Skip to main content

Developer

An API that runs the same UI agents use

No private endpoints, no UI-only actions. Every feature in the agent dashboard has a matching public REST endpoint, documented in OpenAPI 3.1.

Example: send a reply

POST /api/v1/threads/thr_01H8X3YVKM/reply
Authorization: Bearer sk_live_abc123...
Content-Type: application/json
Idempotency-Key: 9c8b7a6d-...

{
  "body": "Thanks for reaching out — we will look into this and get back within 4 hours.",
  "attachments": []
}

→ HTTP 201
{
  "data": {
    "id": "msg_01H8X4YNQX",
    "threadId": "thr_01H8X3YVKM",
    "authorType": "AGENT",
    "createdAt": "2026-04-29T19:14:00Z"
  },
  "error": null
}

Built for developers

The features your team actually needs

OpenAPI 3.1

Machine-readable spec at /api/v1/openapi. Generate clients in any language; CI catches breaking changes between releases.

Scoped API keys

Per-key scopes (read, write, admin) with explicit per-resource granularity. Keys hashed with bcrypt, never logged plaintext.

Signed webhooks

HMAC-SHA256 signature on every outbound webhook. Replay attacks rejected via timestamp validation. 10-failure auto-disable.

Idempotency keys

Every mutation accepts an Idempotency-Key header. Retries are safe; duplicate requests return the original response.

Full UI parity

No private endpoints. Whatever your agents can do in the dashboard, your code can do via the API.

Rate limiting

600 req/min per IP, 3000 req/min per tenant. Aggressive 5/min on auth endpoints. X-RateLimit headers on every response.

Get your API key

Sign up for the free trial and create your first API key in Settings → Developer.