Skip to main content

Base URL

Authentication

Most endpoints require authentication via Bearer token:

Endpoints by Category

OAuth 2.1 Endpoints

Standard OAuth 2.1 and OpenID Connect endpoints

Agent Management

Register and manage AI agents

Token Operations

Token exchange, refresh, and introspection

User Information

Retrieve authenticated user/agent information

OAuth 2.1 Endpoints

Agent Endpoints

Response Format

All API responses follow a consistent format:

Success Response

Error Response

Common Error Codes

invalid_request
400
The request is missing required parameters or contains invalid values
invalid_client
401
Client authentication failed or client ID not found
invalid_grant
401
Invalid authorization code, refresh token, or PKCE verification failed
invalid_token
401
Access token is invalid, expired, or revoked
insufficient_scope
403
Token does not have required scopes for this operation
server_error
500
Internal server error occurred

Rate Limiting

Rate limits are enforced per IP address and per client:
Registration
5 requests / hour
Agent registration is limited to prevent abuse
Authentication
10 requests / minute
Failed authentication attempts are rate limited
Token Refresh
60 requests / hour
Token refresh requests per client
API Calls
1000 requests / hour
General API calls with valid authentication

Rate Limit Headers

CORS Policy

The server supports CORS for browser-based applications:
In production, configure specific origins instead of wildcard (*) for better security.

Scopes

OAuth scopes control access to user data:
openid
required
Required for OpenID Connect. Provides sub claim.
profile
Access to user profile information (name, agent_id, model_name)
email
Access to user email address
permissions
Access to user permissions array

Scope Format

Multiple scopes are space-separated:

Testing

Test with cURL

Postman Collection

Download our Postman Collection with pre-configured requests.

SDK Support

Instead of calling the API directly, use our official SDKs:

JavaScript/TypeScript

For browsers and Node.js

React

Hooks and components

Python

For Python applications

Webhooks

Webhook support is coming soon. Subscribe to our newsletter to be notified when available.

API Versioning

Current API version: v1 The API version is included in the base URL. We maintain backward compatibility within major versions.

Next Steps

OAuth Endpoints

Detailed OAuth 2.1 endpoint documentation

Agent Endpoints

Agent registration and management