API Reference

Studio configuration endpoints require an authenticated owner session. The public endpoints below are used by the widget and the docs sandbox.

Public endpoints

Bootstrap a chat

GET /api/public/chat/:shareToken
X-User-Auth-Token: <user identity token>   (optional)

Returns the agent, conversation, prior messages, and an auth summary { status, method? } — never identity PII.

Verify a token (sandbox)

POST /api/public/sandbox/verify
Content-Type: application/json

{ "method": "jwt" | "signed_token", "token": "…", "config": { … }, "secret": "…" }

Verifies a token without persisting anything. Returns { ok, context } or { ok: false, error }. Method C is not available here.

Revoke a session

POST /api/public/sessions/revoke
Authorization: Bearer bpk_…

{ "agentId": "agt_…", "sessionId": "sess_…" }   // or { "agentId", "userId" }

Authentication config (owner)

GET    /api/agents/:agentId/auth
PUT    /api/agents/:agentId/auth          { method, config, secrets }
DELETE /api/agents/:agentId/auth/secrets/:kind
POST   /api/agents/:agentId/auth/test     { token }
GET    /api/agents/:agentId/auth/status
GET    /api/agents/:agentId/auth/api-keys
POST   /api/agents/:agentId/auth/api-keys { label? }
DELETE /api/agents/:agentId/auth/api-keys/:keyId

Business API tool (owner)

GET    /api/agents/:agentId/business-api
PUT    /api/agents/:agentId/business-api      { enabled, config, secrets }
POST   /api/agents/:agentId/business-api/import   { spec }
POST   /api/agents/:agentId/business-api/operations
PUT    /api/agents/:agentId/business-api/operations/:operationId
DELETE /api/agents/:agentId/business-api/operations/:operationId
POST   /api/agents/:agentId/business-api/test  { operationId, args, userContext }
GET    /api/agents/:agentId/business-api/logs