API Overview

Base URL: /api/

Authentication

All endpoints (except auth) require a valid JWT token via ts_session cookie. The session is issued at login and verified on every request.

Endpoints protected with requirePermission(perm) additionally check that the authenticated user has the named permission. Endpoints using requireAdmin require the admin role.

Common Patterns

IDs: UUID v4
Timestamps: ISO 8601
Error response: { "error": "message" }
All request/response bodies: JSON (Content-Type: application/json)
Auth cookie: ts_session (HttpOnly)

Resources

API: Agents & Tasks — Agent management, memory, governance, tasks
API: Settings & Configuration — Global settings, providers, Athena, skills, cron
API: Communication & Content — Messages, conversations, outer channels, meetings, notifications, SSE events
API: Resources & Admin — Containers, files, rooms, items, departments, organizations, users, auth, approvals, projects, records, rules, spaces, legacies

API Overview ​

Authentication ​

Common Patterns ​

Resources ​

API Overview

Authentication

Common Patterns

Resources