Skip to main content
Use these endpoint pages for complete contracts and interactive API playground usage.

Endpoint catalog

GET /health

Liveness + server version, no auth required.

POST /execute

Execute code and return the full result payload.

POST /execute/stream

Stream stdout/stderr/exit as Server-Sent Events.

GET /execute/ws

Stream execution over WebSocket with bidirectional messaging.

POST /file

Upload base64 content to a persistent session container.

GET /file

Download base64 content from a persistent session container.

GET /sessions

List all active persistent sessions.

DELETE /session/:id

Destroy a persistent session and release resources.

POST /cleanup

Trigger authenticated server-side cleanup for sessions, containers, and optional images.

Auth & key management

These endpoints require the master key and are only available when DB-backed auth is enabled (--auth-db).

POST /auth/keys

Create a new API key with optional tenant scoping and TTL.

GET /auth/keys

List all API keys, optionally filtered by tenant.

DELETE /auth/keys/:id

Revoke an API key by ID.

POST /auth/login

Exchange master key for a short-lived token.

Auth rules

  • GET /health is public.
  • All other endpoints require Authorization: Bearer <api-key>.
  • Auth endpoints (/auth/*) additionally require the master key.

Server overview

Architecture, defaults, and auto-pruning behavior.

Remote server and client

End-to-end remote usage with CLI and SDK.