API Overview
The API surface is intentionally segmented by authentication boundary.
Public API
Audience: customer backends, connectors, and service integrations.
Auth: API key bearer token.
Primary routes include:
POST /v1/authorizeGET /v1/permits/:requestIdGET /v1/workspaces/:workspaceId/.well-known/jwks.jsonPOST /v1/connectors/:installationId/invokePOST /v1/gateway/executeGET /public/requests/:requestId/summary
Admin API
Audience: authenticated admin UI sessions.
Auth: session pre-handler.
Routes live under /admin/* and support workspace management, members, policies, requests, approvals, audit, billing, and connector lifecycle actions.
Internal API
Audience: ops/internal tooling only.
Auth: INTERNAL_SERVICE_TOKEN.
Routes live under /internal/* and cover customer operations, entitlement management, billing sync/assignment, and internal reporting.
Stability labels
- Public API: contract-focused, customer-facing
- Admin API: product-internal but user-visible via admin app
- Internal API: private control-plane interface, not for external use
Generated references
- Endpoint inventory:
/api/reference/openapi