Reference
REST API Reference
The Open Astra gateway exposes a REST API for managing agents, sessions, memory, workspaces, and more. All endpoints require a JWT bearer token except where noted.
Correlation IDs
Every response includes an X-Request-ID header. The gateway reads an incoming X-Request-ID if present, or generates a UUID if none is provided. The same ID is attached to every structured log entry for that request, making it easy to trace a request end-to-end across logs. Attach this header when calling the API from your own code to correlate client-side and server-side logs.
Authentication
Most endpoints require a JWT bearer token obtained via /auth/login. Admin and diagnostic endpoints use an API key sent via the x-api-key header.
# Get a JWT token
curl -X POST http://localhost:3000/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "..."}'
# Use the token for all authenticated requests
curl -H "Authorization: Bearer ${JWT_TOKEN}" http://localhost:3000/agents
Auth
| Method | Path | Auth | Description |
|---|
| POST | /auth/register | None | Create a new user account |
| POST | /auth/login | None | Authenticate and receive access + refresh tokens |
| POST | /auth/refresh | None | Rotate refresh token, issue new token pair |
| POST | /auth/logout | JWT | Revoke all refresh tokens for the user |
Chat
All chat endpoints return 404 if the agentId does not exist, and 403 if the agent exists but is not available to the requesting workspace (see Agent Grants).
| Method | Path | Description |
|---|
| POST | /agent/chat | Send a message, receive a complete response (idempotency supported) |
| POST | /agent/chat/stream | Send a message, receive a Server-Sent Events stream |
| POST | /agent/reset | Manually reset the current user session |
| GET | /agent/presence | Get active agent states |
| GET | /agent/health | Agent health check |
Agents
| Method | Path | Description |
|---|
| POST | /agents | Create a new agent config |
| GET | /agents | List all agents in the workspace |
| GET | /agents/:id | Get agent details |
| PUT | /agents/:id | Update agent config |
| DELETE | /agents/:id | Delete an agent |
| GET | /agents/:id/capabilities | Get resolved tool set, active skills, spawn config, and model config for an agent |
Sessions
| Method | Path | Description |
|---|
| GET | /sessions | List sessions (supports pagination and status filter) |
| GET | /sessions/:id | Get session details and message history |
| GET | /sessions/search/messages | Full-text search across all session messages |
| POST | /sessions/:id/handoff | Transfer an active session to a different agent; inserts a system handoff marker and switches all future turns to the target agent |
Memory
| Method | Path | Description |
|---|
| GET | /memory/search | Vector search across all memory tiers |
| GET | /memory/profile | Get the current user profile (Tier 3) |
| PUT | /memory/profile | Update user profile fields |
| GET | /memory/daily | Fetch recent daily memory entries |
| GET | /memory/daily/:date | Get a specific day's memory |
| DELETE | /memory/daily/:date/:entryIndex | Delete a daily memory entry |
| POST | /memory/notes | Add a strategic note |
| DELETE | /memory/notes/:index | Remove a note by index |
Workspaces
| Method | Path | Description |
|---|
| POST | /workspaces | Create a new workspace |
| GET | /workspaces | List workspaces the user has access to |
| GET | /workspaces/:id | Get workspace details (membership check) |
| PUT | /workspaces/:id/settings | Update workspace settings (owner/admin only) |
| POST | /workspaces/:id/members | Add a member to the workspace |
| DELETE | /workspaces/:id/members/:uid | Remove a member from the workspace |
| GET | /workspaces/:id/stats | Usage dashboard: session counts, token/cost totals, top 5 agents, top 5 tools, active users. Accepts ?days= window (default 30, max 365) |
| PUT | /workspaces/:id/restrictions | Set allowed providers and models for the workspace (owner/admin only). Pass null to remove restrictions |
| POST | /workspaces/:id/grants | Grant another workspace access to one of this workspace's agents (owner/admin only) |
| DELETE | /workspaces/:id/grants | Revoke a cross-workspace agent grant (owner/admin only) |
Webhooks
| Method | Path | Description |
|---|
| POST | /webhooks | Create a webhook |
| GET | /webhooks | List all webhooks (secrets stripped) |
| GET | /webhooks/:id | Get webhook details |
| PUT | /webhooks/:id | Update a webhook |
| DELETE | /webhooks/:id | Delete a webhook |
| GET | /webhooks/:id/deliveries | View delivery history |
| POST | /webhooks/:id/test | Send a test dispatch |
Heartbeat
Heartbeat configs let agents monitor external sources (RSS, HTTP) on a schedule.
| Method | Path | Description |
|---|
| GET | /heartbeat | List heartbeat configs |
| POST | /heartbeat | Create a heartbeat config (rss or http) |
| GET | /heartbeat/:id/runs | Paginated run history |
| PATCH | /heartbeat/:id | Enable or disable a config |
| DELETE | /heartbeat/:id | Delete a heartbeat config |
Skills
| Method | Path | Auth | Description |
|---|
| GET | /skills | None | List all skills with tool counts |
| GET | /skills/:id | None | Get skill detail and prompt context |
| GET | /skills/cache/stats | None | Cache statistics |
| POST | /skills/cache/clear | None | Clear skill cache (optional ?tool=) |
Cost Dashboard
| Method | Path | Description |
|---|
| GET | /costs | Workspace cost summary |
| GET | /costs/breakdown | Detailed cost breakdown with date range filter |
Autonomous Execution
Execute agent tasks programmatically. Requires API key authentication via x-api-key header.
| Method | Path | Description |
|---|
| POST | /autonomous/run | Execute a single agent task |
| POST | /autonomous/batch | Execute an agent task across multiple users |
Onboarding
| Method | Path | Description |
|---|
| POST | /onboarding/setup | Create a workspace and agents in one call |
Admin
Admin endpoints require API key authentication via x-api-key header.
| Method | Path | Description |
|---|
| GET | /admin/health | Server health (memory, uptime, sessions) |
| GET | /admin/agents | List all agent configs across workspaces |
| GET | /admin/usage/:uid | Token usage for a specific user |
| GET | /admin/sessions/:uid | Active sessions for a user |
| GET | /admin/audit/:uid | Audit log (last 50 entries) |
Diagnostics
Diagnostics endpoints require API key authentication via x-api-key header.
| Method | Path | Description |
|---|
| GET | /diagnostics | Full diagnostic run (12 checks across 6 categories) |
| GET | /diagnostics/quick | Quick connectivity checks only |
| GET | /diagnostics/history | Last 10 diagnostic runs |
System
| Method | Path | Auth | Description |
|---|
| GET | /health | None | Deep health check (Typesense, Postgres, WebSocket) |
| GET | /readiness | None | Kubernetes readiness probe |
| GET | /metrics | None | Operational metrics (sessions, messages, billing) |
WebSocket API
Connect to ws://localhost:3000/ws with a JWT bearer token. Rate limit: 30 requests per 60 seconds per user. Max 1 active agent request per socket.
const ws = new WebSocket("ws://localhost:3000/ws", {
headers: { Authorization: "Bearer " + token }
})
// Send a message
ws.send(JSON.stringify({
type: "message",
agentId: "research-agent",
message: "Summarize the latest findings",
surface: "api"
}))
// Receive streaming chunks
ws.onmessage = (event) => {
const frame = JSON.parse(event.data)
// frame.type: session_resolved | stream_chunk | tool_call
// | tool_result | stream_done | error | pong
}
Inbound frames
| Type | Description |
|---|
message | Send a message to an agent (agentId, message, surface) |
ping | Keepalive ping |
Outbound frames
| Type | Description |
|---|
session_resolved | Session ID assigned after first message |
stream_chunk | Token delta during streaming |
tool_call | Tool invocation start |
tool_result | Tool execution result |
stream_done | Completion with full content and token usage |
error | Error frame |
pong | Keepalive response |