REST API Reference

Complete reference for all AgentDesk REST API endpoints.

Base URL: http://<host>:<port>/api/v1 — default http://localhost:3737/api/v1

Authentication

AgentDesk uses two authentication modes:

  • Session cookie (agdesk-session) — set after POST /auth/login or POST /auth/setup. Required for remote (non-localhost) requests.
  • Localhost bypass — requests from 127.0.0.1 / ::1 are trusted without a cookie. This lets agents on the same machine call the API directly.

Some endpoints require stricter auth (owner/admin role, cookie-only with no localhost bypass). These are noted per-endpoint.

Auth

MethodPathDescriptionAuth
GET/auth/statusCheck if setup is needed and whether a provider existsPublic
POST/auth/setupCreate the initial owner account (first-run only)Public (one-time)
POST/auth/loginAuthenticate with email + password, receive session cookiePublic
POST/auth/logoutDestroy current session and clear cookieSession cookie
GET/auth/meGet current authenticated user profileSession cookie
POST/auth/inviteCreate an invite link for a new userOwner/Admin
GET/auth/register?token=Validate an invite tokenPublic
POST/auth/registerAccept an invite and create accountPublic (valid token)

POST /auth/setup

First-run endpoint. Creates the owner account. Fails with 409 if an owner already exists.

FieldTypeRequiredDescription
namestringYesDisplay name
emailstringYesEmail address
passwordstringYesMin 8 characters

POST /auth/login

Rate-limited: 5 failed attempts per 15-minute window per IP.

FieldTypeRequiredDescription
emailstringYesEmail address
passwordstringYesPassword

POST /auth/invite

Requires owner or admin role. Returns an invite URL valid for 7 days.

FieldTypeRequiredDescription
emailstringYesInvitee’s email
namestringNoSuggested name
rolestringNoadmin or member (default: member)
projectIdsstring[]NoSpecific project IDs, or null for all projects

POST /auth/register

FieldTypeRequiredDescription
tokenstringYesInvite token
namestringYesDisplay name
passwordstringYesMin 8 characters

Agents

MethodPathDescriptionAuth
GET/agentsList all agents with health, status, and metadataAuthenticated
POST/agentsUpsert an agent recordAuthenticated
POST/agents/createFull agent creation (platform + DB + workspace files)Authenticated
POST/agents/connectConnect an existing platform agent to AgentDeskAuthenticated
GET/agents/availableList platform agents not yet connectedAuthenticated
POST/agents/generate-filesAI-generate SOUL.md and AGENTS.md for a new agentAuthenticated
GET/agents/:idGet detailed agent infoAuthenticated
PATCH/agents/:idUpdate agent fieldsAuthenticated
DELETE/agents/:idDisconnect agent from AgentDeskAuthenticated
GET/agents/:id/avatarRender pixel-art avatar as SVGPublic
POST/agents/:id/avatar/regenerateRe-roll the auto-generated avatarAuthenticated
GET/agents/:id/digestAgent work digest since timestampAuthenticated
GET/agents/:id/filesList workspace .md filesAuthenticated
GET/agents/:id/files/:filenameRead a workspace fileAuthenticated
PUT/agents/:id/files/:filenameWrite a workspace fileAuthenticated
GET/agents/:id/heartbeatGet heartbeat configuration and statusAuthenticated
PUT/agents/:id/heartbeatUpdate heartbeat configurationAuthenticated
PUT/agents/:id/settingsUpdate agent settings (provider, model, prompts)Authenticated
GET/agents/:id/statusAgent health details and current taskAuthenticated
GET/agents/:id/tasksList all tasks assigned to this agentAuthenticated
GET/agents/:id/workGet actionable tasks + unanswered mentionsAuthenticated
GET/agents/:id/runsPaginated dispatcher run historyAuthenticated
GET/agents/:id/runs/:runId/transcriptRead JSONL session transcript for a runAuthenticated

POST /agents/create

FieldTypeRequiredDescription
namestringYesAgent display name (used to derive ID)
descriptionstringNoAgent description
rolestringNoworker or orchestrator
titlestringNoJob title
modelstringNoLLM model identifier
providerIdstringNoProvider ID for multi-provider routing
heartbeatIntervalstringNo15m, 30m, 1h, or off
soulMdstringNoSOUL.md content
agentsMdstringNoAGENTS.md content

PUT /agents/:id/settings

FieldTypeRequiredDescription
rolestringNoAgent role
titlestringNoAgent title
providerIdstringNoProvider ID (clears SDK session on change)
modelstringNoModel identifier
soulMdstringNoSOUL.md content (max 256KB)
agentsMdstringNoAGENTS.md content (max 256KB)

PUT /agents/:id/heartbeat

FieldTypeRequiredDescription
intervalstringNo15m, 30m, 1h, or off
enabledbooleanNoEnable/disable heartbeat
modelstringNoOverride model for heartbeat runs
heartbeatMdstringNoHEARTBEAT.md content

GET /agents/:id/runs

Query ParamTypeDefaultDescription
limitnumber20Max rows (capped at 100)
offsetnumber0Pagination offset

Projects

MethodPathDescriptionAuth
GET/projectsList all projects (scoped by user role)Authenticated
POST/projectsCreate a new projectAuthenticated
GET/projects/:idGet project detailsAuthenticated
PATCH/projects/:idUpdate projectAuthenticated
DELETE/projects/:idDelete project and cascade all related dataAuthenticated
GET/projects/:id/tasksList tasks in a project (with filters)Authenticated
POST/projects/:id/tasksCreate a task in a projectAuthenticated
GET/projects/:id/membersList project membersAuthenticated
POST/projects/:id/membersAdd or update a project memberCookie auth
DELETE/projects/:id/membersRemove a memberCookie auth

POST /projects

FieldTypeRequiredDescription
namestringYesProject name
missionstringYesProject mission statement
statusstringNoProject status

POST /projects/:id/tasks

FieldTypeRequiredDescription
titlestringYesTask title
deliverableDescriptionstringYesWhat the deliverable is
descriptionstringNoDetailed description
assigneeIdstringNoAgent ID to assign
prioritynumberNo0=Critical, 1=High, 2=Medium (default), 3=Low
statusstringNoInitial status
tagIdsstring[]NoTag IDs to attach
contextPathsstring[]NoContext file paths

GET /projects/:id/tasks

Query ParamTypeDescription
statusstringFilter by status
assigneeIdstringFilter by assignee
tagIdstringFilter by tag
prioritystringFilter by priority level

Tasks

MethodPathDescriptionAuth
GET/tasksList tasks across all projectsAuthenticated
GET/tasks/:idGet task details with subtasks, tags, context pathsAuthenticated
PATCH/tasks/:idUpdate task fieldsAuthenticated
DELETE/tasks/:idDelete a task and all related dataAuthenticated
PATCH/tasks/:id/statusChange task status (with validation)Authenticated
GET/tasks/:id/commentsList comments on a taskAuthenticated
POST/tasks/:id/commentsAdd a comment (auto-extracts @mentions)Authenticated
GET/tasks/:id/subtasksList subtasksAuthenticated
POST/tasks/:id/subtasksCreate a subtaskAuthenticated
GET/tasks/:id/activitiesList activity log for a taskAuthenticated
POST/tasks/:id/approveApprove a task in review (moves to done)Authenticated
POST/tasks/:id/rejectReject a task (moves to in-progress, adds comment)Authenticated
POST/tasks/:id/planCreate subtasks from a plan and post as commentAuthenticated
POST/tasks/:id/tagsAttach a tag to a taskAuthenticated
DELETE/tasks/:id/tags/:tagIdRemove a tag from a taskAuthenticated
GET/tasks/mentionsList tasks where an agent/user was @mentionedAuthenticated

PATCH /tasks/:id

FieldTypeRequiredDescription
titlestringNoTask title
descriptionstringNoDescription
deliverableDescriptionstringNoDeliverable spec
deliverableArtifactstringNoDeliverable artifact URL/path
assigneeIdstringNoAssignee agent ID
prioritynumberNo0-3 priority level
statusstringNoTask status
dueDatestringNoDue date
pausedbooleanNoPause the task
contextPathsstring[]NoReplace context file paths

PATCH /tasks/:id/status

FieldTypeRequiredDescription
statusstringYesNew status: todo, assigned, planning, in-progress, review, done
prioritynumberNoOptionally update priority

POST /tasks/:id/comments

FieldTypeRequiredDescription
contentstringYesComment body (markdown, @mentions auto-extracted)
authorTypestringLocalhost onlyagent or user
authorIdstringLocalhost onlyAuthor identifier
replyToIdstringNoParent comment ID for threading

POST /tasks/:id/reject

FieldTypeRequiredDescription
reasonstringYesRejection reason (posted as a comment)

POST /tasks/:id/plan

FieldTypeRequiredDescription
subtasksstring[]YesList of subtask titles
actorIdstringYesAgent/user creating the plan
actorTypestringNoagent or user (default: agent)

GET /tasks/mentions

Query ParamTypeDescription
agentIdstringAgent or user ID to check mentions for
sincestringEpoch ms — only return mentions after this timestamp

Subtasks

MethodPathDescriptionAuth
PATCH/subtasks/:idUpdate subtask (title, done, sortOrder)Authenticated
DELETE/subtasks/:idDelete a subtaskAuthenticated

PATCH /subtasks/:id

FieldTypeRequiredDescription
titlestringNoSubtask title
donebooleanNoCompletion status
sortOrdernumberNoDisplay order

Comments

MethodPathDescriptionAuth
PATCH/comments/:idEdit a comment (author-only)Authenticated
DELETE/comments/:idDelete a comment (cascades to replies)Authenticated

PATCH /comments/:id

FieldTypeRequiredDescription
contentstringYesUpdated comment body

Crons (Scheduled Jobs)

MethodPathDescriptionAuth
GET/cronsList all cron jobs with run historyAuthenticated
POST/cronsCreate a new cron jobAuthenticated
GET/crons/:idGet cron job detailsAuthenticated
PATCH/crons/:idUpdate cron jobAuthenticated
DELETE/crons/:idDelete a cron jobAuthenticated
POST/crons/:id/runManually trigger a cron jobAuthenticated
GET/crons/:id/runsGet run historyAuthenticated

POST /crons

FieldTypeRequiredDescription
agentstringYesTarget agent ID
namestringNoJob name
everystringConditionalInterval (15m, 30m, 1h). One of every, cron, or at required
cronstringConditionalCron expression (e.g., 0 9 * * *)
atstringConditionalISO 8601 timestamp for one-shot execution
tzstringNoTimezone
messagestringNoPrompt sent to the agent
sessionstringNomain or isolated
modelstringNoOverride model
projectIdstringNoLink to a project

PATCH /crons/:id

FieldTypeRequiredDescription
enabledbooleanNoEnable/disable the job
namestringNoJob name
agentstringNoTarget agent
everystringNoInterval
cronstringNoCron expression
atstringNoOne-shot timestamp
messagestringNoPrompt message
projectIdstringNoProject link

Chat

MethodPathDescriptionAuth
GET/chat/tabs?agentId=List persisted chat tabs for an agentAuthenticated
POST/chat/tabsCreate a new chat tabAuthenticated
DELETE/chat/tabs/:idClose and delete a chat tabAuthenticated
POST/chat/resetReset an agent’s chat sessionAuthenticated

POST /chat/tabs

FieldTypeRequiredDescription
agentIdstringYesAgent to create tab for
labelstringNoTab label (auto-generates if omitted)

POST /chat/reset

FieldTypeRequiredDescription
agentIdstringYesAgent ID
sessionKeystringYesSession key to reset

Contexts (Project Files)

MethodPathDescriptionAuth
GET/contexts/searchSearch context files across projectsAuthenticated
GET/contexts/:projectSlugList all files in a project’s context directoryAuthenticated
GET/contexts/:projectSlug/:filepathRead a context file (JSON with content)Authenticated
GET/contexts/:projectSlug/:filepath/rawDownload raw file contentAuthenticated
PUT/contexts/:projectSlug/:filepathCreate or update a context file (max 256KB)Authenticated
DELETE/contexts/:projectSlug/:filepathDelete a context fileAuthenticated

PUT /contexts/:projectSlug/:filepath

FieldTypeRequiredDescription
contentstringYesFile content (max 256KB)

GET /contexts/search

Query ParamTypeDescription
qstringFilename search query
projectstringFilter by project slug

Integrations — Telegram

MethodPathDescriptionAuth
POST/integrations/telegram/setupConfigure Telegram botAuthenticated
DELETE/integrations/telegram/setupDisconnect Telegram botAuthenticated
GET/integrations/telegram/statusGet integration statusAuthenticated
POST/integrations/telegram/linkGenerate a link code for a user’s Telegram chatCookie auth
DELETE/integrations/telegram/unlinkUnlink current user’s Telegram chatCookie auth
POST/integrations/telegram/sendSend a message to a linked Telegram chatAuthenticated
POST/integrations/telegram/webhookTelegram webhook receiverWebhook secret

POST /integrations/telegram/setup

FieldTypeRequiredDescription
botTokenstringYesTelegram bot token
modestringNopolling (default) or webhook
webhookUrlstringConditionalRequired if mode is webhook

POST /integrations/telegram/send

FieldTypeRequiredDescription
textstringYesMessage body
userIdstringNoTarget AgentDesk user (looks up linked chat)
chatIdnumberNoDirect Telegram chat ID
parseModestringNoMarkdown, MarkdownV2, or HTML

Integrations — Notion

MethodPathDescriptionAuth
POST/integrations/notion/setupSave and validate a Notion tokenAuthenticated
DELETE/integrations/notion/setupRemove Notion connectionAuthenticated
GET/integrations/notion/statusCheck connection statusAuthenticated
GET/integrations/notion/verifyVerify token works and count accessible pagesAuthenticated

POST /integrations/notion/setup

FieldTypeRequiredDescription
tokenstringYesNotion internal integration token

Providers

MethodPathDescriptionAuth
GET/providersList providers (credentials redacted) and available presetsAuthenticated
POST/providersCreate a provider (validates credential)Authenticated
GET/providers/:idGet provider details (credential redacted)Authenticated
PATCH/providers/:idUpdate provider fieldsAuthenticated
DELETE/providers/:idDelete provider (fails if agents reference it)Authenticated
POST/providers/:id/testTest provider connectionAuthenticated
POST/providers/:id/refresh-modelsRe-fetch the provider’s model catalogAuthenticated

POST /providers

FieldTypeRequiredDescription
namestringYesDisplay name
presetKeystringYesProvider preset (anthropic-api-key, openai, openrouter, custom, etc.)
credentialstringYesAPI key or token
baseUrlstringNoCustom base URL (required for custom preset)
defaultModelstringNoDefault model ID
isDefaultbooleanNoSet as default provider

Platform

MethodPathDescriptionAuth
GET/platform/statusServer health, version, config, uptimeAuthenticated
GET/platform/origin-checkCheck if this instance is in the platform origin allowlistAuthenticated
POST/platform/register-originRegister this instance in the platform origin allowlistOwner/localhost

Configuration

MethodPathDescriptionAuth
GET/config/dispatcher-pausedCheck if the global dispatcher is pausedAuthenticated
POST/config/dispatcher-pausedToggle global dispatcher pause stateAuthenticated
GET/config/projects-dirGet the configured projects directory pathAuthenticated

POST /config/dispatcher-paused

FieldTypeRequiredDescription
pausedbooleanYestrue to pause all agents, false to resume

Tags

MethodPathDescriptionAuth
GET/tagsList all tags (optionally filtered by projectId)Authenticated
POST/tagsCreate a tagAuthenticated
PATCH/tags/:idUpdate a tagAuthenticated
DELETE/tags/:idDelete a tagAuthenticated

POST /tags

FieldTypeRequiredDescription
namestringYesTag name
colorstringNoHex color
projectIdstringNoScope to a project

Activities

MethodPathDescriptionAuth
GET/activitiesList activity log entries (with filters)Authenticated
POST/activitiesCreate an activity log entryAuthenticated

GET /activities

Query ParamTypeDescription
projectIdstringFilter by project
taskIdstringFilter by task
actorIdstringFilter by actor
actionstringFilter by action type
sinceISO dateOnly entries after this date
limitnumberMax results (default 50, max 200)

Users

MethodPathDescriptionAuth
GET/usersList all usersOwner/Admin (cookie)
PATCH/users/:idChange a user’s roleOwner (cookie)
DELETE/users/:idDelete a user accountOwner (cookie)
GET/users/:id/projectsList a user’s project membershipsCookie auth

PATCH /users/:id

FieldTypeRequiredDescription
rolestringYesadmin or member

Utility

MethodPathDescriptionAuth
GET/statsDashboard statisticsAuthenticated
GET/modelsList available LLM models from active platformAuthenticated
GET/mentionablesList all agents and users available for @mentionsAuthenticated
POST/uploadUpload a file (images, PDFs, text, max 20MB)Authenticated

POST /upload

Accepts multipart/form-data with a file field.

Query ParamTypeDescription
avatarstringSet to true to compress as 512x512 avatar

WebSocket Endpoints

PathDescription
ws://<host>:<port>/wsReal-time event hub — broadcasts task, comment, agent, cron, and file change events
ws://<host>:<port>/ws/chatChat proxy — routes to Claude Code SessionPool or gateway

Event Types

EventDescription
task:createdNew task created
task:updatedTask fields changed
task:deletedTask deleted
task:status_changedTask status transition
comment:createdNew comment posted
comment:updatedComment edited
comment:deletedComment deleted
subtask:createdSubtask added
subtask:updatedSubtask toggled or edited
subtask:deletedSubtask removed
agent:createdAgent registered
agent:updatedAgent settings changed
agent:deletedAgent disconnected
project:createdProject created
project:updatedProject updated
project:deletedProject deleted
cron:createdCron job created
cron:updatedCron job updated
cron:deletedCron job deleted
file:createdContext file created
file:updatedContext file modified
file:deletedContext file removed
integration:statusIntegration connected/disconnected
dispatcher:global-pausedDispatcher pause state changed

Error Format

All error responses return a consistent JSON shape:

{
  "error": "Human-readable error message"
}
CodeMeaning
400Bad request — validation error, missing fields
401Unauthorized — no session, invalid cookie
403Forbidden — insufficient role
404Resource not found
409Conflict — duplicate, already exists
429Rate limited
500Internal server error