/healthzNoneLiveness probe for load balancers and orchestrators.
Request params
None
Response format
GET /healthz
HTTP 200 application/json
{
"status": "ok"
}Managed Agent API
Production HTTP reference for the Managed Agent API: OpenAI Responses–compatible agent runs, durable volumes, workspace management, browser authentication, and API keys. All versioned routes use the /v1 prefix.
Set AGENT_API_BASE_URL to your API origin (no /v1 suffix) and AGENT_API_KEY to a workspace key (sk-…).
curl -sS https://api.agentsway.dev/v1/agent \
-H "Authorization: Bearer $AGENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"preset": "pro-search",
"input": "Summarize the latest agent API trends."
}'from agent_api import AgentAPI
client = AgentAPI() # AGENT_API_KEY, AGENT_API_BASE_URL
response = client.responses.create(
preset="pro-search",
input="What changed in AI this week?",
)
print(response["output_text"])import { AgentAPI } from "@agent-api/sdk";
const client = new AgentAPI();
const response = await client.responses.create({
preset: "pro-search",
input: "What changed in AI this week?",
});
console.log(response.output_text);POST /v1/agent as the canonical create path. POST /v1/responses is an alias for OpenAI Responses SDK compatibility. Both accept the same body and return the same shapes. For install steps, streaming, and pagination, see Official SDKs.Two packages ship from the same public API contract documented below. Source lives in github.com/scalebox-dev/agent-api under sdk/javascript and sdk/python.
Requires Node.js 18+ (JavaScript) or Python 3.10+ (Python). Pin a version with @1.0.2 or ==1.0.2 when you need reproducible builds.
npm install @agent-api/sdk
pip install cloudsway-agent
Pass apiKey / baseURL (JavaScript) or api_key / base_url (Python), or set AGENT_API_KEY and AGENT_API_BASE_URL in the environment. Default base URL is https://api.agentsway.dev. Python also exposes AsyncAgentAPI for async applications.
const client = new AgentAPI({
apiKey: process.env.AGENT_API_KEY,
baseURL: "https://api.agentsway.dev",
timeout: 600_000, // 10 min request timeout
streamTimeout: 3_600_000, // 1 h stream timeout
maxRetries: 2, // exponential backoff on 429/5xx
});client = AgentAPI(
api_key="sk-...",
base_url="https://api.agentsway.dev",
timeout=600.0,
stream_timeout=3600.0,
max_retries=2,
)JavaScript
| Resource | Methods |
|---|---|
| client.responses / client.agent | create, list, listPage, listIterator, retrieve, cancel, listChildren, listEvents |
| client.models | list |
| client.presets | list |
| client.tools | list |
| client.volumes | list, create, retrieve, update, delete, listEntries, searchEntries, readFile, writeFile, deleteFile, reconcileUsage, createDirectory, deleteDirectory |
Python
| Resource | Methods |
|---|---|
| client.responses / client.agent | create, list, list_page, list_iterator, retrieve, cancel, list_children, list_events |
| client.models | list |
| client.presets | list |
| client.tools | list |
| client.volumes | list, create, retrieve, update, delete, list_entries, search_entries, read_file, write_file, delete_path, reconcile_usage, create_directory, download_archive, summarize, read_lines, patch_lines, grep |
Set stream: true on client.responses.create. The client parses SSE events and yields typed objects — use the patterns in Streaming for event types.
const stream = await client.responses.create({
preset: "fast-search",
input: "Summarize today's AI news.",
stream: true,
});
for await (const event of stream) {
if (event.type === "response.output_text.delta") {
process.stdout.write(event.delta ?? "");
}
}for event in client.responses.create(
preset="fast-search",
input="Summarize today's AI news.",
stream=True,
):
if event["type"] == "response.output_text.delta":
print(event.get("delta", ""), end="")List endpoints return cursor pages. Use listPage / list_page for manual paging, or listIterator / list_iterator to walk all pages.
for await (const item of client.responses.listIterator({ limit: 20 })) {
console.log(item.id, item.status);
}for item in client.responses.list_iterator(limit=20):
print(item["id"], item["status"])Both SDKs raise typed errors mapped from the API envelope — for example AuthenticationError, RateLimitError, NotFoundError, and BadRequestError. Transient network failures, HTTP 429, and 5xx responses are retried with exponential backoff (default two retries). Respect Retry-After when the API returns it.
https://api.agentsway.dev (or api.<your-domain>). Recommended for server-side clients and SDKs.www, apex, and console subdomains also proxy /v1/* for same-origin browser calls; the dedicated API host remains the stable contract.Example: GET https://api.agentsway.dev/v1/models. Liveness: GET /healthz at the host root.
Create keys under Console → API keys or via POST /v1/api_keys. Keys are shown once at creation; store them securely. Scope keys narrowly when possible (see table below).
Sign-up and sign-in return an AuthSession with access_token, token_type: bearer, expiry, workspace id/name/role, and scopes. Refresh uses an HTTP-only cookie on POST /v1/auth/refresh — not a Bearer header.
| Scope | Grants |
|---|---|
| responses:create | POST /v1/agent, POST /v1/responses |
| responses:read | GET response, list, /children, /events |
| responses:cancel | POST /v1/responses/{id}/cancel |
| models:read | GET /v1/models |
| volumes:read | List, read, search, and reconcile durable volumes |
| volumes:write | Create, update, delete volumes and volume files/directories |
| api_keys:read | List and read API key metadata |
| api_keys:write | Create, activate, deactivate, delete keys |
| workspace_members:read | Workspaces, members, invitations, usage |
| workspace_members:write | Create or mutate workspaces, members, invitations |
Routes without a scope in the gateway still require a valid Bearer. Pass X-Request-ID on support tickets when the gateway returns one.
{
"input": "Your question or message",
"preset": "pro-search",
"stream": false,
"tools": [{ "name": "web_search", "type": "search" }],
"memory": { "enabled": true, "read": true, "write": false }
}Presets bundle model defaults, tools, and limits. Built-in values include fast-search, pro-search, deep-research, and advanced-deep-research, or code-agent for software engineering. Call GET /v1/presets for the live catalog (prompt version, default model, policy). Request fields override preset defaults within platform caps.
web_search, smart_web_search, lite_web_search, fetch_url, custom function, and server skill tools.volume_id attaches a durable workspace volume so the agent can read and write files during the run. Manage volumes via /v1/volumes/* or client.volumes in the SDK.previous_response_id threads conversation turns. parent_response_id is rejected on create — sub-agents are spawned via run_sub_agent on the parent response.plan_mode_preference / sub_agent_preference — off | auto | preferred | required for roadmap and delegation behavior.input supports inline images and documents (gateway-enforced size limits; see OpenAPI).language_preference — ISO 639-1 code (e.g. en, zh) when supported.Poll GET /v1/responses/{id} or stream (below). List history with GET /v1/responses. Sub-agent runs appear under GET /v1/responses/{id}/children or in run_sub_agent tool results. Cancel with POST /v1/responses/{id}/cancel when a run is still executing on a replica.
The gateway returns Content-Type: text/event-stream. Each event is a JSON object with a type field. Common types include response.output_text.delta, response.tool.invocation.completed, response.plan.updated, response.step.completed, and lifecycle events such as response.completed. Only documented event shapes are returned on the wire and in GET …/events.
SDKs accept stream: true on client.responses.create and iterate events asynchronously.
{
"error": {
"type": "api_error",
"code": "unauthorized",
"message": "…",
"request_id": "…"
}
}Common code values include invalid_request, unauthorized, forbidden, not_found, and service_unavailable when a platform dependency is temporarily unavailable. Streaming failures may emit an SSE error event before the connection closes.
/healthzNoneLiveness probe for load balancers and orchestrators.
None
HTTP 200 application/json
{
"status": "ok"
}/v1/modelsBearer · models:readList models available to the workspace with provider capability flags.
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "openai/gpt-4.1",
"object": "model",
"owned_by": "openai",
"capabilities": {
"provider": "openai",
"supports_streaming": true,
"supports_tools": true,
"supports_json_schema": true,
"supports_reasoning": false,
"context_window": 128000,
"pricing": { },
"metadata": { }
}
}
]
}
HTTP 503 — service_unavailable/v1/toolsBearerList built-in and registered tools the agent can invoke.
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"object": "tool",
"name": "web_search",
"type": "search",
"description": "Search the web for current information.",
"max_tokens": 4096,
"max_tokens_per_page": 3000
}
]
}
HTTP 503 — service_unavailable/v1/presetsBearerList managed presets (model defaults, tool policy, prompt version).
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"preset": "pro-search",
"prompt_version": "v1",
"default_model": "openai/gpt-4.1",
"model_chain": ["openai/gpt-4.1"],
"max_output_tokens": 4096,
"policy": {
"plan_mode_preference": "auto",
"sub_agent_preference": "auto",
"allowed_tools": ["web_search", "fetch_url"],
"max_steps": 10
}
}
]
}
HTTP 503 — service_unavailable/v1/volumesBearer · volumes:readList durable workspace volumes with usage counters.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| limit | integer | no | Page size. Default 50. |
| page_token | string | no | Opaque cursor from a prior next_page_token. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"volume_id": "vol_abc",
"tenant_id": "wrk_xyz",
"name": "research-notes",
"oss_prefix": "tenants/wrk_xyz/volumes/vol_abc/",
"bytes_used": 4096,
"object_count": 3,
"created_at_unix": 1710000000,
"updated_at_unix": 1710003600
}
],
"next_page_token": null
}
HTTP 503 — service_unavailable/v1/volumesBearer · volumes:writeCreate a durable volume for agent file I/O.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | Human-readable label. |
HTTP 201 application/json — Volume row (same shape as list item) HTTP 503 — service_unavailable
/v1/volumes/{volume_id}Bearer · volumes:readFetch volume metadata and usage.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | Volume id matching vol_*. |
HTTP 200 application/json — Volume row
/v1/volumes/{volume_id}Bearer · volumes:writeRename a volume.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | yes | New display name. |
HTTP 200 application/json — updated Volume row
/v1/volumes/{volume_id}Bearer · volumes:writeDelete a volume and its stored objects.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
HTTP 204 No Content
/v1/volumes/{volume_id}/usage/reconcileBearer · volumes:readRecompute bytes_used and object_count from object storage.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
HTTP 200 application/json — Volume row with usage_reconciled_at_unix when set
/v1/volumes/{volume_id}/entriesBearer · volumes:readList files and directories under a path.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Directory path (default root). |
| limit | integer | no | Page size. Default 200. |
| page_token | string | no | Pagination cursor. |
HTTP 200 application/json
{
"object": "list",
"entries": [
{ "path": "notes/summary.md", "is_dir": false, "size": 128, "modified_at_unix": 1710000000 }
],
"next_page_token": null
}/v1/volumes/{volume_id}/searchBearer · volumes:readSearch entry paths under a directory prefix.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| query | string | yes | Substring to match in paths. |
| path | string | no | Directory prefix to search. |
| limit | integer | no | Page size. Default 200. |
| page_token | string | no | Pagination cursor. |
HTTP 200 application/json — same list shape as /entries
/v1/volumes/{volume_id}/files/{path}Bearer · volumes:readDeliver a file with smart encoding (text, extracted document text, image URL, or base64). Use format=raw for direct binary bytes.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File path within the volume. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| max_bytes | integer | no | Read cap in bytes (0 = server default). |
| format | string | no | Set to raw for binary bytes with X-Volume-Size and X-Volume-Truncated headers. |
HTTP 200 application/json
{
"path": "notes/summary.md",
"encoding": "text",
"mime_type": "text/markdown",
"size": 128,
"truncated": false,
"content": "# Summary\n"
}
HTTP 200 (format=raw) — raw bytes with Content-Type and X-Volume-* headers/v1/volumes/{volume_id}/files/{path}Bearer · volumes:writeWrite or overwrite a file. Request body is raw file bytes.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | Destination file path. |
HTTP 200 application/json
{ "path": "notes/summary.md", "size": 128 }/v1/volumes/{volume_id}/paths/{path}Bearer · volumes:writeDelete a file or directory tree at path.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File or directory prefix to delete. |
HTTP 200 application/json
{ "path": "notes/archive", "recursive": true }/v1/volumes/{volume_id}/summarizeBearer · volumes:readScan the volume and return stats plus text previews. Writes .agent-volume/summary.json.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Optional path prefix to limit the scan. |
HTTP 200 application/json — summary_path, file_count, total_bytes, top_paths_by_size, text_previews
/v1/volumes/{volume_id}/grepBearer · volumes:readSearch file contents for a literal substring.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| pattern | string | yes | Literal substring to find. |
| path | string | no | Directory prefix to search under. |
HTTP 200 application/json — object=list, matches[{path,line_number,line}], files_scanned, scan_truncated/v1/volumes/{volume_id}/file_lines/{path}Bearer · volumes:readRead a 1-based inclusive line range from a text file.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File path. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| start_line | integer | yes | 1-based start line. |
| end_line | integer | no | Inclusive end line; 0 = EOF. |
HTTP 200 application/json — path, start_line, end_line, total_lines, lines[]
/v1/volumes/{volume_id}/file_lines/{path}Bearer · volumes:writeReplace an inclusive line range in a text file.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
| path | string | yes | File path. |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| start_line | integer | yes | 1-based start line. |
| end_line | integer | no | Inclusive end line; 0 = EOF. |
| replacement | string | no | Replacement text. |
HTTP 200 application/json — path, start_line, end_line, total_lines, size
/v1/volumes/{volume_id}/archiveBearer · volumes:readDownload a directory tree as a ZIP archive.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | no | Directory path to archive (default root). |
HTTP 200 application/zip
/v1/volumes/{volume_id}/directoriesBearer · volumes:writeCreate a directory (and parents as needed).
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| volume_id | string | yes | vol_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| path | string | yes | Directory path to create. |
HTTP 201 application/json
{ "path": "notes/archive" }/v1/agentBearer · responses:createCreate an agent run (canonical path). Returns a stored Response or an SSE stream when stream is true.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| input | Input | yes | User message or multimodal input array (string, message items with input_text/input_image/input_document, function_call, function_call_output). |
| model | string | no | Single provider/model id. Ignored when models is set. Required if neither models nor preset is provided. |
| models | string[] | no | Ordered fallback chain (1–5 model ids). Required if neither model nor preset is provided. |
| preset | string | no | Managed bundle: fast-search | pro-search | deep-research | advanced-deep-research | code-agent. Required if neither model nor models is provided. |
| instructions | string | no | System-level instructions prepended to the run. |
| language_preference | string | no | ISO 639-1 code from server allowlist (e.g. en, zh). Two lowercase letters. |
| stream | boolean | no | When true, returns text/event-stream instead of JSON. Default false. |
| tools | Tool[] | no | Tools to expose: web_search, smart_web_search, lite_web_search, fetch_url, function, skill. |
| tool_choice | string | object | no | Tool selection policy: "auto", "none", "required", or a named-tool object. |
| parallel_tool_calls | boolean | no | Allow parallel tool calls. Default true. |
| memory | MemoryOptions | no | Long-term memory opts: { enabled?, read?, write? }. Thread with previous_response_id. |
| plan_mode_preference | AgentCapabilityPreference | no | Roadmap/plan steering: off | auto | preferred | required. |
| sub_agent_preference | AgentCapabilityPreference | no | Delegation steering for run_sub_agent: off | auto | preferred | required. |
| max_output_tokens | integer | no | Cap on model output tokens (≥ 1). |
| max_steps | integer | no | Agent loop step limit (1–10). |
| reasoning | ReasoningConfig | no | Reasoning effort: { effort: low | medium | high }. |
| response_format | ResponseFormat | no | Structured output: { type: json_schema, json_schema: { … } }. |
| previous_response_id | string | no | Prior response id for conversation threading (resp_*). |
| prompt_cache_key | string | no | Optional cache key for prompt reuse. |
| metadata | object | no | Arbitrary string-keyed metadata stored on the response. |
| store | boolean | no | Persist the response for later retrieval. Default true. |
| user | string | no | End-user identifier for attribution. When using API keys, the authenticated user id is used instead. |
| volume_id | string | no | Attach a durable workspace volume (vol_*) so the agent can read and write files during the run. |
HTTP 200 application/json (stream: false)
{
"id": "resp_abc123",
"object": "response",
"created_at": 1710000000,
"completed_at": 1710000060,
"status": "completed",
"model": "openai/gpt-4.1",
"output": [ … ],
"output_text": "…",
"usage": { "input_tokens": 120, "output_tokens": 340, "total_tokens": 460 },
"tool_results": [
{
"id": "tir_abc",
"tool_call_id": "call_abc",
"tool_name": "web_search",
"status": "completed",
"response_summary": "…"
}
],
"plan": { },
"background": false,
"parent_response_id": null,
"root_response_id": "resp_abc123",
"store": true
}
HTTP 200 text/event-stream (stream: true)
data: {"type":"response.output_text.delta","sequence_number":1,"delta":"Hello"}
data: {"type":"response.tool.invocation.completed","sequence_number":2,"tool_result":{…}}
data: {"type":"response.step.completed","sequence_number":3,"step":{…}}
HTTP 200 text/event-stream on error mid-stream
data: {"error":"…"}/v1/responsesBearer · responses:createOpenAI Responses SDK alias for POST /v1/agent — identical request and response shapes.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| input | Input | yes | User message or multimodal input array (string, message items with input_text/input_image/input_document, function_call, function_call_output). |
| model | string | no | Single provider/model id. Ignored when models is set. Required if neither models nor preset is provided. |
| models | string[] | no | Ordered fallback chain (1–5 model ids). Required if neither model nor preset is provided. |
| preset | string | no | Managed bundle: fast-search | pro-search | deep-research | advanced-deep-research | code-agent. Required if neither model nor models is provided. |
| instructions | string | no | System-level instructions prepended to the run. |
| language_preference | string | no | ISO 639-1 code from server allowlist (e.g. en, zh). Two lowercase letters. |
| stream | boolean | no | When true, returns text/event-stream instead of JSON. Default false. |
| tools | Tool[] | no | Tools to expose: web_search, smart_web_search, lite_web_search, fetch_url, function, skill. |
| tool_choice | string | object | no | Tool selection policy: "auto", "none", "required", or a named-tool object. |
| parallel_tool_calls | boolean | no | Allow parallel tool calls. Default true. |
| memory | MemoryOptions | no | Long-term memory opts: { enabled?, read?, write? }. Thread with previous_response_id. |
| plan_mode_preference | AgentCapabilityPreference | no | Roadmap/plan steering: off | auto | preferred | required. |
| sub_agent_preference | AgentCapabilityPreference | no | Delegation steering for run_sub_agent: off | auto | preferred | required. |
| max_output_tokens | integer | no | Cap on model output tokens (≥ 1). |
| max_steps | integer | no | Agent loop step limit (1–10). |
| reasoning | ReasoningConfig | no | Reasoning effort: { effort: low | medium | high }. |
| response_format | ResponseFormat | no | Structured output: { type: json_schema, json_schema: { … } }. |
| previous_response_id | string | no | Prior response id for conversation threading (resp_*). |
| prompt_cache_key | string | no | Optional cache key for prompt reuse. |
| metadata | object | no | Arbitrary string-keyed metadata stored on the response. |
| store | boolean | no | Persist the response for later retrieval. Default true. |
| user | string | no | End-user identifier for attribution. When using API keys, the authenticated user id is used instead. |
| volume_id | string | no | Attach a durable workspace volume (vol_*) so the agent can read and write files during the run. |
Same as POST /v1/agent.
/v1/responsesBearer · responses:readPaginated list of top-level orchestrator runs for the authenticated user. Sub-agent children are excluded.
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| limit | integer | no | Page size, 1–100. Default 20. |
| page_token | string | no | Opaque cursor from a prior response next_page_token. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "resp_abc123",
"status": "completed",
"created_at": 1710000000,
"completed_at": 1710000060,
"model": "openai/gpt-4.1",
"preset": "pro-search",
"input_preview": "Summarize…",
"root_response_id": "resp_abc123",
"background": false
}
],
"has_more": false,
"next_page_token": null
}/v1/responses/{response_id}Bearer · responses:readRetrieve a stored response including output, usage, and lineage fields.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
HTTP 200 application/json
{
"id": "resp_abc123",
"object": "response",
"status": "completed",
"model": "openai/gpt-4.1",
"output": [ … ],
"output_text": "…",
"usage": { … },
"metadata": { },
"parent_response_id": null,
"root_response_id": "resp_abc123"
}/v1/responses/{response_id}/cancelBearer · responses:cancelAbort an in-flight run while it is still executing. Idempotent.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
HTTP 200 application/json
{
"interrupted": true
}/v1/responses/{response_id}/childrenBearer · responses:readList sub-agent runs spawned by run_sub_agent on the parent response.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Parent response id matching resp_*. |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "resp_child1",
"status": "completed",
"created_at": 1710000010,
"completed_at": 1710000030,
"root_response_id": "resp_abc123",
"model": "openai/gpt-4.1"
}
]
}/v1/responses/{response_id}/volumeBearer · responses:read · volumes:readResolve the durable workspace volume for a response thread.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
HTTP 200 application/json — Volume row (volume_id, name, bytes_used, ...) HTTP 404 — no workspace volume for this response
/v1/responses/{response_id}/eventsBearer · responses:readReplay SSE event shapes for a response.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| response_id | string | yes | Response id matching resp_*. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| after_sequence | integer | no | Return events with sequence_number strictly greater than this value. |
| view | string | no | timeline (default) or full — full includes tool_result.body on tool events. |
HTTP 200 application/json
{
"data": [
{
"type": "response.output_text.delta",
"sequence_number": 42,
"delta": "Hello"
}
]
}
With view=full, tool completion events may include tool_result.body./v1/auth/signupNoneRegister a new user. Sends an email verification code when SMTP is configured.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Valid email address. | |
| password | string | yes | 8–32 ASCII chars (A–Z, a–z, 0–9, and !@#$%^&*()-_=+[]{};:,.?/~). |
| display_name | string | no | Optional display name. |
HTTP 201 application/json
{
"user_id": "usr_abc",
"email": "you@example.com",
"verification_required": true,
"code_expires_at": 1710003600
}/v1/auth/verify_emailNoneConfirm signup with the emailed verification code.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Account email. | |
| code | string | yes | Verification code from email. |
HTTP 200 application/json
Set-Cookie: agent_api_refresh=… (when configured)
{
"access_token": "eyJ…",
"token_type": "bearer",
"access_token_expires_at": 1710003600,
"user_id": "usr_abc",
"workspace_id": "wrk_xyz",
"workspace_name": "My Team",
"workspace_role": "owner",
"scopes": ["responses:create", "responses:read", …]
}/v1/auth/signinNoneSign in with email and password.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Account email. | |
| password | string | yes | Account password. |
HTTP 200 application/json — AuthSession (same shape as verify_email)
/v1/auth/refreshRefresh cookieRotate the browser session using the HTTP-only refresh cookie.
Cookie parameters
| Name | Type | Required | Description |
|---|---|---|---|
| agent_api_refresh | string | yes | HTTP-only refresh cookie. No Authorization header. |
HTTP 200 application/json — rotated AuthSession + Set-Cookie
/v1/auth/signoutNoneClear the refresh session server-side.
None
HTTP 200 application/json
{
"status": "ok",
"message": "signed out"
}/v1/auth/password_reset/requestNoneRequest a password reset link. Always returns a generic success message (anti-enumeration).
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Account email. |
HTTP 200 application/json
{
"status": "ok",
"message": "If an account exists, a reset link was sent."
}/v1/auth/password_reset/confirmNoneSet a new password using the token from the emailed reset link.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| token | string | yes | Token from /reset-password?token=… |
| new_password | string | yes | Same password policy as signup. |
HTTP 200 application/json
{
"status": "ok",
"message": "password updated"
}/v1/auth/oauth/{provider}/startNoneBegin OAuth sign-in and return the provider authorization URL.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| provider | string | yes | google or github. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| redirect_url | string | no | Override OAuth callback origin when allowed. |
HTTP 200 application/json
{
"authorization_url": "https://…",
"state": "…",
"expires_at": 1710003600
}/v1/auth/oauth/{provider}/callbackNoneComplete OAuth and issue an AuthSession.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| provider | string | yes | google or github. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| code | string | yes | Provider authorization code. |
| state | string | yes | State from /start. |
| redirect_url | string | no | Optional callback override. |
HTTP 200 application/json — AuthSession (browser/API clients) HTTP 302 Found — browser redirect to the console with Set-Cookie when Accept prefers HTML
/v1/meBearerReturn the authenticated identity and active workspace context.
None
HTTP 200 application/json
{
"object": "identity",
"user_id": "usr_abc",
"workspace_id": "wrk_xyz",
"workspace_name": "My Team",
"workspace_role": "owner",
"api_key_id": "key_123",
"scopes": ["responses:create", "responses:read"]
}/v1/me/profileBearerProfile fields for the user in the active workspace.
None
HTTP 200 application/json
{
"object": "user_profile",
"user_id": "usr_abc",
"email": "you@example.com",
"display_name": "Alex",
"email_verified": true,
"has_password": true
}/v1/me/profileBearerUpdate the authenticated user's display name.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| display_name | string | yes | New display name. |
HTTP 200 application/json — updated user_profile object
/v1/me/passwordBearerAdd or rotate the account password while signed in.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| new_password | string | yes | New password (signup policy). |
| current_password | string | no | Required when the account already has a password. |
HTTP 200 application/json
{
"status": "ok",
"message": "password updated"
}/v1/workspacesBearer · workspace_members:readList workspaces where the caller is an active member.
None
HTTP 200 application/json
{
"object": "list",
"data": [ { "id": "wrk_xyz", "object": "workspace", "name": "…", "type": "team", "status": "active", "role": "owner" } ]
}/v1/workspacesBearer · workspace_members:writeCreate a workspace; the caller becomes owner.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | yes | Workspace display name. |
| slug | string | no | URL-safe slug. |
| type | string | no | personal | team | organization. |
| billing_email | string | no | Billing contact email. |
HTTP 201 application/json — Workspace object
/v1/workspaces/{workspace_id}Bearer · workspace_members:readFetch workspace details including plan and billing hints.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | Workspace id matching wrk_*. |
HTTP 200 application/json — Workspace object
/v1/workspaces/{workspace_id}Bearer · workspace_members:writePartially update workspace metadata.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | Workspace display name. |
| slug | string | no | URL-safe slug. |
| type | string | no | personal | team | organization. |
| status | string | no | active | inactive. |
| billing_account_id | string | no | External billing account reference. |
| billing_customer_ref | string | no | External customer reference. |
| plan | string | no | Plan identifier. |
| usage_limit_monthly | integer | no | Monthly usage cap. |
| billing_email | string | no | Billing contact email. |
HTTP 200 application/json — updated Workspace
/v1/workspaces/{workspace_id}/switchBearer · workspace_members:readIssue a new AuthSession scoped to the selected workspace (browser/console clients).
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
HTTP 200 application/json — AuthSession
/v1/workspaces/{workspace_id}/usageBearer · workspace_members:readWorkspace usage summary for the current calendar month (identity-core usage facts).
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| period | string | no | YYYY-MM-DD month start (UTC) |
HTTP 200 application/json
{
"object": "workspace_usage",
"workspace_id": "wrk_xyz",
"period_start": 1711929600,
"response_count": 12,
"input_tokens": 45000,
"output_tokens": 12000,
"total_tokens": 57000,
"tool_calls_total": 8
}/v1/workspaces/{workspace_id}/usage/eventsBearer · workspace_members:readPaginated usage events for the workspace (one row per recorded agent response). Each event includes input, output, and cache token breakdown when reported by the provider.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
| period | string | no | YYYY-MM-DD month start (UTC) |
| limit | integer | no | 1–100, default 25 |
| page_token | string | no | Cursor from next_page_token |
HTTP 200 application/json
{
"object": "list",
"data": [
{
"object": "usage_event",
"response_id": "resp_abc",
"workspace_id": "wrk_xyz",
"user_id": "user_xyz",
"auth_method": "jwt",
"input_tokens": 1200,
"output_tokens": 400,
"total_tokens": 1600,
"cache_read_input_tokens": 320,
"cache_creation_input_tokens": 0,
"tool_calls_total": 1,
"recorded_at": 1710000000
}
],
"next_page_token": null
}/v1/workspaces/{workspace_id}/membersBearer · workspace_members:readList members of a workspace.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
HTTP 200 application/json
{ "object": "list", "data": [ WorkspaceMember ] }/v1/workspaces/{workspace_id}/membersBearer · workspace_members:writeAdd an existing user to a workspace.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Existing user id to add. |
| role | string | no | owner | admin | member. |
HTTP 201 application/json
{
"workspace_id": "wrk_xyz",
"user_id": "usr_abc",
"role": "member",
"status": "active",
"created_at": 1710000000
}/v1/workspaces/{workspace_id}/members/{user_id}Bearer · workspace_members:writeUpdate a member's role or status.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
| user_id | string | yes | Member user id. |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| role | string | no | New role. |
| status | string | no | active | inactive. |
HTTP 200 application/json — WorkspaceMember
/v1/workspaces/{workspace_id}/members/{user_id}Bearer · workspace_members:writeDeactivate a workspace member.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
| user_id | string | yes | Member user id. |
HTTP 200 application/json — WorkspaceMember with status inactive
/v1/workspace_membersBearer · workspace_members:readList members of the caller's active workspace.
None
HTTP 200 application/json
{ "object": "list", "data": [ WorkspaceMember ] }/v1/workspace_membersBearer · workspace_members:writeAdd a member to the active workspace.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Existing user id. |
| role | string | no | Optional role. |
HTTP 201 application/json — WorkspaceMember
/v1/workspace_members/{user_id}Bearer · workspace_members:writeUpdate a member on the active workspace.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Member user id. |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| role | string | no | Optional role. |
| status | string | no | Optional status. |
HTTP 200 application/json — WorkspaceMember
/v1/workspace_members/{user_id}Bearer · workspace_members:writeRemove a member from the active workspace.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| user_id | string | yes | Member user id. |
HTTP 200 application/json — WorkspaceMember inactive
/v1/workspaces/{workspace_id}/invitationsBearer · workspace_members:readList pending invitations.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
HTTP 200 application/json
{ "object": "list", "data": [ WorkspaceInvitation ] }/v1/workspaces/{workspace_id}/invitationsBearer · workspace_members:writeInvite a user by email.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| string | yes | Invitee email. | |
| role | string | no | Optional role. |
| expires_at | integer | no | Unix expiry. |
HTTP 201 application/json
{
"id": "inv_abc",
"email": "friend@example.com",
"invitation_token": "…"
}/v1/workspaces/{workspace_id}/invitations/{invitation_id}Bearer · workspace_members:writeRevoke a pending invitation.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| workspace_id | string | yes | wrk_* |
| invitation_id | string | yes | Invitation id. |
HTTP 200 application/json — revoked WorkspaceInvitation
/v1/workspace_invitations/acceptBearer · workspace_members:writeAccept an invitation and join the workspace.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| invitation_token | string | yes | Token from the invitation. |
HTTP 200 application/json — WorkspaceMember
/v1/api_keysBearer · api_keys:readList API keys for the workspace (metadata only — no secrets).
None
HTTP 200 application/json
{
"object": "list",
"data": [
{
"id": "key_abc",
"object": "api_key",
"key_prefix": "sk-abcd",
"name": "prod",
"status": "active",
"scopes": ["responses:create"],
"created_at": 1710000000
}
]
}/v1/api_keysBearer · api_keys:writeCreate a workspace API key. The raw secret is returned once.
Body parameters
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | no | Human-readable label. |
| scopes | string[] | no | OAuth-style scopes. |
| expires_at | integer | no | Unix expiry timestamp. |
HTTP 201 application/json
Send {} when no optional fields are needed (empty body is rejected).
{
"id": "key_abc",
"object": "api_key",
"api_key": "sk-…",
"key_prefix": "sk-abcd",
"workspace_id": "wrk_xyz",
"user_id": "usr_abc",
"scopes": ["responses:create"],
"created_at": 1710000000
}/v1/api_keys/{api_key_id}Bearer · api_keys:readFetch API key metadata.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json — APIKeyInfo
/v1/api_keys/{api_key_id}/activateBearer · api_keys:writeRe-enable a deactivated key.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json
{ "id": "key_abc", "status": "active", "updated_at": 1710000000 }/v1/api_keys/{api_key_id}/deactivateBearer · api_keys:writeDisable a key without deleting it.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json
{ "id": "key_abc", "status": "inactive", "updated_at": 1710000000 }/v1/api_keys/{api_key_id}Bearer · api_keys:writePermanently delete an API key.
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
| api_key_id | string | yes | key_* |
HTTP 200 application/json
{ "id": "key_abc", "status": "deleted", "updated_at": 1710000000 }AuthSession (access_token, token_type, workspace_id, workspace_name, workspace_role, scopes), WorkspaceMember (workspace_id, user_id, role, status, created_at). Field-level details are listed under each endpoint below.The OpenAPI 3.1 spec (api/openapi/agent-api.v1.yaml in the agent-api repository) tracks the same public HTTP contract as this page. Official SDKs are described in Official SDKs (@agent-api/sdk on npm, cloudsway-agent on PyPI). Contact support if you need a hosted copy or early access to schema changes.