API Reference Overview
This guide provides a comprehensive overview of the Maitento REST API, covering authentication, all available endpoints organized by domain, common patterns, and detailed usage information for each API category.
Table of Contents
- API Overview
- Authentication
- Common Patterns
- Authentication Endpoints
- User Management
- Tenant and Namespace Management
- File System Operations
- Build and Deploy Operations
- Process Management
- Invitations
- Quick Reference Tables
API Overview
The Maitento API is a RESTful HTTP API that provides programmatic access to all platform capabilities. The API uses JSON for request and response bodies and follows standard HTTP conventions for methods, status codes, and headers.
Base URL
All API endpoints are accessed relative to your Maitento instance base URL:
https://api.maitento.com
Request Format
- Content-Type:
application/jsonfor most endpoints - Character Encoding: UTF-8
- Date/Time Format: ISO 8601 (e.g.,
2024-01-15T10:30:00Z) - Identifiers: GUIDs (UUIDs) in standard format (e.g.,
550e8400-e29b-41d4-a716-446655440000)
HTTP Methods
| Method | Usage |
|---|---|
GET | Retrieve resources |
POST | Create resources or trigger actions |
PUT | Create or update resources (idempotent) |
DELETE | Remove resources |
Authentication
Maitento supports two authentication mechanisms to accommodate different use cases.
JWT Bearer Authentication
JWT tokens are issued upon successful login and are ideal for web applications and interactive sessions.
Header Format:
Authorization: Bearer <jwt-token>
Token Characteristics:
- Algorithm: RSA SHA256 with X509 certificate signing
- Default lifetime: 24 hours (86400 seconds)
- Clock skew tolerance: 2 minutes
- Recommended refresh: At 80% of token lifetime
JWT Claims:
| Claim | Type | Description |
|---|---|---|
name | string | User display name |
upn | string | User email address |
role | string[] | User roles (may have multiple) |
tenId | GUID | Tenant identifier |
oid | GUID | User object identifier |
interactionProcessId | GUID | Process context (optional) |
interactionId | GUID | Interaction context (optional) |
agentId | GUID | Agent context (optional) |
API Key Authentication
API keys provide persistent authentication for programmatic access without requiring interactive login. Ideal for CI/CD pipelines, integrations, and scripts.
Header Format:
Authorization: ApiKey <ClientId> <ClientSecret>
Where:
ClientIdis a GUID (user identifier)ClientSecretis the secret generated when creating the API key
Key Characteristics:
- Can have optional expiration dates
- Must be explicitly enabled
- Stored as SHA256 hash (secrets cannot be retrieved after creation)
Roles
| Role | Description |
|---|---|
Tenant.Admin | Full administrative access within a tenant |
Tenant.User | Standard user access |
Tenant.FileIngestion | File upload and ingestion permissions |
Tenant.VectorGeneration | Vector embeddings generation permissions |
Tenant.Document.ChunkGeneration | Document chunking permissions |
Common Patterns
Standard Response Codes
| Status Code | Description |
|---|---|
200 OK | Request succeeded |
204 No Content | Request succeeded, no content returned |
400 Bad Request | Invalid request parameters or body |
401 Unauthorized | Authentication required or invalid |
403 Forbidden | Authenticated but not authorized |
404 Not Found | Resource not found |
500 Internal Server Error | Server-side error |
Error Response Format
Validation Errors (400 Bad Request):
{
"validationFailures": [
{
"memberName": "fieldName",
"message": "Human-readable error message",
"errorCode": "machine-readable-code"
}
]
}
Standard HTTP Errors:
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
"title": "Error Title",
"status": 400
}
Resource Addressing
Many resources support multiple addressing schemes:
By ID:
/resource/by-id/{id}
By Name (within namespace):
/namespaces/{namespaceName}/resource/by-name/{name}
Namespace-Qualified References
Resources can be referenced using namespace-qualified names:
resourceName@namespaceName
For example:
my-agent@production- References the agent “my-agent” in the “production” namespaceconfig-file@development- References the file “config-file” in the “development” namespace
Authentication Endpoints
Login
Authenticates a user with email and password credentials.
Endpoint: PUT /auth
Authentication: None required (public endpoint)
Request:
PUT /auth HTTP/1.1
Content-Type: application/json
{
"emailAddress": "user@example.com",
"password": "MySecureP@ssw0rd!"
}
Response:
{
"authenticationToken": {
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires": "2024-01-15T14:30:00Z"
},
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "660e8400-e29b-41d4-a716-446655440001",
"dateCreated": "2023-06-01T10:00:00Z",
"dateUpdated": "2024-01-14T14:30:00Z",
"name": "John Doe",
"emailAddress": "user@example.com",
"isEnabled": true,
"roles": ["Tenant.User"]
},
"tenantName": "Acme Corporation"
}
Renew Token
Refreshes an existing valid JWT token.
Endpoint: GET /auth/renew
Authentication: Required (Bearer only)
Request:
GET /auth/renew HTTP/1.1
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
Response: Same as Login response with new token and extended expiration.
Token Refresh Best Practices
const tokenLifetimeMs = 24 * 60 * 60 * 1000; // 24 hours
const refreshThreshold = 0.8; // 80%
function shouldRefreshToken(tokenExpires) {
const now = Date.now();
const expiresAt = new Date(tokenExpires).getTime();
const timeRemaining = expiresAt - now;
return timeRemaining < (tokenLifetimeMs * (1 - refreshThreshold));
}
User Management
User Registration
Register a new user account using an invitation.
Endpoint: POST /users/register
Authentication: None required (public endpoint)
Request:
{
"acceptTermsAndConditions": true,
"inviteId": "aa0e8400-e29b-41d4-a716-446655440005",
"userName": "Jane Smith",
"emailAddress": "jane.smith@example.com",
"password": "Str0ngP@ssword!"
}
Password Requirements:
- Option 1: 8-15 characters with at least one lowercase, one uppercase, one digit, and one special character
- Option 2: 20+ characters as a passphrase (at least 4 words separated by spaces)
Email Verification
Verify a user’s email address after registration.
Endpoint: POST /users/self/verify-email-address
Request:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"activationKey": "verify-key-abc123"
}
Password Management
Initiate Password Reset:
PUT /users/self/password-reset
Content-Type: application/json
{
"emailAddress": "user@example.com"
}
Complete Password Reset:
POST /users/self/password-reset
Content-Type: application/json
{
"emailAddress": "user@example.com",
"resetKey": "abc123-reset-key-xyz789",
"password": "NewP@ssw0rd!"
}
Change Password (Authenticated):
PUT /users/self/password
Authorization: Bearer <token>
Content-Type: application/json
{
"existingPassword": "OldP@ssw0rd!",
"newPassword": "NewP@ssw0rd!"
}
API Key Management
List API Keys:
GET /users/self/api-keys
Authorization: Bearer <token>
Create API Key:
POST /users/self/api-keys
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "CI/CD Pipeline Key",
"dateExpires": "2025-12-31T23:59:59Z"
}
Response:
{
"id": "990e8400-e29b-41d4-a716-446655440004",
"secret": "maitento_sk_live_abc123xyz789..."
}
Important: The
secretvalue is only returned at creation time. Store it securely.
Delete API Key:
DELETE /users/self/api-keys/by-id/{id}
Authorization: Bearer <token>
User Administration (Admin Only)
List All Users:
GET /users
Authorization: Bearer <token>
Update User:
PUT /users/by-id/{id}
Authorization: Bearer <token>
Content-Type: application/json
{
"isAdmin": true,
"isEnabled": true
}
Tenant and Namespace Management
Tenant Registration
Register a new tenant and create an admin user account.
Endpoint: POST /tenants/register
Authentication: None required (public endpoint)
Request:
{
"acceptTermsAndConditions": true,
"code": "INVITE2024ABC",
"userName": "johndoe",
"companyName": "Acme Corporation",
"emailAddress": "john.doe@acme.com",
"password": "SecureP@ss123"
}
Response:
{
"userId": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
}
Upon successful registration:
- A new tenant is created
- An admin user is created with the
Tenant.Adminrole - A verification email is sent
- A new invitation code is generated (with 10 uses)
Namespace Management
Namespaces are logical containers for organizing and isolating resources within a tenant.
List All Namespaces:
GET /namespaces
Authorization: Bearer <token>
Get Namespace by ID:
GET /namespaces/by-id/{id}
Authorization: Bearer <token>
Get Namespace by Name:
GET /namespaces/by-name/{name}
Authorization: Bearer <token>
Create Namespace:
POST /namespaces
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "production"
}
Name Validation Rules:
- Minimum length: 1 character
- Maximum length: 128 characters
- Allowed characters:
a-z,A-Z,0-9,_,-,. - Forbidden characters:
@(reserved for namespace-qualified references) - Forbidden patterns:
..,/,\(path traversal prevention)
Update Namespace:
PUT /namespaces/by-id/{id}
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "production-v2"
}
Partitions
Partitions provide logical groupings for organizing ingested files and documents for vector search and RAG operations.
List All Partitions:
GET /partitions
Authorization: Bearer <token>
Get Partition by ID:
GET /partitions/by-id/{id}
Authorization: Bearer <token>
Create Partition:
PUT /partitions
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "Engineering Documentation"
}
Delete Partition (Admin only):
DELETE /partitions/by-id/{id}
Authorization: Bearer <token>
Secrets Management
Secrets are secure key-value pairs for storing sensitive configuration data.
List All Secrets:
GET /secrets
Authorization: Bearer <token>
Create Secret:
POST /secrets
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "DATABASE_CONNECTION_STRING",
"value": "Server=myserver;Database=mydb;..."
}
Get Secret Value:
GET /secrets/by-name/{name}/value
Authorization: Bearer <token>
Security Note: This endpoint returns the secret value in plain text. Use with caution.
Update Secret:
PUT /secrets/by-id/{id}
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "DATABASE_CONNECTION_STRING",
"value": "Server=newserver;Database=newdb;..."
}
Delete Secret:
DELETE /secrets/by-id/{id}
Authorization: Bearer <token>
File System Operations
Virtual File System (VFS)
The VFS provides a managed, tenant-isolated file storage system with support for files, directories, and advanced operations.
VFS Management
List All VFS (Tenant-Wide):
GET /vfs
Authorization: Bearer <token>
List VFS in Namespace:
GET /namespaces/{namespaceName}/vfs
Authorization: Bearer <token>
Create VFS:
POST /namespaces/{namespaceName}/vfs
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "project-files"
}
Get VFS by ID:
GET /vfs/by-id/{id}
Authorization: Bearer <token>
Delete VFS:
DELETE /vfs/by-id/{id}
Authorization: Bearer <token>
Directory Operations
Create Directory:
PUT /vfs/by-id/{id}/directories?path=/src/components
Authorization: Bearer <token>
List Directory Contents:
GET /vfs/by-id/{id}/directories/contents?path=/src
Authorization: Bearer <token>
Check Directory Exists:
GET /vfs/by-id/{id}/directories/exists?path=/src/components
Authorization: Bearer <token>
Delete Directory:
DELETE /vfs/by-id/{id}/directories?path=/src/old&recursive=true
Authorization: Bearer <token>
File Operations
Check File Exists:
GET /vfs/by-id/{id}/files/exists?path=/src/index.ts
Authorization: Bearer <token>
Read File as Text:
GET /vfs/by-id/{id}/files/contents/text?path=/src/index.ts
Authorization: Bearer <token>
Read File as Lines:
GET /vfs/by-id/{id}/files/contents/lines?path=/src/index.ts
Authorization: Bearer <token>
Write Text to File:
PUT /vfs/by-id/{id}/files/write/text?path=/src/index.ts
Authorization: Bearer <token>
Content-Type: application/json
{
"content": "import { App } from './app';\n\nconst app = new App();\napp.start();\n"
}
Append Text to File:
PUT /vfs/by-id/{id}/files/append/text?path=/logs/app.log
Authorization: Bearer <token>
Content-Type: application/json
{
"content": "[2024-01-16T14:30:00Z] INFO: Application started\n"
}
Delete File:
DELETE /vfs/by-id/{id}/files?path=/src/old-file.ts
Authorization: Bearer <token>
Copy and Move Operations
Copy File or Directory:
PUT /vfs/by-id/{id}/copy?path=/src/index.ts&destination=/backup/index.ts
Authorization: Bearer <token>
Move File or Directory:
POST /vfs/by-id/{id}/move?path=/src/old-name.ts&destination=/src/new-name.ts
Authorization: Bearer <token>
Search and Navigation
Find Files:
POST /vfs/by-id/{id}/find
Authorization: Bearer <token>
Content-Type: application/json
{
"pattern": "**/*.ts",
"grep": "import.*React",
"grepMode": "regex",
"ignoreCase": true,
"maxResults": 50
}
Supported Glob Patterns:
*- Matches any characters except path separator**- Matches any characters including path separator (recursive)?- Matches any single character[abc]- Matches any character in brackets{a,b}- Matches any of the comma-separated patterns
Tree View:
POST /vfs/by-id/{id}/tree
Authorization: Bearer <token>
Content-Type: application/json
{
"path": "/src",
"maxDepth": 3,
"includeFiles": true
}
Edit Operations
Edit File (Find/Replace):
POST /vfs/by-id/{id}/files/edit
Authorization: Bearer <token>
Content-Type: application/json
{
"path": "/src/config.ts",
"operations": [
{
"type": "replace",
"find": "localhost:3000",
"replace": "api.example.com",
"replaceAll": true
}
]
}
Edit File (Replace Lines):
{
"path": "/src/app.ts",
"operations": [
{
"type": "replaceLines",
"startLine": 10,
"endLine": 15,
"content": "// New implementation\nfunction init() {\n console.log('Initialized');\n}\n"
}
]
}
Edit File (Insert After Line):
{
"path": "/src/index.ts",
"operations": [
{
"type": "insertAfter",
"insertAfterLine": 0,
"content": "// Copyright 2024 Example Corp\n"
}
]
}
Batch Edit (Multiple Files):
POST /vfs/by-id/{id}/batch/edit
Authorization: Bearer <token>
Content-Type: application/json
{
"edits": [
{
"path": "/src/config.ts",
"operations": [
{
"type": "replace",
"find": "development",
"replace": "production",
"replaceAll": true
}
]
},
{
"path": "/src/constants.ts",
"operations": [
{
"type": "replace",
"find": "DEBUG = true",
"replace": "DEBUG = false"
}
]
}
],
"atomic": true
}
Batch Read (Multiple Files):
POST /vfs/by-id/{id}/batch/read
Authorization: Bearer <token>
Content-Type: application/json
{
"paths": [
"/src/index.ts",
"/src/app.ts",
"/package.json"
],
"maxLinesPerFile": 100
}
File Ingestion and RAG
The Files API provides file upload/ingestion and RAG capabilities including vector embeddings and semantic search.
File Upload
Upload File to Partition:
PUT /files/partitions/{partitionId}
Authorization: Bearer <token>
Content-Type: multipart/form-data
<file binary content>
Supported File Types:
- Documents:
.docx,.pdf,.pptx,.xlsx - Text:
.txt,.md,.html,.csv,.json,.xml - Images:
.jpg,.jpeg,.png,.gif,.bmp,.webp
File Retrieval
Get File by Checksum:
GET /files/by-checksum/{checksum}
Authorization: Bearer <token>
Download File:
GET /files/by-id/{id}
Authorization: Bearer <token>
Get File Details:
GET /files/by-id/{id}/details
Authorization: Bearer <token>
Get Extracted Text:
GET /files/by-id/{id}/text
Authorization: Bearer <token>
Vector Embeddings and RAG
Generate Embeddings:
PUT /files/embeddings/generate
Authorization: Bearer <token>
Content-Type: application/json
{
"text": "How do I configure the product for production use?"
}
Search Embeddings (RAG Search):
PUT /files/embeddings/search
Authorization: Bearer <token>
Content-Type: application/json
{
"query": "How do I install the product on Windows?",
"partitionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
Response:
[
{
"id": "f1e2d3c4-b5a6-9087-6543-210fedcba987",
"name": "installation-guide.pdf",
"contentType": "application/pdf",
"size": 524288,
"type": "Pdf",
"text": "Windows Installation\n\nStep 1: Download the installer...",
"score": 0.892
}
]
Generate Chunks:
PUT /files/chunks-generate
Authorization: Bearer <token>
Content-Type: application/json
{
"text": "Long document text to be chunked..."
}
Build and Deploy Operations
The Build API provides a unified endpoint for compiling, validating, and deploying Maitento resources.
Build Resources
Endpoint: PUT /namespaces/{namespaceName}/build
Request Structure:
{
"isDeploy": true,
"agents": [
{
"name": "customer-support-agent",
"filename": "customer-support.agent",
"lines": ["agent CustomerSupport { ... }"]
}
],
"capsules": [],
"connectors": {
"openApi": [],
"modelContextProtocol": []
},
"externalOperations": {
"openApi": [],
"modelContextProtocol": []
},
"interactions": {
"oneShot": [],
"roundRobin": [],
"managed": [],
"routed": []
},
"apps": [
{
"name": "my-app",
"metadata": {
"filename": "app.meta",
"lines": ["..."]
},
"code": [
{
"filename": "main.cog",
"lines": ["..."]
}
]
}
],
"resourceFiles": {
"prompts": [
{
"name": "prompts/customer-support.txt",
"content": "You are a helpful customer support agent..."
}
],
"json": []
}
}
Response:
{
"isSuccess": true,
"isDeployed": true,
"log": [
{
"text": "Compiling agent 'customer-support-agent'",
"date": "2024-03-15T10:30:00.123Z",
"logLevel": "Info",
"filename": "customer-support.agent",
"lineNumber": null,
"character": null
}
],
"agents": [
{
"mode": "Created",
"entity": { /* Agent object */ }
}
],
"capsules": [],
"connectors": { "openApi": [], "modelContextProtocol": [] },
"externalOperations": { "openApi": [], "modelContextProtocol": [] },
"interactions": { "roundRobin": [], "oneShot": [], "routed": [], "managed": [] },
"apps": []
}
Build Entity Modes:
Created- A new entity was createdUpdated- An existing entity was updatedUnchanged- No changes detected
Log Levels:
Debug- Diagnostic informationInfo- Build progress informationWarning- Non-fatal issuesError- Fatal errors (causesisSuccess: false)
Validation-Only Build
Set isDeploy: false to validate resources without deploying:
{
"isDeploy": false,
"agents": [...],
...
}
Process Management
Kill Process
Terminates a running process immediately.
Endpoint: POST /processes/{processType}/{processId}/kill
Process Types:
App- Application execution processInteraction- Conversational AI interaction processCodeGeneration- AI code generation processCapsule- Capsule execution process
Request:
POST /processes/App/a1b2c3d4-e5f6-7890-abcd-ef1234567890/kill
Authorization: Bearer <token>
Response: 204 No Content
Process Status Reference:
| Status | Description | Can Be Killed |
|---|---|---|
New | Process created but not started | Yes |
Running | Process actively executing | Yes |
HumanInteractionRequired | Waiting for human input | Yes |
Paused | Temporarily paused | Yes |
Finished | Completed successfully | No |
Error | Terminated due to error | No |
Killed | Terminated by user request | No |
Invitations
Invitation Codes
List Invitation Codes:
GET /invitations/codes
Authorization: Bearer <token>
Response:
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "660e8400-e29b-41d4-a716-446655440001",
"userCreatedById": "770e8400-e29b-41d4-a716-446655440002",
"dateCreated": "2024-01-01T10:00:00Z",
"dateUpdated": "2024-01-10T15:30:00Z",
"code": "WELCOME2024",
"countOriginal": 10,
"countRemaining": 7
}
]
Invites
Send Invite:
POST /invitations/invites
Authorization: Bearer <token>
Content-Type: application/json
{
"invitationCodeId": "550e8400-e29b-41d4-a716-446655440000",
"emailAddress": "newuser@example.com",
"inviteToTenant": true
}
List Invites:
GET /invitations/invites
Authorization: Bearer <token>
Get Invite Summary (Public):
GET /invitations/invites/by-id/{id}/summary?emailAddress=newuser@example.com
Cancel Invite:
POST /invitations/invites/by-id/{id}/cancel
Authorization: Bearer <token>
Resend Invite Email:
POST /invitations/invites/by-id/{id}/resend-email
Authorization: Bearer <token>
Invite Status Values:
Unused- Sent but not yet redeemedCancelled- Cancelled by senderUsed- Redeemed by recipient
Quick Reference Tables
Authentication Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
PUT | /auth | No | Login with email/password |
GET | /auth/renew | Bearer | Refresh JWT token |
User Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST | /users/register | No | Register new user |
POST | /users/self/verify-email-address | No | Verify email |
PUT | /users/self/password-reset | No | Initiate password reset |
POST | /users/self/password-reset | No | Complete password reset |
PUT | /users/self/password | Bearer/ApiKey | Change password |
GET | /users/self/api-keys | Bearer | List API keys |
POST | /users/self/api-keys | Bearer | Create API key |
DELETE | /users/self/api-keys/by-id/{id} | Bearer | Delete API key |
GET | /users | Bearer/ApiKey | List all users (Admin) |
PUT | /users/by-id/{id} | Bearer/ApiKey | Update user (Admin) |
Tenant and Namespace Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST | /tenants/register | No | Register new tenant |
GET | /namespaces | Bearer/ApiKey | List namespaces |
GET | /namespaces/by-id/{id} | Bearer/ApiKey | Get namespace by ID |
GET | /namespaces/by-name/{name} | Bearer/ApiKey | Get namespace by name |
POST | /namespaces | Bearer/ApiKey | Create namespace |
PUT | /namespaces/by-id/{id} | Bearer/ApiKey | Update namespace |
Partition Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
GET | /partitions | Bearer/ApiKey | List partitions |
GET | /partitions/by-id/{id} | Bearer/ApiKey | Get partition |
PUT | /partitions | Bearer/ApiKey | Create partition |
DELETE | /partitions/by-id/{id} | Bearer/ApiKey | Delete partition (Admin) |
Secrets Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
GET | /secrets | Bearer/ApiKey | List secrets |
GET | /secrets/by-id/{id} | Bearer/ApiKey | Get secret by ID |
GET | /secrets/by-name/{name} | Bearer/ApiKey | Get secret by name |
GET | /secrets/by-name/{name}/value | Bearer/ApiKey | Get secret value |
POST | /secrets | Bearer/ApiKey | Create secret |
PUT | /secrets/by-id/{id} | Bearer/ApiKey | Update secret |
DELETE | /secrets/by-id/{id} | Bearer/ApiKey | Delete secret |
VFS Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
GET | /vfs | Bearer/ApiKey | List all VFS |
GET | /namespaces/{ns}/vfs | Bearer/ApiKey | List VFS in namespace |
POST | /namespaces/{ns}/vfs | Bearer/ApiKey | Create VFS |
GET | /vfs/by-id/{id} | Bearer/ApiKey | Get VFS by ID |
DELETE | /vfs/by-id/{id} | Bearer/ApiKey | Delete VFS |
PUT | /vfs/by-id/{id}/directories | Bearer/ApiKey | Create directory |
GET | /vfs/by-id/{id}/directories/contents | Bearer/ApiKey | List directory |
DELETE | /vfs/by-id/{id}/directories | Bearer/ApiKey | Delete directory |
GET | /vfs/by-id/{id}/files/contents/text | Bearer/ApiKey | Read file |
PUT | /vfs/by-id/{id}/files/write/text | Bearer/ApiKey | Write file |
DELETE | /vfs/by-id/{id}/files | Bearer/ApiKey | Delete file |
PUT | /vfs/by-id/{id}/copy | Bearer/ApiKey | Copy file/directory |
POST | /vfs/by-id/{id}/move | Bearer/ApiKey | Move file/directory |
POST | /vfs/by-id/{id}/find | Bearer/ApiKey | Search files |
POST | /vfs/by-id/{id}/tree | Bearer/ApiKey | Tree view |
POST | /vfs/by-id/{id}/files/edit | Bearer/ApiKey | Edit file |
POST | /vfs/by-id/{id}/batch/edit | Bearer/ApiKey | Batch edit |
POST | /vfs/by-id/{id}/batch/read | Bearer/ApiKey | Batch read |
Files Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
GET | /files/by-checksum/{checksum} | Bearer/ApiKey | Get file by checksum |
PUT | /files/partitions/{partitionId} | Bearer/ApiKey | Upload file |
DELETE | /files/by-id/{id} | Bearer/ApiKey | Delete file (Admin) |
GET | /files/by-id/{id} | Bearer/ApiKey | Download file |
GET | /files/by-id/{id}/details | Bearer/ApiKey | Get file details |
GET | /files/by-id/{id}/text | Bearer/ApiKey | Get extracted text |
PUT | /files/embeddings/generate | Bearer/ApiKey | Generate embeddings |
PUT | /files/embeddings/search | Bearer/ApiKey | Search embeddings |
PUT | /files/chunks-generate | Bearer/ApiKey | Generate chunks |
Build Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
PUT | /namespaces/{ns}/build | Bearer/ApiKey | Build and deploy resources |
Process Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST | /processes/{type}/{id}/kill | Bearer/ApiKey | Kill process |
Invitation Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
GET | /invitations/codes | Bearer/ApiKey | List invitation codes |
GET | /invitations/invites/by-id/{id}/summary | No | Get invite summary |
GET | /invitations/invites | Bearer/ApiKey | List invites |
POST | /invitations/invites | Bearer/ApiKey | Send invite |
POST | /invitations/invites/by-id/{id}/cancel | Bearer/ApiKey | Cancel invite |
POST | /invitations/invites/by-id/{id}/resend-email | Bearer/ApiKey | Resend invite |
Security Best Practices
- Token Storage: Store JWT tokens securely (HttpOnly cookies for web apps, secure storage for mobile)
- API Key Secrets: Store API key secrets securely; they cannot be retrieved after creation
- HTTPS: Always use HTTPS in production to protect credentials in transit
- Token Expiration: Implement proper token refresh logic to maintain sessions
- API Key Expiration: Consider setting expiration dates on API keys for security
- Secret Access: Use the value endpoint carefully; avoid logging secret values
- Role-Based Access: Assign minimum necessary roles to users and API keys