API Reference
All endpoints require an API key via the Authorization header.
▓ auth
Authorization: Bearer pk_your_api_key
# Agents
POST
/agents
Create agent from YAML config
GET
/agents
List all agents with session stats
GET
/agents/:id
Get agent detail with parsed config
PUT
/agents/:id
Update agent config
DELETE
/agents/:id
Delete agent
# Sessions
POST
/agents/:agentId/sessions
Create new session for agent
GET
/sessions
List sessions (filter: agent_id, status, limit, offset)
GET
/sessions/:id
Get session state from Durable Object
POST
/sessions/:id/messages
Send message and start turn
POST
/sessions/:id/steer
Steer running session
GET
/sessions/:id/events
Get step events (filter: since_seq)
GET
/sessions/:id/logs
Get structured logs
GET
/sessions/:id/history
Get full message history
GET
/sessions/:id/ws
WebSocket for real-time streaming
# API Keys
GET
/api-keys
List API keys
POST
/api-keys
Create new API key
DELETE
/api-keys/:id
Revoke API key
# Rate Limits
120 requests per minute per IP address.
| Header | Description |
|---|---|
| X-RateLimit-Limit | Max requests per window (120) |
| X-RateLimit-Remaining | Remaining requests |
| X-RateLimit-Reset | Unix timestamp when window resets |
# Errors
| Code | Meaning |
|---|---|
| 400 | Bad request (missing/invalid params) |
| 401 | Unauthorized (missing/invalid API key) |
| 404 | Resource not found |
| 429 | Rate limit exceeded |
| 500 | Internal server error |