REST API reference
The non-admin P4A REST API surface — endpoints, scopes, request and response shapes, reachable with a personal access token.
Overview
This is the interactive reference for the P4A REST API — every endpoint an external client or script can call with a personal access token. Each operation below lists its method, path, required scope, request body, and response shape, with an interactive playground for trying calls.
The same endpoints power the dashboard and the hosted MCP server, so the MCP catalog tools are thin wrappers over the policy endpoints documented here.
Authentication
Send your token as a Bearer credential on every request:
curl https://www.p4a.dev/api/policies \
-H "Authorization: Bearer p4a_xxxxxxxxxxxxxxxxxxxxxxxx"A token acts as you: requests are attributed to your account and scoped to what you can already access. See Personal access tokens to create and manage tokens.
Scopes
Each endpoint requires one scope, chosen by HTTP method:
api:read—GETrequests.api:write—POST,PATCH,PUT,DELETErequests.
A request whose token lacks the required scope is rejected with 403; a
missing, invalid, expired, or revoked token is rejected with 401.
Download the spec
The full OpenAPI 3.1 spec is available for import into Postman, Insomnia, or a code generator:
Policies
/api/policiesAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Query Parameters
Filter by policy category.
Free-text search over name and description (name and summary for source=mulesoft).
Which catalog to list. community (default) = user-submitted P4A
policies. mulesoft = MuleSoft out-of-the-box Omni/Flex Gateway
policies (read-only, MuleSoftPolicySummary items).
source=mulesoft only. Filter by enforcement leg — inbound
(incoming request, most policies) or outbound (upstream/response
leg, e.g. tls-outbound). Ignored for the community catalog.
Response Body
application/json
curl -X GET "https://example.com/api/policies"{
"policies": [
{
"id": "3f1c2b4a-1e2d-4c3b-9a8f-0d1e2f3a4b5c",
"name": "Rate limit",
"description": "Throttle requests per agent.",
"category": "Traffic management",
"status": "approved",
"liked": false,
"github_has_issues": true
}
]
}/api/policies/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"policy": {
"id": "3f1c2b4a-1e2d-4c3b-9a8f-0d1e2f3a4b5c",
"name": "Rate limit",
"description": "Throttle requests per agent.",
"category": "Traffic management",
"status": "approved",
"liked": false,
"github_has_issues": true
}
}{
"error": "Not authenticated"
}/api/policies/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
curl -X PATCH "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08" \ -H "Content-Type: application/json" \ -d '{}'{
"policy": {
"id": "3f1c2b4a-1e2d-4c3b-9a8f-0d1e2f3a4b5c",
"name": "Rate limit",
"description": "Throttle requests per agent.",
"category": "Traffic management",
"status": "approved",
"liked": false,
"github_has_issues": true
}
}{
"error": "Not authenticated"
}{
"error": "Not authenticated"
}/api/policies/{id}/branchesAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/branches"{}/api/policies/{id}/downloadAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/download"{
"ok": true
}/api/policies/{id}/historyAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Query Parameters
Response Body
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/history"{
"entries": [
{}
],
"nextCursor": "string"
}/api/policies/{id}/issues-enabledAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/issues-enabled"{
"enabled": true
}{
"error": "Not authenticated"
}/api/policies/{id}/likeAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/like"{
"liked": true
}/api/policies/{id}/likeAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/like"{
"liked": true
}/api/policies/{id}/orgsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Query Parameters
Response Body
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/orgs?connectionId=497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"orgs": [
{
"id": "string",
"name": "string",
"isPrimary": true,
"fullPath": "string"
}
]
}/api/policies/{id}/reviewers/meAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/reviewers/me"{
"isReviewer": true
}/api/policies/{id}/revisionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/revisions"{
"revisions": [
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"policy_id": "ee9b03e0-6495-427a-85a5-34444d24ae04",
"field": "description",
"proposed_value": "string",
"previous_value": "string",
"status": "pending",
"feedback": "string",
"submitted_at": "2019-08-24T14:15:22Z",
"reviewed_at": "2019-08-24T14:15:22Z"
}
]
}/api/policies/{id}/revisionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/revisions" \ -H "Content-Type: application/json" \ -d '{ "field": "description", "value": "stringstri" }'{
"revision": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"policy_id": "ee9b03e0-6495-427a-85a5-34444d24ae04",
"field": "description",
"proposed_value": "string",
"previous_value": "string",
"status": "pending",
"feedback": "string",
"submitted_at": "2019-08-24T14:15:22Z",
"reviewed_at": "2019-08-24T14:15:22Z"
},
"policy_name": "string"
}{
"error": "Not authenticated"
}{
"error": "Not authenticated"
}{
"error": "Not authenticated"
}{
"error": "Not authenticated"
}Submissions
/api/submissionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Response Body
application/json
curl -X GET "https://example.com/api/submissions"{
"submissions": [
{
"id": "a1b2c3d4-5e6f-7081-92a3-b4c5d6e7f809",
"name": "Rate limit",
"description": "Throttle requests per agent based on a token bucket.",
"status": "pending",
"githubUrl": "https://github.com/acme/rate-limit-policy"
}
]
}/api/submissionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/api/submissions" \ -H "Content-Type: application/json" \ -d '{ "projectType": "unified", "name": "Rate limit", "description": "Throttle requests per agent based on a token bucket algorithm.", "githubUrl": "https://github.com/acme/rate-limit-policy", "category": "Traffic management" }'{
"submission": {
"id": "a1b2c3d4-5e6f-7081-92a3-b4c5d6e7f809",
"name": "Rate limit",
"description": "Throttle requests per agent based on a token bucket.",
"status": "pending",
"githubUrl": "https://github.com/acme/rate-limit-policy"
},
"validation": {}
}{
"error": "Not authenticated"
}/api/submissions/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X PATCH "https://example.com/api/submissions/497f6eca-6276-4993-bfeb-53cbbbba6f08" \ -H "Content-Type: application/json" \ -d '{}'{
"submission": {
"id": "a1b2c3d4-5e6f-7081-92a3-b4c5d6e7f809",
"name": "Rate limit",
"description": "Throttle requests per agent based on a token bucket.",
"status": "pending",
"githubUrl": "https://github.com/acme/rate-limit-policy"
}
}{
"error": "Not authenticated"
}/api/submissions/{id}/historyAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/submissions/497f6eca-6276-4993-bfeb-53cbbbba6f08/history"{
"entries": [
{}
]
}/api/submissions/validateAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/api/submissions/validate" \ -H "Content-Type: application/json" \ -d '{}'{
"validation": {}
}Deployments
/api/deploymentsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Response Body
application/json
curl -X GET "https://example.com/api/deployments"{
"deployments": [
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"policy_id": "ee9b03e0-6495-427a-85a5-34444d24ae04",
"connection_id": "d3547de1-d1f2-4344-b4c2-17169b7526f9",
"workspace_id": "0967198e-ec7b-4c6b-b4d3-f71244cadbe9",
"status": "string",
"anypoint_org_id": "string",
"definition_asset_version": "string",
"implementation_asset_version": "string",
"home_doc_status": "published"
}
],
"pagination": {}
}/api/deploymentsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
curl -X POST "https://example.com/api/deployments" \ -H "Content-Type: application/json" \ -d '{ "policyId": "3f1c2b4a-1e2d-4c3b-9a8f-0d1e2f3a4b5c", "connectionId": "7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d", "workspaceId": "9f8e7d6c-5b4a-3210-fedc-ba9876543210", "targetOrganizationIds": [ "a0000000-0000-0000-0000-000000000001" ], "doPublish": true, "doRelease": false }'{
"results": [
{
"ok": true,
"organizationId": "string",
"organizationName": "string",
"error": "string",
"deployment": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"status": "string",
"deduped": true
}
}
]
}{
"results": [
{
"ok": true,
"organizationId": "string",
"organizationName": "string",
"error": "string",
"deployment": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"status": "string",
"deduped": true
}
}
]
}{
"error": "Not authenticated"
}/api/deployments/delete-failedAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/api/deployments/delete-failed" \ -H "Content-Type: application/json" \ -d '{}'{
"deletedCount": 0,
"deletedDeploymentIds": [
"string"
]
}{
"error": "Not authenticated"
}/api/deployments/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
application/json
application/json
application/json
curl -X DELETE "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"deletedDeploymentId": "string"
}{
"error": "Not authenticated"
}{
"error": "Not authenticated"
}{
"error": "Not authenticated"
}/api/deployments/{id}/cancelAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08/cancel"{
"ok": true
}/api/deployments/{id}/delete-releaseAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08/delete-release"{
"job": {}
}/api/deployments/{id}/dev-versionAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
application/json
curl -X GET "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08/dev-version"{
"dev_version_exists": true
}{
"error": "Not authenticated"
}/api/deployments/{id}/historyAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08/history"{
"jobs": [
{}
],
"job": {},
"logs": [
{}
]
}/api/deployments/{id}/logsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
text/event-stream
curl -X GET "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08/logs""string"/api/deployments/{id}/syncAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08/sync"{
"ok": true,
"result": "in_sync",
"status": "string"
}/api/deployments/{id}/unpublishAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/deployments/497f6eca-6276-4993-bfeb-53cbbbba6f08/unpublish"{
"job": {}
}Connections
/api/connectionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Response Body
application/json
curl -X GET "https://example.com/api/connections"{
"connections": [
{
"id": "7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d",
"name": "Acme production",
"host": "us",
"client_id": "abcd…",
"organization_id": "a0000000-0000-0000-0000-000000000001"
}
]
}/api/connectionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/api/connections" \ -H "Content-Type: application/json" \ -d '{ "name": "Acme production", "host": "us", "clientId": "1234abcd", "clientSecret": "s3cr3t-value", "organizationId": "a0000000-0000-0000-0000-000000000001" }'{
"connection": {
"id": "7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d",
"name": "Acme production",
"host": "us",
"client_id": "abcd…",
"organization_id": "a0000000-0000-0000-0000-000000000001"
},
"validation": {}
}{
"error": "Not authenticated"
}/api/connections/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
application/json
curl -X GET "https://example.com/api/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"connection": {
"id": "7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d",
"name": "Acme production",
"host": "us",
"client_id": "abcd…",
"organization_id": "a0000000-0000-0000-0000-000000000001"
},
"is_owner": true
}{
"error": "Not authenticated"
}/api/connections/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Credential fields (clientId, clientSecret, organizationId) are all-or-none.
Response Body
application/json
application/json
curl -X PATCH "https://example.com/api/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08" \ -H "Content-Type: application/json" \ -d '{}'{
"connection": {
"id": "7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d",
"name": "Acme production",
"host": "us",
"client_id": "abcd…",
"organization_id": "a0000000-0000-0000-0000-000000000001"
}
}{
"error": "Not authenticated"
}/api/connections/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X DELETE "https://example.com/api/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"ok": true
}/api/connections/{id}/syncAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08/sync"{
"connection": {
"id": "7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d",
"name": "Acme production",
"host": "us",
"client_id": "abcd…",
"organization_id": "a0000000-0000-0000-0000-000000000001"
},
"validation": {}
}/api/connections/{id}/orgsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08/orgs"{
"orgs": [
{
"id": "string",
"name": "string",
"isPrimary": true,
"fullPath": "string"
}
]
}/api/connections/{id}/workspacesAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08/workspaces"{
"shared": [
{}
]
}/api/connections/{id}/impactAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08/impact"{
"active_deployments": 0,
"historical_deployments": 0,
"workspace_links": 0,
"has_credential": true
}/api/connections/validateAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/api/connections/validate" \ -H "Content-Type: application/json" \ -d '{ "host": "us", "clientId": "string", "clientSecret": "string", "organizationId": "string" }'{
"ok": true,
"error": "string"
}Workspaces
/api/workspacesAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Response Body
application/json
curl -X GET "https://example.com/api/workspaces"{
"memberships": [
{}
]
}/api/workspacesAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/api/workspaces" \ -H "Content-Type: application/json" \ -d '{ "name": "string" }'{
"workspace": {
"id": "9f8e7d6c-5b4a-3210-fedc-ba9876543210",
"name": "Platform team",
"slug": "platform-team"
}
}{
"error": "Not authenticated"
}/api/workspaces/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
application/json
curl -X GET "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08"{}{
"error": "Not authenticated"
}/api/workspaces/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X PATCH "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08" \ -H "Content-Type: application/json" \ -d '{ "name": "string" }'{
"workspace": {
"id": "9f8e7d6c-5b4a-3210-fedc-ba9876543210",
"name": "Platform team",
"slug": "platform-team"
}
}{
"error": "Not authenticated"
}/api/workspaces/{id}/archiveAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/archive"{
"archived_at": "string"
}/api/workspaces/{id}/archiveAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X DELETE "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/archive"{
"archived_at": "string"
}/api/workspaces/{id}/membersAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/members"{
"members": [
{}
]
}/api/workspaces/{id}/membersAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/members" \ -H "Content-Type: application/json" \ -d '{ "email": "user@example.com" }'{
"ok": true
}/api/workspaces/{id}/members/{userId}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X PATCH "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/members/497f6eca-6276-4993-bfeb-53cbbbba6f08" \ -H "Content-Type: application/json" \ -d '{}'{
"ok": true
}/api/workspaces/{id}/members/{userId}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X DELETE "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/members/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"ok": true
}/api/workspaces/{id}/members/{userId}/impactAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/members/497f6eca-6276-4993-bfeb-53cbbbba6f08/impact"{
"role": "owner",
"disabled_at": "string",
"owned_shared_connections": 0,
"deployments_authored": 0
}/api/workspaces/{id}/connectionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/connections" \ -H "Content-Type: application/json" \ -d '{ "connection_id": "d3547de1-d1f2-4344-b4c2-17169b7526f9" }'{
"ok": true
}/api/workspaces/{id}/connectionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X PATCH "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/connections" \ -H "Content-Type: application/json" \ -d '{ "connection_id": "d3547de1-d1f2-4344-b4c2-17169b7526f9" }'{
"ok": true
}/api/workspaces/{id}/connectionsAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Query Parameters
Response Body
application/json
curl -X DELETE "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/connections?connection_id=497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"ok": true
}/api/workspaces/{id}/connections/{connectionId}/impactAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X GET "https://example.com/api/workspaces/497f6eca-6276-4993-bfeb-53cbbbba6f08/connections/497f6eca-6276-4993-bfeb-53cbbbba6f08/impact"{
"is_disabled": true,
"disabled_reason": "string",
"members_visible": 0,
"deployments_authored": 0
}Transfers
/api/policies/{id}/transfersAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/api/policies/497f6eca-6276-4993-bfeb-53cbbbba6f08/transfers" \ -H "Content-Type: application/json" \ -d '{ "recipientEmail": "user@example.com" }'{
"transfer": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"to_user_id": "bdcaa974-8e23-4fc9-823d-e060850bbef1"
}
}/api/transfers/{id}/acceptAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/transfers/497f6eca-6276-4993-bfeb-53cbbbba6f08/accept"{
"transfer": {},
"policyId": "string"
}/api/transfers/{id}/cancelAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X POST "https://example.com/api/transfers/497f6eca-6276-4993-bfeb-53cbbbba6f08/cancel"{
"transfer": {}
}/api/transfers/{id}/rejectAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/api/transfers/497f6eca-6276-4993-bfeb-53cbbbba6f08/reject" \ -H "Content-Type: application/json" \ -d '{}'{
"transfer": {}
}Tokens
/api/tokensAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Response Body
application/json
curl -X GET "https://example.com/api/tokens"{
"tokens": [
{
"id": "11112222-3333-4444-5555-666677778888",
"name": "My laptop's CLI",
"token_prefix": "p4a_abcd",
"scopes": [
"api:read"
],
"expires_at": "2026-09-22T00:00:00.000Z",
"last_used_at": null,
"revoked_at": null,
"created_at": "2026-06-24T12:00:00.000Z"
}
]
}/api/tokensAuthorization
cookieAuth A signed-in browser session cookie. Used only by POST /api/tokens, which mints new tokens and therefore rejects personal access tokens — a token cannot mint another token. This operation cannot be exercised from the interactive playground; create tokens from the dashboard Settings page.
In: cookie
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/api/tokens" \ -H "Content-Type: application/json" \ -d '{ "name": "string", "scopes": [ "api:read" ] }'{
"token": "string",
"record": {
"id": "11112222-3333-4444-5555-666677778888",
"name": "My laptop's CLI",
"token_prefix": "p4a_abcd",
"scopes": [
"api:read"
],
"expires_at": "2026-09-22T00:00:00.000Z",
"last_used_at": null,
"revoked_at": null,
"created_at": "2026-06-24T12:00:00.000Z"
}
}{
"error": "Not authenticated"
}/api/tokens/{id}Authorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Path Parameters
The resource's UUID.
Response Body
application/json
curl -X DELETE "https://example.com/api/tokens/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"ok": true,
"record": {
"id": "11112222-3333-4444-5555-666677778888",
"name": "My laptop's CLI",
"token_prefix": "p4a_abcd",
"scopes": [
"api:read"
],
"expires_at": "2026-09-22T00:00:00.000Z",
"last_used_at": null,
"revoked_at": null,
"created_at": "2026-06-24T12:00:00.000Z"
}
}Account
/api/meAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Response Body
application/json
curl -X GET "https://example.com/api/me"{
"user": {
"id": "deadbeef-0000-1111-2222-333344445555",
"email": "you@example.com",
"company": "Acme",
"is_admin": false
}
}/api/meAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X PATCH "https://example.com/api/me" \ -H "Content-Type: application/json" \ -d '{}'{
"user": {
"id": "deadbeef-0000-1111-2222-333344445555",
"email": "you@example.com",
"company": "Acme",
"is_admin": false
}
}{
"error": "Not authenticated"
}/api/me/transfersAuthorization
bearerAuth A personal access token, sent as Authorization: Bearer p4a_….
In: header
Query Parameters
Response Body
application/json
curl -X GET "https://example.com/api/me/transfers"{
"transfers": [
{}
]
}