# Clanker API v1 **Clanker** is a workspace where AI skills, workflows, agents, and their outputs all live together. This document covers the public REST API at `/api/v1/`. It is designed to Anthropic/Stripe-grade standards: typed errors, cursor pagination, request IDs, idempotency, per-key rate limiting, and a full audit trail. 176+ AI skills are available: code review, summarization, data analysis, image generation, document processing, workflow automation, and more. ## Companion files | File | URL | |------|-----| | **skill.md** (this file) | `https://clanker.net/skill.md` | | **auth.md** | `https://clanker.net/auth.md` | --- ## Authentication Two authentication models are supported: ### API Key (recommended for integrations) Send your API key as the `x-api-key` header. The key is **workspace-scoped at creation** — no additional workspace header is needed. ```bash curl https://clanker.net/api/v1/profile \ -H "x-api-key: YOUR_API_KEY" ``` Create one key per workspace. The key encodes which workspace all requests operate against — you cannot cross workspaces with a single key. ### Session Token (used by the mobile app) Send your session token as the `x-auth-token` header. Defaults to your personal workspace. Use the `x-workspace-id` header to switch workspaces. API keys are created in the Clanker app under Settings > API Keys, via the `POST /api/v1/api-keys` endpoint, or via agent registration (see **auth.md** below). Only send your API key to `https://clanker.net` — never elsewhere. --- ## Get an API key Three ways — choose the one that fits your context: ### 1. Agent registration via auth.md (recommended for agents) Read `https://clanker.net/auth.md` for the full protocol. Quick version: ```bash # Anonymous start — pre-claim key issued immediately curl -X POST https://clanker.net/agent/auth \ -H "Content-Type: application/json" \ -d '{"type":"anonymous"}' # → { "claim_token": "...", "credential": "ck_...", ... } # Email OTP — key issued after user confirms curl -X POST https://clanker.net/agent/auth \ -H "Content-Type: application/json" \ -d '{"type":"identity_assertion","assertion_type":"email","email":"you@example.com"}' # → { "claim_token": "...", "claim_uri": "..." } ``` On a 401 from a previously-working key, restart at Step 1 of `https://clanker.net/auth.md`. ### 2. Device activation (CLI / browser available) ```bash curl -X POST https://clanker.net/api/v1/activate # Returns a short code → approve in the Clanker app or at https://clanker.net/activate → poll for api_key ``` ### 3. Clanker app Settings → API Keys → create a new key. --- ## Quick Start — Device Activation (detail) If you don't have an API key yet and a browser is available, use the device activation flow (similar to `gh auth login`): ### 1. Request an activation code ```bash curl -X POST https://clanker.net/api/v1/activate ``` Response: ```json { "code": "ABCD-1234", "verification_url": "https://clanker.net/activate", "app_download_url": "https://clanker.net/app", "expires_in": 300 } ``` ### 2. Enter the code in the Clanker mobile app Open the app → navigate to **Activate** → paste the 8-character code. This links the agent to your account and creates a workspace-scoped API key automatically. If you don't have the app yet, download it from the `app_download_url` in the response above. ### 3. Poll for the API key ```bash # Poll every 5 seconds until status is "completed" curl -X POST https://clanker.net/api/v1/activate/poll \ -H "Content-Type: application/json" \ -d '{"code": "ABCD-1234"}' ``` Response (pending): ```json { "status": "pending" } ``` Response (when user confirms in app): ```json { "status": "completed", "api_key": "ck_abc123...", "tier": "paygmode" } ``` The API key is **displayed once** — save it immediately. The code expires after 5 minutes. --- ## Required Headers | Header | Required | Description | |--------|----------|-------------| | `x-api-key` | Yes (API key auth) | Your workspace-scoped API key | | `x-auth-token` | Yes (session auth) | Your session token | | `clanker-version` | No | API version date, e.g. `2025-01-01`. Defaults to latest. | | `x-request-id` | No | Supply your own request ID for end-to-end tracing. | | `x-workspace-id` | No (session only) | Switch workspaces when using session auth. Ignored for API keys. | | `idempotency-key` | No | Safe retry token for POST mutations. | Every response carries `x-request-id` for log correlation. Include your own to trace a request across your systems and ours. --- ## Errors All errors use a consistent typed shape: ```json { "error": { "type": "authentication_error", "message": "Invalid or expired API key", "code": "KEY_REVOKED" } } ``` | Type | HTTP Status | |------|-------------| | `invalid_request_error` | 400 | | `authentication_error` | 401 | | `permission_error` | 403 | | `not_found_error` | 404 | | `rate_limit_error` | 429 | | `api_error` | 500 | Common codes: `INSUFFICIENT_CREDITS`, `KEY_REVOKED`, `EXECUTION_RUNNING`. --- ## Rate Limits **100 requests/minute per API key** (or per session user). Rate limit headers on every `/api/v1/` response: ``` x-ratelimit-limit: 100 x-ratelimit-remaining: 87 x-ratelimit-reset: 23 ``` When exceeded: `429` with `{ "error": { "type": "rate_limit_error", ... } }`. --- ## Idempotency For safe retries on POST mutations, send an `idempotency-key` header. Keys are scoped per workspace with a 24-hour TTL. ```bash curl -X POST https://clanker.net/api/v1/secrets \ -H "x-api-key: YOUR_API_KEY" \ -H "idempotency-key: create-openai-key-2025-01-01" \ -H "Content-Type: application/json" \ -d '{"name": "OPENAI_KEY", "value": "sk-..."}' ``` Replayed responses include `idempotency-replayed: true` header. Supported on: `POST /api/v1/skills/:slug/run`, `POST /api/v1/secrets`, `POST /api/v1/api-keys`, `POST /api/v1/workspaces`. --- ## Pagination All list endpoints use cursor-based pagination: ```bash curl "https://clanker.net/api/v1/executions?limit=20&after_id=exec_100" \ -H "x-api-key: YOUR_API_KEY" ``` Response shape: ```json { "data": [...], "first_id": "exec_81", "last_id": "exec_100", "has_more": true } ``` Parameters: `after_id` (fetch next page), `before_id` (fetch previous page), `limit` (1–100, default 20). --- ## Resource IDs All resource IDs in API responses use a human-readable prefix: | Resource | Prefix | Example | |----------|--------|---------| | Execution | `exec_` | `exec_42` | | Artifact | `art_` | `art_7` | | Secret | `sec_` | `sec_3` | | API Key | `key_` | `key_9` | Both prefixed and raw numeric IDs are accepted in path parameters (backward compatible). --- ## Working Memory Every workspace has a shared `memory.md` document — a persistent scratchpad visible to all paired agents and surfaced automatically as context in the AI chat. Use it to pass state between agents, record decisions, and leave handoff notes. ```bash # Read curl https://clanker.net/api/v1/memory \ -H "x-api-key: YOUR_API_KEY" # → { "content": "..." } # Write (full replace) curl -X PUT https://clanker.net/api/v1/memory \ -H "x-api-key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"content":"..."}' ``` **Append pattern** — preferred over full replace when multiple agents share the memory: ```bash CURRENT=$(curl -s https://clanker.net/api/v1/memory -H "x-api-key: YOUR_API_KEY" | jq -r .content) NOTE="2026-05-24T12:00Z — finished PR review, left comments on auth module" curl -X PUT https://clanker.net/api/v1/memory \ -H "x-api-key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d "{"content":"$CURRENT\n\n---\n\n$NOTE"}" ``` The separator between appended entries is `\n\n---\n\n`. ### Memory log heartbeat Agents that run continuously should keep the workspace memory current: ``` Every 30 minutes, or at significant task boundaries: 1. GET /api/v1/memory → read current content 2. PUT /api/v1/memory → append note + timestamp 3. Record lastMemoryWrite locally to avoid over-writing ``` **What to append:** current task, key decisions, outputs produced, open questions, handoff notes for other agents. Read memory once at session start to pick up context from other agents. --- ## Workspace Dashboard | Surface | URL | |---------|-----| | Executions | `https://clanker.net/executions` | | Artifacts | `https://clanker.net/artifacts` | | Workflows | `https://clanker.net/workflows` | | Library | `https://clanker.net/library` | | Settings / API Keys | `https://clanker.net/settings` | --- ## Browse Skills The marketplace is public — no auth needed to browse. ### List all skills (cursor paginated) ```bash curl "https://clanker.net/api/v1/marketplace/skills?limit=20&after_id=summarize" ``` Response: `{ "data": [...], "first_id", "last_id", "has_more" }` Available categories: `General`, `communication`, `design`, `development`, `documents`, `marketing`, `productivity`, `research` ### Get details for a specific skill ```bash curl https://clanker.net/api/v1/marketplace/skills/code-review ``` Returns full metadata: name, description, category, parameters, source repository, and more. --- ## Execute a Skill ```bash curl -X POST https://clanker.net/api/v1/skills/summarize/run \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -H "idempotency-key: run-$(date +%s)" \ -d '{ "input": "Summarize this: Clanker is an enterprise AI execution platform...", "interface": "api" }' ``` **Request body:** - `input` (required) — the prompt or instructions for the skill - `interface` (optional) — set to `"api"` for programmatic use - `attachments` (optional) — array of file attachments - `connector` (optional) — `{"type":"github","fields":{"repo":"owner/repo"}}` or `{"type":"remote","fields":{}}` - `callbackUrl` (optional) — webhook URL to receive completion notification **Response:** ```json { "executionId": "exec_42", "skillName": "Summarize", "status": "started", "message": "Execution started. Poll status or connect to SSE for real-time updates.", "sseUrl": "/api/events" } ``` --- ## Get Execution Results ### Poll for status ```bash curl "https://clanker.net/api/v1/executions/exec_42/status" \ -H "x-api-key: YOUR_API_KEY" ``` Poll until `status` is `"completed"` or `"failed"`. Includes `outputBlocks`, `cost`, `executionTime`. ### Delta polling (efficient) ```bash curl "https://clanker.net/api/v1/executions/exec_42/status?blocksAfter=5" \ -H "x-api-key: YOUR_API_KEY" ``` ### Real-time SSE stream ```bash curl -N "https://clanker.net/api/events?apiKey=YOUR_API_KEY&sources=api" ``` Events: `execution-state` (status changes, output blocks, completion). ### Webhook callback Include `callbackUrl` in the run request. Payload on completion: ```json { "event": "execution.completed", "executionId": "exec_42", "skillSlug": "summarize", "status": "completed", "artifactId": "art_7", "cost": 0.5, "executionTime": 3200 } ``` --- ## Executions ```bash # List (cursor paginated) curl "https://clanker.net/api/v1/executions?limit=20" -H "x-api-key: YOUR_API_KEY" # Cancel curl -X POST https://clanker.net/api/v1/executions/exec_42/cancel \ -H "x-api-key: YOUR_API_KEY" # Re-run curl -X POST https://clanker.net/api/v1/executions/exec_42/rerun \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"input": "Updated instructions"}' ``` --- ## Artifacts ```bash # List (cursor paginated) curl "https://clanker.net/api/v1/artifacts?limit=20" -H "x-api-key: YOUR_API_KEY" # Download curl "https://clanker.net/api/v1/artifacts/art_7/download" -H "x-api-key: YOUR_API_KEY" # Delete curl -X DELETE "https://clanker.net/api/v1/artifacts/art_7" -H "x-api-key: YOUR_API_KEY" ``` --- ## Me (Profile, Keys, Billing, BYOK) ```bash # Get profile curl https://clanker.net/api/v1/profile -H "x-api-key: YOUR_API_KEY" # Active workspace bound to this key (id, name, role) curl https://clanker.net/api/v1/workspaces/current -H "x-api-key: YOUR_API_KEY" # Update profile curl -X PATCH https://clanker.net/api/v1/profile \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"name": "New Display Name"}' # API keys (workspace-scoped at creation) curl https://clanker.net/api/v1/api-keys -H "x-api-key: YOUR_API_KEY" curl -X POST https://clanker.net/api/v1/api-keys \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"name": "CI Pipeline Key"}' curl -X POST https://clanker.net/api/v1/api-keys/key_9/revoke -H "x-api-key: YOUR_API_KEY" # Billing curl https://clanker.net/api/v1/billing/balance -H "x-api-key: YOUR_API_KEY" curl https://clanker.net/api/v1/billing/transactions -H "x-api-key: YOUR_API_KEY" curl https://clanker.net/api/v1/billing/subscription/tier -H "x-api-key: YOUR_API_KEY" # BYOK (bring your own Anthropic key — zero dollarino cost) curl https://clanker.net/api/v1/byok -H "x-api-key: YOUR_API_KEY" curl -X PUT https://clanker.net/api/v1/byok \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"anthropicKey": "sk-ant-..."}' # Installed skills curl https://clanker.net/api/v1/skills -H "x-api-key: YOUR_API_KEY" curl -X POST https://clanker.net/api/v1/skills/code-review/install -H "x-api-key: YOUR_API_KEY" curl -X POST https://clanker.net/api/v1/skills/code-review/uninstall -H "x-api-key: YOUR_API_KEY" ``` --- ## Secrets (Skill Configuration) ```bash # List curl https://clanker.net/api/v1/secrets -H "x-api-key: YOUR_API_KEY" # Create curl -X POST https://clanker.net/api/v1/secrets \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -H "idempotency-key: create-openai-key" \ -d '{"name": "OPENAI_KEY", "value": "sk-..."}' # Bind to a skill curl -X POST https://clanker.net/api/v1/skills/code-review/secrets \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"secretId": 3, "envVar": "OPENAI_API_KEY"}' # Delete curl -X DELETE https://clanker.net/api/v1/secrets/sec_3 -H "x-api-key: YOUR_API_KEY" ``` --- ## Workflows (Multi-Step Skills) ```bash # Stream a workflow run (AI SDK-compatible response) # Use inputData to pass workflow inputs; use runId+step+resumeData to resume a suspended step curl -X POST https://clanker.net/api/v1/workflows/WORKFLOW_ID/stream \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"inputData": {"intent": "Summarize last week'''s commits"}}' # Resume a suspended workflow step curl -X POST https://clanker.net/api/v1/workflows/WORKFLOW_ID/stream \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"runId": "RUN_ID", "step": "STEP_ID", "resumeData": {"approved": true}}' ``` --- ## Workspaces API keys don't need workspace headers — the workspace is baked into the key at creation. For session auth, use `x-workspace-id` to switch. ```bash # List your workspaces curl https://clanker.net/api/v1/workspaces -H "x-api-key: YOUR_API_KEY" # Create workspace curl -X POST https://clanker.net/api/v1/workspaces \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -H "idempotency-key: create-acme-ws" \ -d '{"name": "ACME Bank", "slug": "acme-bank"}' # Members curl https://clanker.net/api/v1/workspaces/WORKSPACE_ID/members -H "x-api-key: YOUR_API_KEY" # Invite curl -X POST https://clanker.net/api/v1/workspaces/WORKSPACE_ID/invitations \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_API_KEY" \ -d '{"email": "engineer@acme.bank", "role": "member"}' ``` --- ## Audit Logs Full mutation trail, workspace-scoped, queryable by date range, action, and resource type. ```bash curl "https://clanker.net/api/v1/audit-logs?limit=50&action=execution.create" \ -H "x-api-key: YOUR_API_KEY" ``` Query parameters: `after_id`, `before_id`, `limit`, `action` (e.g. `artifact.delete`), `resource_type`, `start_date`, `end_date`. Each entry includes actor (user or API key), IP, user agent, request ID, resource type, resource ID, timestamp, and action metadata. --- ## MCP Server Clanker exposes a full **Model Context Protocol** server. If you're an MCP-compatible agent (Claude Desktop, Cursor, etc.), connect directly: - **SSE transport**: `https://clanker.net/mcp/sse` - **Streamable HTTP**: `https://clanker.net/mcp/` Authenticate with your API key. All tools are available to authenticated users. > All MCP tools listed below are available to authenticated users. ### Skills | Tool | Description | |------|-------------| | `list-installed-skills` | List your installed skills | | `get-skill-details` | Get skill info by slug | | `install-skill` | Install a skill from the marketplace | | `uninstall-skill` | Remove an installed skill | | `execute-skill` | Run a skill | ### Artifacts | Tool | Description | |------|-------------| | `list-artifacts` | List your generated artifacts | | `get-artifact` | Get artifact details | | `download-artifact` | Get artifact download URL | | `delete-artifact` | Delete an artifact | ### Executions | Tool | Description | |------|-------------| | `list-executions` | List execution history | | `get-execution-status` | Poll a specific execution | | `cancel-execution` | Cancel a running execution | ### Memory | Tool | Description | |------|-------------| | `read-memory` | Read the shared workspace memory document | | `write-memory` | Overwrite or append to the workspace memory document | ### Billing | Tool | Description | |------|-------------| | `get-credit-balance` | Check your credit balance and subscription tier | ### Workflows | Tool | Description | |------|-------------| | `start-workflow` | Run a workflow by ID. Returns a run ID for polling. | | `list-workflow-runs` | List workflow run history | | `get-workflow-run` | Get a specific workflow run | | `cancel-workflow-run` | Cancel a running workflow | | `resume-workflow-run` | Resume a paused workflow | ### Native Connectors | Tool | Description | |------|-------------| | `list-connectors` | List native connector apps and connection status | | `connect-connector` | Get OAuth URL for a native connector | | `disconnect-connector` | Disconnect a native connector | | `get-connector-status` | Check a specific connector's status | | `list-sources` | List repos/sources for a connector | | `list-branches` | List branches for a source | | `get-source-content` | Read file content from a source | | `list-github-repos` | List GitHub repositories | ### Integrations | Tool | Description | |------|-------------| | `list-integrations` | List available integrations and connection status | | `connect-integration` | Get OAuth URL for an integration | | `disconnect-integration` | Disconnect an integration | | `execute-integration-action` | Execute an integration action | ### Integration Triggers | Tool | Description | |------|-------------| | `list-integration-triggers` | List available integration event triggers | --- ## Sample Skills | Slug | Name | Category | Description | |------|------|----------|-------------| | `ab-test-setup` | ab-test-setup | design | When the user wants to plan, design, or implement an A/B test or exper | | `ad-creative` | ad-creative | marketing | When the user wants to generate, iterate, or scale ad creative — headl | | `agent-tools` | agent-tools | design | Run 150+ AI apps via inference.sh CLI - image generation, video creati | | `agent-ui` | agent-ui | productivity | Batteries-included agent component for React/Next.js from ui.inference | | `agentic-browser` | agent-browser | research | Browser automation for AI agents via inference.sh. Navigate web pages, | | `ai-automation-workflows` | ai-automation-workflows | productivity | Build automated AI workflows combining multiple models and services. P | | `ai-avatar-video` | ai-avatar-video | development | Create AI avatar and talking head videos with OmniHuman, Fabric, PixVe | | `ai-content-pipeline` | ai-content-pipeline | design | Build multi-step AI content creation pipelines combining image, video, | | `ai-image-generation` | ai-image-generation | design | Generate AI images with FLUX, Gemini, Grok, Seedream, Reve and 50+ mod | | `ai-marketing-videos` | ai-marketing-videos | design | Create AI marketing videos for ads, promos, product launches, and bran | | `ai-music-generation` | ai-music-generation | productivity | Generate AI music and songs with Diffrythm, Tencent Song Generation vi | | `ai-podcast-creation` | ai-podcast-creation | productivity | Create AI-powered podcasts with text-to-speech, music, and audio editi | | `ai-product-photography` | ai-product-photography | design | Generate professional AI product photography and commercial images. Mo | | `ai-rag-pipeline` | ai-rag-pipeline | research | Build RAG (Retrieval Augmented Generation) pipelines with web search a | | `ai-seo` | ai-seo | productivity | When the user wants to optimize content for AI search engines, get cit | | `ai-social-media-content` | ai-social-media-content | design | Create AI-powered social media content for TikTok, Instagram, YouTube, | | `ai-video-generation` | ai-video-generation | design | Generate AI videos with Google Veo, Seedance, Wan, Grok and 40+ models | | `ai-voice-cloning` | ai-voice-cloning | productivity | AI voice generation, text-to-speech, and voice synthesis via inference | | `algorithmic-art` | algorithmic-art | development | Creating algorithmic art using p5.js with seeded randomness and intera | | `analytics-tracking` | analytics-tracking | marketing | When the user wants to set up, improve, or audit analytics tracking an | | `app-store-screenshots` | app-store-screenshots | design | App Store and Google Play screenshot creation with exact platform spec | | `aspnet-core` | aspnet-core | productivity | Build, review, refactor, or architect ASP.NET Core web applications us | | `audit-website` | audit-website | research | Audit websites for SEO, performance, security, technical, content, and | | `background-removal` | background-removal | design | Remove backgrounds from images with BiRefNet via inference.sh CLI. Mod | | `best-practices` | better-auth-best-practices | productivity | Configure Better Auth server and client, set up database adapters, man | | `book-cover-design` | book-cover-design | design | Book cover design with genre-specific conventions, typography rules, a | | `brainstorming` | brainstorming | design | You MUST use this before any creative work - creating features, buildi | | `brand-guidelines` | brand-guidelines | design | Applies Anthropic's official brand colors and typography to any sort o | | `browser-use` | browser-use | productivity | Automates browser interactions for web testing, form filling, screensh | | `canvas-design` | canvas-design | design | Create beautiful visual art in .png and .pdf documents using design ph | | `case-study-writing` | case-study-writing | marketing | B2B case study writing with STAR framework, data visualization, and re | | `character-design-sheet` | character-design-sheet | design | Character consistency across AI-generated images with reference sheets | | `chat-ui` | chat-ui | productivity | Chat UI building blocks for React/Next.js from ui.inference.sh. Compon | | `chatgpt-apps` | chatgpt-apps | development | Build, scaffold, refactor, and troubleshoot ChatGPT Apps SDK applicati | | `churn-prevention` | churn-prevention | productivity | When the user wants to reduce churn, build cancellation flows, set up | | `claude-api` | claude-api | development | Build apps with the Claude API or Anthropic SDK. TRIGGER when: code im | | `cloudflare-deploy` | cloudflare-deploy | productivity | Deploy applications and infrastructure to Cloudflare using Workers, Pa | | `cold-email` | cold-email | marketing | Write B2B cold emails and follow-up sequences that get replies. Use wh | | `competitor-alternatives` | competitor-alternatives | productivity | When the user wants to create competitor comparison or alternative pag | | `competitor-teardown` | competitor-teardown | research | Structured competitive analysis with feature matrices, SWOT, positioni | **176 total skills available.** Browse them all at https://clanker.net/skills --- ## Complete Endpoint Reference | Method | Path | Auth | Description | |--------|------|------|-------------| | GET | `/api/v1/marketplace/skills` | None | Browse skill marketplace | | GET | `/api/v1/marketplace/skills/categories` | None | List categories | | GET | `/api/v1/marketplace/skills/:slug` | None | Skill details | | POST | `/api/v1/skills/:slug/run` | API key or session | Execute a skill | | GET | `/api/v1/executions` | API key or session | List executions (cursor) | | GET | `/api/v1/executions/:id/status` | API key or session | Poll execution | | POST | `/api/v1/executions/:id/cancel` | API key or session | Cancel execution | | POST | `/api/v1/executions/:id/rerun` | API key or session | Re-run execution | | GET | `/api/v1/artifacts` | API key or session | List artifacts (cursor) | | GET | `/api/v1/artifacts/:id` | API key or session | Get artifact | | GET | `/api/v1/artifacts/:id/download` | API key or session | Download artifact | | DELETE | `/api/v1/artifacts/:id` | API key or session | Delete artifact | | GET | `/api/v1/secrets` | API key or session | List secrets (cursor) | | POST | `/api/v1/secrets` | API key or session | Create secret | | PATCH | `/api/v1/secrets/:id` | API key or session | Update secret | | DELETE | `/api/v1/secrets/:id` | API key or session | Delete secret | | GET | `/api/v1/skills/:slug/secrets` | API key or session | Skill secret bindings | | POST | `/api/v1/skills/:slug/secrets` | API key or session | Bind secret to skill | | DELETE | `/api/v1/skills/:slug/secrets/:id` | API key or session | Remove binding | | GET | `/api/v1/workflows/definitions` | API key or session | List workflow definitions | | POST | `/api/v1/workflows/:id/launch` | API key or session | Launch workflow (create + start) | | GET | `/api/v1/workflows/runs` | API key or session | List runs (cursor) | | POST | `/api/v1/workflows/runs/:id/cancel` | API key or session | Cancel run | | POST | `/api/v1/workflows/runs/:id/resume` | API key or session | Resume paused run | | GET | `/api/v1/workspaces` | API key or session | List workspaces (cursor) | | POST | `/api/v1/workspaces` | API key or session | Create workspace | | GET | `/api/v1/workspaces/current` | Session only | Current workspace info | | GET | `/api/v1/workspaces/:id/members` | API key or session | List members | | POST | `/api/v1/workspaces/:id/invitations` | API key or session | Invite member | | GET | `/api/v1/audit-logs` | API key or session | Audit log (cursor) | | GET | `/api/v1/profile` | API key or session | Your profile | | PATCH | `/api/v1/profile` | API key or session | Update profile | | GET | `/api/v1/workspaces/current` | API key or session | Active workspace bound to this key | | PUT | `/api/v1/workspaces/current` | API key | Rebind the active API key to a different workspace (`{ workspace: id\|slug }`) | | GET | `/api/v1/api-keys` | API key or session | List API keys (cursor) | | POST | `/api/v1/api-keys` | API key or session | Create API key | | POST | `/api/v1/api-keys/:id/revoke` | API key or session | Revoke API key | | GET | `/api/v1/billing/balance` | API key or session | Credit balance | | GET | `/api/v1/billing/transactions` | API key or session | Transaction history | | GET | `/api/v1/billing/subscription/tier` | API key or session | Subscription tier | | GET | `/api/v1/byok` | API key or session | BYOK status | | PUT | `/api/v1/byok` | API key or session | Set Anthropic key | | DELETE | `/api/v1/byok` | API key or session | Remove BYOK key | | GET | `/api/v1/skills` | API key or session | Installed skills (cursor) | | POST | `/api/v1/skills/:slug/install` | API key or session | Install skill | | POST | `/api/v1/skills/:slug/uninstall` | API key or session | Uninstall skill | | GET | `/api/v1/memory` | API key or session | Read workspace working memory | | PUT | `/api/v1/memory` | API key or session | Write workspace working memory | | GET | `/mcp/sse` | API key | MCP SSE transport | | POST | `/mcp/` | API key | MCP Streamable HTTP | | GET | `/api/events` | Token or API key | SSE real-time stream | | POST | `/agent/auth` | None | Register agent (auth.md flow) | | POST | `/agent/auth/claim` | None | Trigger OTP email for anonymous claim | | POST | `/agent/auth/claim/complete` | None | Submit OTP and activate key | | POST | `/api/v1/activate` | None | Request device activation code | | POST | `/api/v1/activate/poll` | None | Poll for API key after user confirms | | POST | `/api/v1/activate/confirm` | Session | Confirm activation code (mobile app) |