skill_id, branch? }, where branch defaults to main and may be main or dev. |
| local_skills | LocalSkillDescriptor[] | no | SDK/client-provided local skill descriptors. Local artifacts stay with the client; SDKs may include an initial SKILL.md manifest preview for auto-focus, and deeper reads still use the local skill tool bridge. |
| preferred_sites | string[] | no | Up to 3 hostnames to bias web discovery or fetching (e.g. arxiv.org). Requires an allowed tool with type web_search or web_fetch. Search tools receive domain filters when the model omits them; fetch tools get prompt-level URL bias. |
Example request (application/json)
{
"input": "Summarize recent AI news.",
"model_routing": "auto",
"routing_strategy": "high-quality",
"models": ["openai/gpt-5.4", "google/gemini-3-flash-preview"]
}
HTTP 200 application/json (stream: false)
{
"id": "resp_abc123",
"object": "response",
"created_at": 1710000000,
"completed_at": 1710000060,
"status": "completed",
"model": "openai/gpt-4.1",
"output": [ … ],
"output_text": "…",
"usage": { "input_tokens": 120, "output_tokens": 340, "total_tokens": 460 },
"tool_results": [
{
"id": "tir_abc",
"tool_call_id": "call_abc",
"tool_name": "web_search",
"status": "completed",
"response_summary": "…"
}
],
"plan": { },
"background": false,
"parent_response_id": null,
"root_response_id": "resp_abc123",
"store": true
}
HTTP 200 text/event-stream (stream: true)
data: {"type":"response.output_text.delta","sequence_number":1,"delta":"Hello"}
data: {"type":"response.tool.invocation.completed","sequence_number":2,"tool_result":{…}}
data: {"type":"response.step.completed","sequence_number":3,"step":{…}}
HTTP 200 text/event-stream on error mid-stream
data: {"error":"…"}/v1/responsesBearer · responses:createOpenAI Responses SDK alias for POST /v1/agent — identical request and response shapes.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| input | Input | yes | User message or multimodal input array (string, message items with input_text/input_image/input_document, function_call, function_call_output). |
| model | string | no | Model reference in vendor/model form (e.g. openai/gpt-5.4) or, when unique in the catalog, a bare suffix alias (e.g. gpt-5.4). Canonical ids from GET /v1/models are recommended. Ignored when models is set. Required if neither models, preset, nor model_routing=auto is provided. |
| models | string[] | no | Ordered model references (vendor/model or unique bare suffix) for chain routing, or an optional candidate pool when model_routing is auto. |
| model_routing | auto | chain | no | Model routing mode. auto selects within an optional models pool using openmark; chain uses strict fallback order. Default chain. |
| routing_strategy | balanced | high-quality | cost-effective | no | Auto routing strategy. Only applies when model_routing is auto. Default balanced. |
| preset | string | no | Managed bundle: fast-search | pro-search | deep-research | academic-research | advanced-deep-research | code-agent. Required if neither model, models, nor model_routing=auto is provided. |
| instructions | string | no | System-level instructions prepended to the run. |
| language_preference | string | no | ISO 639-1 code from server allowlist (e.g. en, zh). Two lowercase letters. |
| stream | boolean | no | When true, returns text/event-stream instead of JSON. Default false. |
| tools | Tool[] | no | Tools to expose: web_search, smart_web_search, lite_web_search, scholar_search, fetch_url, function, skill. |
| tool_choice | string | object | no | Tool selection policy: "auto", "none", "required", or a named-tool object. |
| parallel_tool_calls | boolean | no | Allow parallel tool calls. Default true. |
| memory | MemoryOptions | no | Long-term memory opts: { enabled?, read?, write? }. Thread with previous_response_id. |
| plan_mode_preference | AgentCapabilityPreference | no | Roadmap/plan steering: off | auto | preferred | required. |
| sub_agent_preference | AgentCapabilityPreference | no | Delegation steering for run_sub_agent: off | auto | preferred | required. |
| max_output_tokens | integer | no | Cap on model output tokens (≥ 1). |
| max_steps | integer | no | Agent loop step limit (1–10). |
| reasoning | ReasoningConfig | no | Reasoning effort: { effort: none | minimal | low | medium | high | xhigh }. |
| response_format | ResponseFormat | no | Structured output: { type: json_schema, json_schema: { … } }. |
| previous_response_id | string | no | Prior response id for conversation threading (resp_*). |
| prompt_cache_key | string | no | OpenAI-compatible field; currently accepted but ignored by AgentsWay. |
| metadata | object | no | String-keyed response metadata: up to 16 keys; keys ≤64 chars; values must be string, number, or boolean; string values ≤512 chars. |
| store | boolean | no | OpenAI-compatible field; currently accepted but ignored. Responses are persisted for platform operation. |
| user | string | no | OpenAI-compatible field; currently accepted but ignored. Attribution uses the authenticated user id. |
| volume_id | string | no | Attach a durable workspace volume (vol_*) so the agent can read and write files during the run. |
| skills | SkillReference[] | no | Platform-managed workspace skills to make available to the run. Each item is { skill_id, branch? }, where branch defaults to main and may be main or dev. |
| local_skills | LocalSkillDescriptor[] | no | SDK/client-provided local skill descriptors. Local artifacts stay with the client; SDKs may include an initial SKILL.md manifest preview for auto-focus, and deeper reads still use the local skill tool bridge. |
| preferred_sites | string[] | no | Up to 3 hostnames to bias web discovery or fetching (e.g. arxiv.org). Requires an allowed tool with type web_search or web_fetch. Search tools receive domain filters when the model omits them; fetch tools get prompt-level URL bias. |
Same as POST /v1/agent.
/v1/responsesBearer · responses:readPaginated list of top-level orchestrator runs for the authenticated user. Sub-agent children are excluded.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| limit | integer | no | Page size, 1–100. Default 20. |
| page_token | string | no | Opaque cursor from a prior response next_page_token. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "resp_abc123",
"status": "completed",
"created_at": 1710000000,
"completed_at": 1710000060,
"model": "openai/gpt-4.1",
"preset": "pro-search",
"input_preview": "Summarize…",
"root_response_id": "resp_abc123",
"background": false
}
],
"has_more": false,
"next_page_token": null
}/v1/responses/{response_id}Bearer · responses:readRetrieve a stored response including output, usage, and lineage fields.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
HTTP 200 application/json
{
"id": "resp_abc123",
"object": "response",
"status": "completed",
"model": "openai/gpt-4.1",
"output": [ … ],
"output_text": "…",
"usage": { … },
"metadata": { },
"parent_response_id": null,
"root_response_id": "resp_abc123"
}/v1/responses/{response_id}/cancelBearer · responses:cancelAbort an in-flight run while it is still executing. Idempotent.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
HTTP 200 application/json
{
"interrupted": true
}/v1/responses/{response_id}/childrenBearer · responses:readList sub-agent runs spawned by run_sub_agent on the parent response.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Parent response id matching resp_*. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "resp_child1",
"status": "completed",
"created_at": 1710000010,
"completed_at": 1710000030,
"root_response_id": "resp_abc123",
"model": "openai/gpt-4.1"
}
]
}/v1/responses/{response_id}/volumeBearer · responses:read · volumes:readResolve the durable workspace volume for a response thread.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
HTTP 200 application/json — Volume row (volume_id, name, bytes_used, ...) HTTP 404 — no workspace volume for this response
/v1/responses/{response_id}/eventsBearer · responses:readReplay SSE event shapes for a response.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| after_sequence | integer | no | Return events with sequence_number strictly greater than this value. |
| view | string | no | timeline (default) or full — full includes tool_result.body on tool events. |
HTTP 200 application/json
{
"data": [
{
"type": "response.output_text.delta",
"sequence_number": 42,
"delta": "Hello"
}
]
}
With view=full, tool completion events may include tool_result.body./v1/auth/signupNoneRegister a new user. Sends an email verification code when SMTP is configured.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Valid email address. | |
| password | string | yes | 8–32 ASCII chars (A–Z, a–z, 0–9, and !@#$%^&*()-_=+[]{};:,.?/~). |
| display_name | string | no | Optional display name. |
HTTP 201 application/json
{
"user_id": "usr_abc",
"email": "you@example.com",
"verification_required": true,
"code_expires_at": 1710003600
}/v1/auth/verify_emailNoneConfirm signup with the emailed verification code.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Account email. | |
| code | string | yes | Verification code from email. |
HTTP 200 application/json
Set-Cookie: agent_api_refresh=… (when configured)
{
"access_token": "eyJ…",
"token_type": "bearer",
"access_token_expires_at": 1710003600,
"user_id": "usr_abc",
"workspace_id": "wrk_xyz",
"workspace_name": "My Team",
"workspace_role": "owner",
"scopes": ["responses:create", "responses:read", …]
}/v1/auth/signinNoneSign in with email and password.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Account email. | |
| password | string | yes | Account password. |
HTTP 200 application/json — AuthSession (same shape as verify_email)
/v1/auth/refreshRefresh cookieRotate the browser session using the HTTP-only refresh cookie.
Cookie parameters
| Name | Type | Required | Description |
|---|---|---|---|
| agent_api_refresh | string | yes | HTTP-only refresh cookie. No Authorization header. |
HTTP 200 application/json — rotated AuthSession + Set-Cookie
/v1/auth/signoutNoneClear the refresh session server-side.
None
HTTP 200 application/json
{
"status": "ok",
"message": "signed out"
}/v1/auth/password_reset/requestNoneRequest a password reset link. Always returns a generic success message (anti-enumeration).
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Account email. |
HTTP 200 application/json
{
"status": "ok",
"message": "If an account exists, a reset link was sent."
}/v1/auth/password_reset/confirmNoneSet a new password using the token from the emailed reset link.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| token | string | yes | Token from /reset-password?token=… |
| new_password | string | yes | Same password policy as signup. |
HTTP 200 application/json
{
"status": "ok",
"message": "password updated"
}/v1/auth/oauth/{provider}/startNoneBegin OAuth sign-in and return the provider authorization URL.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| provider | string | yes | google or github. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| redirect_url | string | no | Override OAuth callback origin when allowed. |
HTTP 200 application/json
{
"authorization_url": "https://…",
"state": "…",
"expires_at": 1710003600
}/v1/auth/oauth/{provider}/callbackNoneComplete OAuth and issue an AuthSession.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| provider | string | yes | google or github. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| code | string | yes | Provider authorization code. |
| state | string | yes | State from /start. |
| redirect_url | string | no | Optional callback override. |
HTTP 200 application/json — AuthSession (browser/API clients) HTTP 302 Found — browser redirect to the console with Set-Cookie when Accept prefers HTML
/v1/meBearerReturn the authenticated identity and active workspace context.
None
HTTP 200 application/json
{
"object": "identity",
"user_id": "usr_abc",
"workspace_id": "wrk_xyz",
"workspace_name": "My Team",
"workspace_role": "owner",
"api_key_id": "key_123",
"scopes": ["responses:create", "responses:read"]
}/v1/me/profileBearerProfile fields for the user in the active workspace.
None
HTTP 200 application/json
{
"object": "user_profile",
"user_id": "usr_abc",
"email": "you@example.com",
"display_name": "Alex",
"email_verified": true,
"has_password": true
}/v1/me/profileBearerUpdate the authenticated user's display name.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| display_name | string | yes | New display name. |
HTTP 200 application/json — updated user_profile object
/v1/me/passwordBearerAdd or rotate the account password while signed in.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| new_password | string | yes | New password (signup policy). |
| current_password | string | no | Required when the account already has a password. |
HTTP 200 application/json
{
"status": "ok",
"message": "password updated"
}/v1/me/budgetBearerReturn the signed-in user's budget configuration and current-period usage rollup.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| period | string | no | Optional period anchor (YYYY-MM-DD). Defaults to the current calendar month. |
HTTP 200 application/json — user_budget (limits, enforcement, budget_usage, remaining)
/v1/me/budget/statusBearerCheck whether the signed-in user is allowed to run agent services under their budget (hard enforcement).
None
HTTP 200 application/json
{
"object": "user_budget_status",
"allowed": true,
"reason": "",
"enforcement": "hard"
}/v1/me/notificationsBearerList in-app notifications for the signed-in user (newest first). Workspace invitation alerts are delivered here in addition to email.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| page_size | integer | no | Page size (default 20). |
| page_token | string | no | Cursor from a previous response next_page_token. |
| unread_only | boolean | no | When true or 1, return only unread notifications. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"object": "user_notification",
"id": "ntf_abc",
"kind": "workspace.invitation",
"title": "Workspace invitation",
"body": "You were invited to join My Team.",
"action_url": "https://www.example.com/accept-invitation?token=…",
"payload": { "invitation_token": "…", "workspace_id": "wrk_xyz" },
"created_at": 1710000000,
"expires_at": 1710604800
}
],
"next_page_token": "…"
}/v1/me/notifications/unread_countBearerReturn the unread notification count for the signed-in user.
None
HTTP 200 application/json
{
"object": "user_notification_unread_count",
"unread_count": 2
}/v1/me/notifications/{notification_id}/readBearerMark one notification as read.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| notification_id | string | yes | Notification id (ntf_*). |
HTTP 200 application/json — user_notification with read_at set
/v1/me/notifications/read_allBearerMark all notifications for the signed-in user as read.
None
HTTP 200 application/json
{
"object": "user_notification_read_all",
"updated_count": 3
}/v1/workspacesBearer · workspace_members:readList workspaces where the caller is an active member.
None
HTTP 200 application/json
{
"object": "list",
"data": [ { "id": "wrk_xyz", "object": "workspace", "name": "…", "type": "team", "status": "active", "role": "owner" } ]
}/v1/workspacesBearer · workspace_members:writeCreate a workspace; the caller becomes owner.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | yes | Workspace display name. |
| slug | string | no | URL-safe slug. |
| type | string | no | personal | team | organization. |
| billing_email | string | no | Billing contact email. |
HTTP 201 application/json — Workspace object
/v1/workspaces/{workspace_id}Bearer · workspace_members:readFetch workspace details including plan and billing hints.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | Workspace id matching wrk_*. |
HTTP 200 application/json — Workspace object
/v1/workspaces/{workspace_id}Bearer · workspace_members:writePartially update workspace metadata.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | Workspace display name. |
| slug | string | no | URL-safe slug. |
| type | string | no | personal | team | organization. |
| status | string | no | active | inactive. |
| billing_account_id | string | no | External billing account reference. |
| billing_customer_ref | string | no | External customer reference. |
| plan | string | no | Plan identifier. |
| usage_limit_monthly | integer | no | Monthly usage cap. |
| billing_email | string | no | Billing contact email. |
HTTP 200 application/json — updated Workspace
/v1/workspaces/{workspace_id}/switchBearer · workspace_members:readIssue a new AuthSession scoped to the selected workspace (browser/console clients).
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
HTTP 200 application/json — AuthSession
/v1/workspaces/{workspace_id}/usageBearer · workspace_members:readWorkspace usage summary for the current calendar month (identity-core usage facts).
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| period | string | no | YYYY-MM-DD month start (UTC) |
HTTP 200 application/json
{
"object": "workspace_usage",
"workspace_id": "wrk_xyz",
"period_start": 1711929600,
"response_count": 12,
"input_tokens": 45000,
"output_tokens": 12000,
"total_tokens": 57000,
"tool_calls_total": 8
}/v1/workspaces/{workspace_id}/usage/eventsBearer · workspace_members:readPaginated usage events for the workspace (one row per recorded agent response). Each event includes input, output, and cache token breakdown when reported by the provider.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| period | string | no | YYYY-MM-DD month start (UTC) |
| limit | integer | no | 1–100, default 25 |
| page_token | string | no | Cursor from next_page_token |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"object": "usage_event",
"response_id": "resp_abc",
"workspace_id": "wrk_xyz",
"user_id": "user_xyz",
"auth_method": "jwt",
"input_tokens": 1200,
"output_tokens": 400,
"total_tokens": 1600,
"cache_read_input_tokens": 320,
"cache_creation_input_tokens": 0,
"tool_calls_total": 1,
"recorded_at": 1710000000
}
],
"next_page_token": null
}/v1/workspaces/{workspace_id}/membersBearer · workspace_members:readList members of a workspace.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
HTTP 200 application/json
{ "object": "list", "data": [ WorkspaceMember ] }/v1/workspaces/{workspace_id}/membersBearer · workspace_members:writeAdd an existing user to a workspace.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Existing user id to add. |
| role | string | no | owner | admin | member. |
HTTP 201 application/json
{
"workspace_id": "wrk_xyz",
"user_id": "usr_abc",
"role": "member",
"status": "active",
"created_at": 1710000000
}/v1/workspaces/{workspace_id}/members/{user_id}Bearer · workspace_members:writeUpdate a member's role or active status. Set status to inactive to deactivate (keeps the roster row; reactivate with status active). Does not delete the membership.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
| user_id | string | yes | Member user id. |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| role | string | no | New role. |
| status | string | no | active | inactive. |
HTTP 200 application/json — WorkspaceMember
/v1/workspaces/{workspace_id}/members/{user_id}Bearer · workspace_members:writePermanently remove a workspace member from the roster. Rejoin requires a new invitation.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
| user_id | string | yes | Member user id. |
HTTP 200 application/json — last known WorkspaceMember snapshot
/v1/workspace_membersBearer · workspace_members:readList members of the caller's active workspace.
None
HTTP 200 application/json
{ "object": "list", "data": [ WorkspaceMember ] }/v1/workspace_membersBearer · workspace_members:writeAdd a member to the active workspace.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Existing user id. |
| role | string | no | Optional role. |
HTTP 201 application/json — WorkspaceMember
/v1/workspace_members/{user_id}Bearer · workspace_members:writeUpdate a member on the active workspace. Use status active | inactive to activate or deactivate without removing the row.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Member user id. |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| role | string | no | Optional role. |
| status | string | no | Optional status. |
HTTP 200 application/json — WorkspaceMember
/v1/workspace_members/{user_id}Bearer · workspace_members:writePermanently remove a member from the active workspace. Rejoin requires a new invitation.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Member user id. |
HTTP 200 application/json — last known WorkspaceMember snapshot
/v1/workspaces/{workspace_id}/invitationsBearer · workspace_members:readList pending invitations.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
HTTP 200 application/json
{ "object": "list", "data": [ WorkspaceInvitation ] }/v1/workspaces/{workspace_id}/invitationsBearer · workspace_members:writeInvite a user by email. The invitation is persisted immediately; invitation email and in-app notification delivery run asynchronously.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Invitee email. | |
| role | string | no | Optional role. |
| expires_at | integer | no | Unix expiry. |
HTTP 201 application/json
{
"id": "inv_abc",
"email": "friend@example.com",
"invitation_token": "…"
}/v1/workspaces/{workspace_id}/invitations/{invitation_id}Bearer · workspace_members:writeRevoke a pending invitation.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
| invitation_id | string | yes | Invitation id. |
HTTP 200 application/json — revoked WorkspaceInvitation
/v1/workspace_invitations/previewNonePreview invitation details before sign-in (public; requires the invitation token).
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| token | string | yes | Invitation token from the email link or admin copy. |
HTTP 200 application/json
{
"object": "workspace_invitation_preview",
"email": "friend@example.com",
"workspace_id": "wrk_xyz",
"workspace_name": "My Team",
"role": "member",
"expires_at": 1710604800
}/v1/workspace_invitations/acceptBearer · workspace_members:writeAccept an invitation and join the workspace.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| invitation_token | string | yes | Token from the invitation. |
HTTP 200 application/json — WorkspaceMember
/v1/api_keysBearer · api_keys:readList API keys for the workspace (metadata only — no secrets).
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "key_abc",
"object": "api_key",
"key_prefix": "sk-abcd",
"name": "prod",
"user_id": "usr_abc",
"creator_display_name": "Alex",
"creator_email": "alex@example.com",
"status": "active",
"scopes": ["responses:create"],
"created_at": 1710000000
}
]
}/v1/api_keysBearer · api_keys:writeCreate a workspace API key. The raw secret is returned once.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | Human-readable label. |
| scopes | string[] | no | OAuth-style scopes. |
| expires_at | integer | no | Unix expiry timestamp. |
HTTP 201 application/json
Send {} when no optional fields are needed (empty body is rejected).
{
"id": "key_abc",
"object": "api_key",
"api_key": "sk-…",
"key_prefix": "sk-abcd",
"workspace_id": "wrk_xyz",
"user_id": "usr_abc",
"scopes": ["responses:create"],
"created_at": 1710000000
}/v1/api_keys/{api_key_id}Bearer · api_keys:readFetch API key metadata.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json — APIKeyInfo
/v1/api_keys/{api_key_id}/activateBearer · api_keys:writeRe-enable a deactivated key.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json
{ "id": "key_abc", "status": "active", "updated_at": 1710000000 }/v1/api_keys/{api_key_id}/deactivateBearer · api_keys:writeDisable a key without deleting it.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json
{ "id": "key_abc", "status": "inactive", "updated_at": 1710000000 }/v1/api_keys/{api_key_id}Bearer · api_keys:writePermanently delete an API key.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json
{ "id": "key_abc", "status": "deleted", "updated_at": 1710000000 }AuthSession (access_token, token_type, workspace_id, workspace_name, workspace_role, scopes), WorkspaceMember (workspace_id, user_id, role, status, created_at), UserNotification (id, kind, title, body, action_url, payload, created_at, read_at, expires_at). Member lifecycle: PATCH with status activates or deactivates; DELETE permanently removes the roster row (rejoin requires a new invitation). Field-level details are listed under each endpoint below.The OpenAPI 3.1 spec (api/openapi/agent-api.v1.yaml in the agent-api repository) tracks the same public HTTP contract as this page. Official SDKs are described in Official SDKs (@agent-api/sdk on npm, cloudsway-agent on PyPI). Contact support if you need a hosted copy or early access to schema changes.