Endpoints
This page documents all available REST API endpoints grouped by domain. For general concepts (authentication, response format, status codes), see the API Reference overview.
Health & Status
GET /api/health
Returns server health status.
Response — 200:
{
"data": {
"status": "ok"
}
}GET /api/settings/auth-status
Returns whether authentication is enabled and OIDC status.
Response — 200:
{
"data": {
"authEnabled": true,
"oidcEnabled": false,
"hasUsers": true
}
}Authentication
POST /api/auth/setup
Create the first user (only works when no users exist). This user becomes a super_admin.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email |
password | string | Yes | User password |
displayName | string | No | Display name |
Example:
{
"email": "admin@example.com",
"password": "securepassword",
"displayName": "Admin"
}Response — 201:
{
"data": {
"token": "eyJhbG...",
"user": {
"id": "user_001",
"email": "admin@example.com",
"displayName": "Admin",
"role": "super_admin"
}
}
}POST /api/auth/login
Authenticate with email and password.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email |
password | string | Yes | User password |
Response — 200:
{
"data": {
"token": "eyJhbG...",
"user": {
"id": "user_001",
"email": "admin@example.com",
"displayName": "Admin",
"role": "super_admin"
}
}
}POST /api/auth/register
Register a new user.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email |
password | string | Yes | User password |
displayName | string | No | Display name |
Response — 201:
{
"data": {
"token": "eyJhbG...",
"user": {
"id": "user_002",
"email": "user@example.com",
"displayName": "User",
"role": "user"
}
}
}GET /api/auth/me
Get the current authenticated user.
Response — 200:
{
"data": {
"id": "user_001",
"email": "admin@example.com",
"displayName": "Admin",
"role": "super_admin"
}
}Admin Users
WARNING
All admin user endpoints require super_admin or admin role.
GET /api/admin/users
List all users with pagination and search.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
search | string | Filter users by name or email |
offset | number | Number of users to skip (default: 0) |
limit | number | Maximum users to return (default: 50, max: 100) |
Response — 200:
{
"data": {
"users": [
{
"id": "user_001",
"email": "admin@example.com",
"name": "Admin",
"role": "super_admin",
"authProvider": "local",
"avatarUrl": null,
"isSuperAdmin": true,
"createdAt": "2025-01-01T00:00:00Z"
}
],
"total": 1
}
}POST /api/admin/users
Create a new user with a generated password.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email |
name | string | Yes | Display name |
role | string | Yes | Role: super_admin, admin, or user |
Response — 201:
{
"data": {
"user": {
"id": "user_003",
"email": "newuser@example.com",
"name": "New User",
"role": "user",
"authProvider": "local",
"avatarUrl": null,
"isSuperAdmin": false,
"createdAt": "2025-06-01T12:00:00Z"
},
"generatedPassword": "xK9#mP2vL5nQ"
}
}TIP
The generated password is only returned once. Share it securely with the user — they will be prompted to change it on first login.
PATCH /api/admin/users/{id}
Update a user's name or role.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | New display name |
role | string | No | New role (super_admin, admin, or user) |
Response — 200:
{
"data": {
"id": "user_003",
"email": "newuser@example.com",
"name": "Updated Name",
"role": "admin",
"authProvider": "local",
"avatarUrl": null,
"isSuperAdmin": false,
"createdAt": "2025-06-01T12:00:00Z"
}
}DELETE /api/admin/users/{id}
Delete a user. Cannot delete yourself or the last super admin. Owned projects are reassigned to a super admin.
Response — 204 (no body)
POST /api/admin/users/{id}/reset-password
Reset a user's password (local auth only, not available for SSO users).
Response — 200:
{
"data": {
"generatedPassword": "hN7$kR4wB8mJ"
}
}GET /api/admin/users/{id}/check-delete
Check the impact of deleting a user (number of owned projects that would be reassigned).
Response — 200:
{
"data": {
"ownedProjectsCount": 3
}
}Organizations
POST /api/organizations
Create a new organization.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Organization name |
Response — 201:
{
"data": {
"id": "org_001",
"name": "My Team"
}
}GET /api/organizations
List all organizations the current user belongs to.
Response — 200:
{
"data": [
{
"id": "org_001",
"name": "My Team"
}
]
}GET /api/organizations/{id}
Get a single organization.
| Parameter | Location | Type | Description |
|---|---|---|---|
id | path | string | Organization ID |
Response — 200:
{
"data": {
"id": "org_001",
"name": "My Team"
}
}PATCH /api/organizations/{id}
Update an organization.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | New organization name |
Response — 200:
{
"data": {
"id": "org_001",
"name": "Renamed Team"
}
}DELETE /api/organizations/{id}
Delete an organization. Fails if the organization still has projects.
Response — 204 (no body)
GET /api/organizations/{id}/members
List organization members.
Response — 200:
{
"data": [
{
"userId": "user_001",
"email": "admin@example.com",
"displayName": "Admin",
"role": "admin"
}
]
}POST /api/organizations/{id}/members
Add a member to an organization.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email to add |
role | string | No | Member role (admin or member, defaults to member) |
PATCH /api/organizations/{id}/members/{userId}
Update a member's role.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
role | string | Yes | New role (admin or member) |
DELETE /api/organizations/{id}/members/{userId}
Remove a member from the organization.
Response — 204 (no body)
PUT /api/organizations/{orgId}/default-credential
Set the default credential for an organization.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
credentialId | string | Yes | Credential ID to set as default |
Projects
POST /api/projects
Create a new project.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Project name |
path | string | Yes | Absolute path to the project directory |
organizationId | string | No | Organization to associate with |
Response — 201:
{
"data": {
"id": "proj_001",
"name": "My App",
"path": "/home/user/my-app"
}
}GET /api/projects
List all projects accessible to the current user.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
organizationId | string | Filter by organization |
GET /api/projects/{id}
Get a single project.
DELETE /api/projects/{id}
Delete a project and all its boards, columns, and cards.
Response — 204 (no body)
PATCH /api/projects/reorder
Reorder projects.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
ids | string[] | Yes | Ordered list of project IDs |
PATCH /api/projects/{id}/last-opened
Mark a project as last opened (used for restoring UI state).
Response — 204 (no body)
POST /api/projects/{id}/mark-all-read
Mark all cards in a project as read.
Response — 204 (no body)
GET /api/projects/{id}/export
Export the full project as a JSON file.
Response — 200: JSON file download
GET /api/projects/{projectId}/files
List git-tracked files in the project directory.
Response — 200:
{
"data": [
"src/main.rs",
"Cargo.toml",
"README.md"
]
}PUT /api/projects/{projectId}/credential
Set the credential used for this project.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
credentialId | string | Yes | Credential ID |
Project Members
GET /api/projects/{id}/members
List project members.
POST /api/projects/{id}/members
Add a member to a project (by email, creates a pending invitation if user doesn't exist).
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email |
role | string | No | Member role |
PATCH /api/projects/{projectId}/members/{userId}
Update a project member's role.
DELETE /api/projects/{projectId}/members/{userId}
Remove a member from a project.
Response — 204 (no body)
DELETE /api/projects/{projectId}/invitations/{email}
Remove a pending invitation from a project.
Response — 204 (no body)
Boards
GET /api/projects/{projectId}/boards
List all boards in a project.
Response — 200:
{
"data": [
{
"id": "board_001",
"name": "Main Board",
"projectId": "proj_001",
"position": 0
}
]
}POST /api/projects/{projectId}/boards
Create a new board in a project.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Board name |
templateId | string | No | Board template to use for initial columns |
Response — 201:
{
"data": {
"id": "board_002",
"name": "Sprint Board",
"projectId": "proj_001",
"position": 1
}
}PATCH /api/projects/{projectId}/boards/{boardId}
Update a board.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | New board name |
DELETE /api/projects/{projectId}/boards/{boardId}
Delete a board and its columns/cards.
Response — 204 (no body)
PATCH /api/projects/{projectId}/boards/reorder
Reorder boards within a project.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
ids | string[] | Yes | Ordered list of board IDs |
Columns
GET /api/projects/{projectId}/columns
List columns in a project.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
boardId | string | Filter columns by board |
Response — 200:
{
"data": [
{
"id": "col_001",
"name": "Backlog",
"columnType": "backlog",
"position": 0,
"boardId": "board_001"
}
]
}POST /api/projects/{projectId}/columns
Create a new column.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Column name |
columnType | string | Yes | Type: backlog, active, done, archive |
boardId | string | Yes | Board to add the column to |
prompt | string | No | Agent prompt for this column |
PATCH /api/projects/{projectId}/columns/{columnId}
Update a column.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | Column name |
prompt | string | No | Agent prompt |
DELETE /api/projects/{projectId}/columns/{columnId}
Delete a column.
Response — 204 (no body)
PATCH /api/projects/{projectId}/columns/reorder
Reorder columns within a board.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
ids | string[] | Yes | Ordered list of column IDs |
POST /api/projects/{projectId}/columns/{columnId}/clean-all
Delete all cards in a column.
Response — 204 (no body)
Cards (Project-Scoped)
GET /api/projects/{projectId}/cards
List all cards in a project.
Response — 200:
{
"data": [
{
"id": "card_001",
"title": "Fix login bug",
"columnId": "col_001",
"position": 0,
"hasActiveAgent": false
}
]
}GET /api/projects/{projectId}/cards/{cardId}
Get a single card with full details.
PATCH /api/projects/{projectId}/cards/{cardId}
Update a card.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
title | string | No | Card title |
prompt | string | No | Card prompt |
labels | string[] | No | Card labels |
DELETE /api/projects/{projectId}/cards/{cardId}
Delete a card.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
force | boolean | Skip worktree check (true to force delete) |
Response — 204 (no body)
POST /api/projects/{projectId}/cards/{cardId}/view
Mark a card as viewed by the current user.
Response — 204 (no body)
PATCH /api/projects/{projectId}/cards/{cardId}/move
Move a card to a different column.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
columnId | string | Yes | Target column ID |
position | number | No | Position in the target column |
GET /api/projects/{projectId}/cards/{cardId}/diff
Get the git diff for a card's worktree.
Response — 200:
{
"data": {
"diff": "diff --git a/src/main.rs ...",
"stats": {
"filesChanged": 3,
"insertions": 42,
"deletions": 10
}
}
}PATCH /api/projects/{projectId}/cards/{cardId}/auto-mode
Toggle auto mode for a card.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | Yes | Enable or disable auto mode |
POST /api/projects/{projectId}/cards/{cardId}/approve-auto
Approve automatic progression to the next pipeline column.
Response — 204 (no body)
POST /api/projects/{projectId}/cards/{cardId}/complete
Mark a card as complete.
Response — 204 (no body)
POST /api/projects/{projectId}/cards/{cardId}/activate
Activate a deferred card.
Response — 204 (no body)
PUT /api/projects/{projectId}/cards/{cardId}/credential
Set the credential for a specific card.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
credentialId | string | Yes | Credential ID |
Card Pipeline
GET /api/projects/{projectId}/cards/{cardId}/pipeline
Get the pipeline configuration for a card.
Response — 200:
{
"data": {
"steps": [
{
"columnId": "col_001",
"columnName": "Backlog",
"prompt": "Analyze the requirements"
}
]
}
}PUT /api/projects/{projectId}/cards/{cardId}/pipeline
Update the pipeline configuration for a card.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
steps | object[] | Yes | Pipeline step definitions |
Card Attachments
GET /api/projects/{projectId}/cards/{cardId}/attachments
List attachments on a card.
POST /api/projects/{projectId}/cards/{cardId}/attachments
Upload an attachment to a card. Use multipart/form-data.
Form fields:
| Field | Type | Required | Description |
|---|---|---|---|
file | file | Yes | The file to upload |
Response — 201:
{
"data": {
"id": "att_001",
"filename": "screenshot.png",
"contentType": "image/png",
"size": 45320
}
}GET /api/attachments/{attachmentId}
Download an attachment file.
Response — 200: File download with appropriate Content-Type header.
Cards (External Flat API)
These endpoints provide a simplified interface for external integrations — no project scoping in the URL.
POST /api/cards
Create a card (includes projectId in the body).
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
projectId | string | Yes | Target project ID |
title | string | Yes | Card title |
prompt | string | No | Card prompt / description |
Response — 201:
{
"data": {
"id": "card_001",
"title": "Fix login bug",
"projectId": "proj_001",
"columnId": "col_001",
"position": 0
}
}GET /api/cards/{id}
Get card detail with column name and session history.
Response — 200:
{
"data": {
"id": "card_001",
"title": "Fix login bug",
"columnName": "In Progress",
"sessions": []
}
}GET /api/cards/{id}/status
Lightweight card status check.
Response — 200:
{
"data": {
"id": "card_001",
"title": "Fix login bug",
"columnName": "Backlog",
"hasActiveAgent": false
}
}Agents
GET /api/projects/{projectId}/cards/{cardId}/agent
Get the current agent session for a card.
Response — 200:
{
"data": {
"sessionId": "sess_001",
"status": "running",
"cardId": "card_001"
}
}POST /api/projects/{projectId}/cards/{cardId}/agent/cancel
Cancel the running agent on a card.
Response — 204 (no body)
GET /api/projects/{projectId}/cards/{cardId}/agent/sessions
List all agent sessions for a card.
GET /api/projects/{projectId}/cards/{cardId}/agent/history
Get session summaries (condensed history).
GET /api/projects/{projectId}/cards/{cardId}/agent/messages
Get agent messages with pagination.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
sessionId | string | Filter by session |
since | string | Messages after this timestamp |
before | string | Messages before this timestamp |
limit | number | Maximum messages to return |
POST /api/projects/{projectId}/cards/{cardId}/agent/message
Send a message to the agent.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
content | string | Yes | Message content |
POST /api/projects/{projectId}/cards/{cardId}/agent/retry
Retry the last agent action.
Response — 204 (no body)
POST /api/projects/{projectId}/cards/{cardId}/agent/relaunch
Relaunch the agent (new session).
Response — 204 (no body)
POST /api/projects/{projectId}/cards/{cardId}/agent/relay
Relay context to the agent (context handoff for continuation).
Response — 204 (no body)
POST /api/projects/{projectId}/cards/{cardId}/agent/plan-approve
Approve or revise the agent's plan.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
approved | boolean | Yes | Whether to approve the plan |
feedback | string | No | Feedback or revision instructions |
POST /api/projects/{projectId}/cards/{cardId}/summary
Generate a summary of the card's agent work.
Response — 200:
{
"data": {
"summary": "Implemented login form validation with email format checking..."
}
}GET /api/projects/{projectId}/active-agents
List all active agents in a project.
Response — 200:
{
"data": [
{
"cardId": "card_001",
"cardTitle": "Fix login bug",
"status": "running"
}
]
}Assistant
GET /api/projects/{projectId}/assistant
Get the assistant status for a project.
POST /api/projects/{projectId}/assistant/message
Send a message to the project assistant.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
content | string | Yes | Message content |
Credentials
GET /api/credentials
List all credentials.
POST /api/credentials
Create a new credential.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Credential display name |
provider | string | Yes | Provider type (e.g., anthropic, openai) |
apiKey | string | No | API key (if not using OAuth) |
Response — 201:
{
"data": {
"id": "cred_001",
"name": "My Anthropic Key",
"provider": "anthropic"
}
}GET /api/credentials/{id}
Get a single credential (API key is masked).
Response — 200:
{
"data": {
"id": "cred_001",
"name": "My Anthropic Key",
"provider": "anthropic",
"apiKey": "sk-ant-...****"
}
}PATCH /api/credentials/{id}
Update a credential.
Response — 200:
{
"data": {
"id": "cred_001",
"name": "Renamed Key",
"provider": "anthropic"
}
}DELETE /api/credentials/{id}
Delete a credential.
Response — 204 (no body)
POST /api/credentials/{id}/verify
Verify that a credential is valid by testing the API connection.
Response — 200:
{
"data": {
"valid": true
}
}GET /api/credentials/{id}/usage
Get usage statistics for a credential.
POST /api/credentials/oauth/init
Start an OAuth flow for credential setup.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
provider | string | Yes | OAuth provider |
GET /api/credentials/{id}/oauth/status
Check the OAuth authorization status for a credential.
Pre-Sessions (Prompt Planning)
Pre-sessions let you refine a card prompt before starting the agent.
POST /api/projects/{projectId}/pre-session
Create a new pre-session.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
cardId | string | Yes | Card to create the pre-session for |
POST /api/projects/{projectId}/pre-session/{sessionId}/message
Send a message in the pre-session conversation.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
content | string | Yes | Message content |
POST /api/projects/{projectId}/pre-session/{sessionId}/accept
Accept the refined prompt from the pre-session.
POST /api/projects/{projectId}/pre-session/{sessionId}/cancel
Cancel the pre-session.
GET /api/projects/{projectId}/pre-session/{sessionId}/messages
Get all messages in a pre-session.
Board Templates
GET /api/board-templates
List all board templates.
Response — 200:
{
"data": [
{
"id": "tpl_001",
"name": "Kanban Default",
"columns": [
{ "name": "Backlog", "columnType": "backlog" },
{ "name": "In Progress", "columnType": "active" },
{ "name": "Done", "columnType": "done" }
]
}
]
}POST /api/board-templates
Create a board template.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Template name |
columns | object[] | Yes | Column definitions |
PATCH /api/board-templates/{id}
Update a board template.
DELETE /api/board-templates/{id}
Delete a board template.
Response — 204 (no body)
Filesystem
GET /api/filesystem/browse
Browse directories on the server.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
path | string | Directory path to browse |
GET /api/filesystem/read
Read a file's content from the server.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
path | string | File path to read |
Scripts
GET /api/projects/{projectId}/scripts
List scripts configured for a project.
POST /api/projects/{projectId}/scripts
Create a new script.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Script display name |
command | string | Yes | Shell command to run |
PUT /api/projects/{projectId}/scripts/reorder
Reorder scripts.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
ids | string[] | Yes | Ordered list of script IDs |
GET /api/projects/{projectId}/scripts/status
Get current script execution status.
PUT /api/projects/{projectId}/scripts/{scriptId}
Update a script.
DELETE /api/projects/{projectId}/scripts/{scriptId}
Delete a script.
Response — 204 (no body)
POST /api/projects/{projectId}/scripts/{scriptId}/run
Run a script.
POST /api/projects/{projectId}/scripts/{scriptId}/cancel
Cancel a running script.
Slash Commands
GET /api/projects/{projectId}/slash-commands
List available slash commands for a project.
Response — 200:
{
"data": [
{
"name": "/test",
"description": "Run project tests"
}
]
}Settings & Configuration
GET /api/settings/auth
Get authentication settings.
PUT /api/settings/auth
Enable or disable authentication.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | Yes | Enable or disable auth |
WARNING
Requires super_admin role.
GET /api/settings/notifications
Get notification preferences.
PUT /api/settings/notifications
Update notification preferences.
GET /api/settings/context-relay
Get context relay mode setting.
PUT /api/settings/context-relay
Update context relay mode.
GET /api/settings/keyboard-shortcuts
Get custom keyboard shortcuts.
PUT /api/settings/keyboard-shortcuts
Update custom keyboard shortcuts.
User Settings
GET /api/user/settings
Get user preferences (theme, sidebar state, etc.).
Response — 200:
{
"data": {
"theme": "dark",
"highContrast": false,
"sidebarExpanded": true,
"agentReasoning": true,
"statusLine": true,
"hiddenToolTypes": []
}
}PUT /api/user/settings
Update user preferences.
User Search
GET /api/users/search
Search for users by name or email.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
q | string | Search query |
Response — 200:
{
"data": [
{
"id": "user_001",
"email": "admin@example.com",
"displayName": "Admin"
}
]
}Panel States
Panel states persist UI layout preferences per card.
GET /api/projects/{projectId}/panel-states
Get all panel states for a project.
Response — 200:
{
"data": {}
}PUT /api/projects/{projectId}/panel-states
Update panel states.
Response — 200:
{
"data": {}
}DELETE /api/projects/{projectId}/panel-states/{cardId}
Delete a panel state for a specific card.
Response — 204 (no body)
Logs
GET /api/logs
Get server log entries.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
level | string | Filter by log level (info, warn, error) |
search | string | Full-text search in log messages |
limit | number | Maximum entries to return |
Log Export Configuration
GET /api/settings/log-export
Get log export configuration.
PUT /api/settings/log-export
Update log export configuration (e.g., external log aggregation).
POST /api/settings/log-export/test
Test the log export connection.
Export & Backup
POST /api/export
Export organization data.
POST /api/backups
Create a full backup.
WARNING
Requires super_admin role.
GET /api/backups
List available backups.
WARNING
Requires super_admin role.
GET /api/backups/{filename}
Download a backup file.
WARNING
Requires super_admin role.
OIDC (Single Sign-On)
GET /api/settings/oidc
Get the OIDC configuration.
WARNING
Requires super_admin role.
POST /api/settings/oidc
Set the OIDC configuration.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
issuerUrl | string | Yes | OIDC issuer URL |
clientId | string | Yes | Client ID |
clientSecret | string | Yes | Client secret |
WARNING
Requires super_admin role.
DELETE /api/settings/oidc
Remove the OIDC configuration.
WARNING
Requires super_admin role.
POST /api/oidc/test
Test the current OIDC configuration.
GET /api/oidc/login
Initiate the OIDC login flow. Redirects the user to the identity provider.
GET /api/oidc/callback
OIDC callback handler. Receives the authorization code and completes authentication.
WebSocket
GET /api/ws
Upgrade to a WebSocket connection for real-time events. All card mutations, agent status changes, and notifications are broadcast to connected clients.
Query parameters:
| Parameter | Type | Description |
|---|---|---|
token | string | Bearer token for authentication (required when auth is enabled) |
TIP
When authentication is enabled, pass the token as a query parameter since WebSocket connections do not support custom headers during the upgrade handshake. The server closes the connection with code 4001 if the token is missing or invalid.
Connect using a standard WebSocket client:
// Without auth
const ws = new WebSocket('ws://localhost:37100/api/ws');
// With auth
const ws = new WebSocket('ws://localhost:37100/api/ws?token=eyJhbG...');
ws.onmessage = (event) => {
const message = JSON.parse(event.data);
console.log('Event:', message.type, message.data);
};After connecting, subscribe to a project to receive its events:
ws.send(JSON.stringify({ type: 'subscribe', payload: { projectId: 1 } }));