Skip to main content

REST reference

The most-used endpoints, grouped by area. Auth column abbreviations: P = public · U = user JWT · A = admin JWT · S = signed (HMAC / AppAPI).

Health

MethodPathAuthPurpose
GET/api/healthP{status, version, tier}
GET/api/guard/healthPGuard sidecar health probe

A global Prometheus /metrics endpoint is on the roadmap but not currently exposed. Today only the ticket-assistant route emits Prometheus-style metrics — see Reference → Telemetry.

Auth & sessions

MethodPathAuthPurpose
GET/auth/setup-statusPIs the org bootstrapped? OAuth providers configured? Available locales
POST/auth/setupPFirst-time admin password setup (one-shot)
POST/auth/admin-loginPUsername/password login
POST/auth/signupPUser registration (if enabled)
GET/auth/invite/:tokenPResolve invite token
POST/auth/logoutUEnd session
GET/auth/userUCurrent user record
GET/auth/my-permissionsUPermissions, groups, orgs, beta features
POST/auth/update-profileUUpdate profile (name, avatar, language)
POST/api/session-tokenUIssue popup→iframe session token
GET/auth/admin/signup-settingsARead signup config
PUT/auth/admin/signup-settingsAWrite signup config
GET/auth/admin/waitlistAList pending signups
POST/auth/admin/waitlist/:userId/approveAApprove waitlist entry
POST/auth/admin/waitlist/:userId/rejectAReject waitlist entry
POST/auth/pending-signupPAdd to waitlist
GET/auth/organizations/publicPPublic organisations (for embedded chat)

OAuth & SSO

MethodPathAuthPurpose
GET/auth/google/loginPStart Google OAuth
GET/auth/google/callbackPGoogle OAuth callback
GET/auth/microsoft/loginPStart Microsoft OAuth
GET/auth/microsoft/callbackPMicrosoft OAuth callback
GET/auth/github/loginPStart GitHub OAuth
GET/auth/github/callbackPGitHub OAuth callback
GET/auth/nextcloud/loginPStart NC OAuth (standalone)
GET/auth/nextcloud/callbackPNC OAuth callback
GET/auth/saml/metadataPSAML SP metadata XML
POST/auth/saml/acsPSAML assertion consumer
GET/auth/login-pickupPOAuth callback redirect handler

Connector handshake

MethodPathAuthPurpose
POST/auth/connector/bootstrapSNC connector → SaaS first-time tenant provisioning
GET/auth/nc-handshakeSNC SPA → SaaS short-lived JWT issuance
POST/auth/webhook/nc-user-syncSNC events forwarded by the connector
POST/auth/nc-consentURecord user's first-load privacy consent

Users & API keys

MethodPathAuthPurpose
GET/api/usersAList org users
POST/api/usersAInvite user
PATCH/api/users/:idAUpdate user
DELETE/api/users/:idADelete user (soft)
GET/api/api-keysUList my keys
POST/api/api-keysUCreate new key (returned once)
DELETE/api/api-keys/:idURevoke key

Organisations

MethodPathAuthPurpose
GET/api/organisationUCurrent org settings
PATCH/api/organisationAUpdate org settings
GET/api/organisation/groupsUList groups
POST/api/organisation/groupsACreate group
PATCH/api/organisation/groups/:idAUpdate group
DELETE/api/organisation/groups/:idADelete group
POST/api/organisation/groups/:id/membersAAdd member
DELETE/api/organisation/groups/:id/members/:userIdARemove member

Agents

Agents are mounted at /agents (not /api/agents).

MethodPathAuthPurpose
GET/agentsUList visible agents
POST/agentsUCreate agent
GET/agents/:idURead agent
PATCH/agents/:idUUpdate agent
DELETE/agents/:idUDelete agent
POST/agents/:id/publishUPublish to Marketplace
POST/agents/:id/duplicateUFork an existing agent
GET/agents/:id/toolsUResolved tool list for this agent + user

Conversations & messages

Conversations are agent-scoped. There is no standalone /api/conversations collection.

MethodPathAuthPurpose
GET/agents/:id/conversationsUList conversations for this agent
POST/agents/:id/conversationsUStart a new conversation
GET/agents/:id/conversations/:convIdURead
PATCH/agents/:id/conversations/:convIdUUpdate metadata (title, archive, etc.)
DELETE/agents/:id/conversations/:convIdUSoft delete
GET/agents/:id/conversations/:convId/workspaceUConversation workspace (artefacts)

Direct (no-agent) chat conversations live under /ai/direct/conversations instead — see below.

Chat (streaming)

The chat router is mounted at /ai. Streaming uses SSE — see Streaming for the event protocol.

MethodPathAuthPurpose
POST/ai/chatUAgent chat — stream a turn (SSE)
POST/ai/chat/direct/streamUDirect (no-agent) chat — stream a turn (SSE)
GET/ai/direct/conversationsUList direct-mode conversations
GET/ai/direct/conversations/:idURead direct conversation
PATCH/ai/direct/conversations/:idUUpdate direct conversation
POST/api/chat/dlp-decisionUResolve a Privacy Shield interactive decision ({decisionId, choice}) — choice is redact/block/allow.

Knowledge bases

Standalone knowledge bases (org-wide, used by agents and direct chat) live under /api/kb. Agent-scoped knowledge (older API) lives under /agents/:id/knowledge.

MethodPathAuthPurpose
GET/api/kbUList KBs
POST/api/kbUCreate KB
GET/api/kb/:idURead KB
PATCH/api/kb/:idUUpdate settings
DELETE/api/kb/:idUDelete KB
GET/api/kb/publishedUList published / shared KBs
GET/api/kb/categoriesUList categories
POST/api/kb/categoriesACreate category (requires manage_knowledge)
GET/api/kb/:id/documentsUList documents
POST/api/kb/:id/ingest/fileUUpload a document (multipart)
POST/api/kb/:id/ingest/textUIngest plain text
POST/api/kb/:id/ingest/urlUIngest from URL
POST/api/kb/:id/ingest/sitemapUBulk ingest from sitemap
DELETE/api/kb/:id/documents/:docIdURemove document
GET/api/kb/favoritesUList my favourite KBs
PUT/api/kb/:id/favoriteUMark KB as favourite
DELETE/api/kb/:id/favoriteUUnmark KB

Legacy agent-scoped knowledge endpoints (kept for backwards compat):

MethodPathAuthPurpose
GET/agents/:id/knowledgeUList agent-attached knowledge items
POST/agents/:id/knowledgeUAttach text/URL knowledge to an agent
POST/agents/:id/knowledge/uploadUUpload a file (multipart)
POST/agents/:id/knowledge/urlUAttach by URL
POST/agents/:id/knowledge/searchUSearch this agent's knowledge
DELETE/agents/:id/knowledge/:itemIdURemove a knowledge item

Automations (Pro+)

MethodPathAuthPurpose
GET/api/automationUList automations
POST/api/automationUCreate
GET/api/automation/:idURead
PATCH/api/automation/:idUUpdate
DELETE/api/automation/:idUDelete
POST/api/automation/:id/runsUTrigger a manual run
GET/api/automation/:id/runsUList runs
GET/api/automation/:id/runs/:runIdURun detail (steps, logs)
POST/api/automation/:id/runs/:runId/cancelUCancel running
POST/api/automation/:id/runs/:runId/resumeUResume from awaiting step
POST/api/automation/:id/runs/:runId/retry-from/:stepIdURetry from a specific step
POST/api/automation/webhook/:idWebhook trigger entry
POST/api/automation/builder/validateUValidate a draft graph

¹ Auth via webhook token in URL or header.

Webpages (Pro+)

MethodPathAuthPurpose
GET/api/webpagesUList crawled pages
POST/api/webpagesUAdd a URL to crawl
GET/api/webpages/:idURead
DELETE/api/webpages/:idURemove

Meeting notes & transcriptions (Pro+)

MethodPathAuthPurpose
GET/api/transcriptionsUList
POST/api/transcriptionsUSubmit audio
GET/api/transcriptions/:idURead
POST/api/meet-bot/joinUSend the meeting bot to a URL
POST/api/meet-bot/:id/leaveURecall the bot

Skills (Pro+)

MethodPathAuthPurpose
GET/api/skillsUList installed skills
POST/api/skillsUInstall a skill
DELETE/api/skills/:idUUninstall
GET/api/marketplace/skillsPBrowse public skills

Ticket assistant (Pro+)

MethodPathAuthPurpose
GET/api/ticket-assistant/ticketsUList tickets
POST/api/ticket-assistant/ticketsUCreate from email
GET/api/email-kb/inboxUInbox view

Integrations

MethodPathAuthPurpose
GET/api/integrationsUList my connected integrations
POST/api/integrations/:id/connectUStart OAuth/key flow
DELETE/api/integrations/:idUDisconnect
GET/admin/:orgId/nc-integrationsAOrg-level NC integration toggles
PUT/admin/:orgId/nc-integrationsAUpdate org-level toggles
GET/admin/:orgId/nc-integrations/groupsAPer-group disable lists
PUT/admin/:orgId/nc-integrations/groups/:groupIdAUpdate per-group disables

License

MethodPathAuthPurpose
GET/api/license/statusUActive tier + features + limits
POST/api/license/applyAApply a JWT licence key
DELETE/api/licenseARevert to Community

Audit & compliance (Enterprise+)

Gated by the compliance_hub_gdpr license feature. The hub is a check-runner — admins schedule and inspect compliance checks (GDPR readiness, retention policy, etc.).

MethodPathAuthPurpose
GET/api/compliance/overviewATier-aware compliance summary
GET/api/compliance/checksAList all checks for this org
GET/api/compliance/checks/:id/historyAPast results for a single check
POST/api/compliance/checks/runARun every applicable check now
POST/api/compliance/checks/:id/runARun a single check now
GET/api/compliance/registryAThe static check definitions (catalog)
GET/api/compliance/settingsARead compliance settings
PUT/api/compliance/settingsAWrite compliance settings
POST/api/compliance/settings/onboardedAMark the compliance hub as onboarded

Webhooks

MethodPathAuthPurpose
POST/webhook/audit-eventsSReceive SIEM-bound audit events (self)
POST/webhook/license-revocationSReceive licence revocation push

Notes

  • Errors are JSON (format).
  • Streaming endpoints (/ai/chat, /ai/chat/direct/stream, /api/voice/turn) speak SSE — see Streaming.