Base URL
All endpoints are rooted at/api. In production the API is served from https://app.doomberg.me/api. In local development it is served from http://localhost:8000/api.
Authentication
Two authentication modes are supported. See Auth overview for the full model.The
X-Tenant-Id dev header is only accepted when the server is running in development mode. In production it is ignored. Never rely on it for real traffic.Tenant isolation
Every authenticated request resolves to atenant_id. Every query is scoped by it. There is no unscoped read path. See Tenant isolation.
Response format
All successful responses are JSON with a200 or 201 status. List endpoints return an object with a plural key:
Error format
Errors are JSON with a consistent shape:Endpoint catalog
Auth
→ Auth endpoints
Sessions
→ Session endpoints
Runs
→ Run endpoints
Events & SSE
→ Events & SSE
Strategies
→ Strategy endpoints
Approvals
→ Approval endpoints
Providers
→ Provider endpoints
Triggers
→ Trigger endpoints
Related
- Auth overview — the two auth modes
- Scopes — the capability model
- Tenant isolation — the hard invariant