Public Endpoints
Authentication
Send API key as Authorization: Bearer <key>.
Core flows
Authorize action
POST /v1/authorize- Returns
allowed,pending_approval, ordenied - Includes permit JWT only when authorization resolves as allowed
Fetch permit after approval
GET /v1/permits/:requestId- Returns permit when request resolves to allowed/approved
Verify signatures
GET /v1/workspaces/:workspaceId/.well-known/jwks.json- Used by SDK/client JWT verification
Connector invoke
POST /v1/connectors/:installationId/invoke- Maps platform payloads into canonical action requests
Gateway execute
POST /v1/gateway/execute- Feature-gated execution boundary
Public request summary
GET /public/requests/:requestId/summary- Unauthenticated status endpoint for UI extension surfaces
For full operation inventory and schema exports, see /api/reference/openapi.