API
Reference for the Swirls API: authentication, transport, namespaces, pagination, and error handling.
The Swirls API provides programmatic access to every capability available in the Portal. Use it to manage projects, execute workflows, configure triggers, work with forms, webhooks, schedules, and more.
Base URL
For Swirls Cloud, the base URL is https://swirls.ai/api. For self-hosted deployments, use the URL where your API server is running.
Authentication
Most API endpoints require authentication. Include your API key in the Authorization header:
Authorization: Bearer <apiKey>Get an API key from the Portal under project settings. The CLI authenticates via a session created by swirls auth login.
Requests with a missing or invalid token receive a 401 Unauthorized response.
Protocol
The Swirls API uses oRPC for its authenticated endpoints. All RPC calls are routed through {baseUrl}/rpc.
The API is not a REST API. There are no separate REST routes for resource management. Use the SDK for typed TypeScript clients. Raw HTTP calls to /rpc are supported but verbose.
Making a raw RPC call
const response = await fetch('https://swirls.ai/api/rpc/projects.listProjects', {
method: 'GET',
headers: {
Authorization: 'Bearer <apiKey>',
},
})
const projects = await response.json()For POST procedures, send a JSON body:
const response = await fetch('https://swirls.ai/api/rpc/projects.createProject', {
method: 'POST',
headers: {
Authorization: 'Bearer <apiKey>',
'Content-Type': 'application/json',
},
body: JSON.stringify({ name: 'my-project' }),
})
const project = await response.json()RPC namespaces
The contract is generated from packages/contract/src/contract.ts. The following namespaces are available.
agents
Agent chat sessions back persistent, multi-turn hosted conversations when agent chat is enabled for a project. Sessions store the full transcript.
| Method | Description |
|---|---|
createSession | Create a platform agent chat session. Returns { sessionId }. |
listSessions | List agent chat sessions for a project. Filter by agentName. |
getSession | Load an agent chat session by ID, including its messages. |
deleteSession | Delete an agent chat session by ID. |
listAgents | List agents in the active deployment for a project. |
projects
| Method | Description |
|---|---|
listProjects | List all projects accessible to the authenticated user. |
createProject | Create a new project. |
getProject | Get a project by ID. |
updateProject | Rename a project. |
deleteProject | Delete a project and its data. |
setActiveDeployment | Pin a deployment as active, or pass null to use the latest. |
listExecutions | List executions for a project. Filterable by status, workflowId, deploymentId, triggerType, and scope. |
getKeySetInfo | Get Anvil KMS keyset info for a project. |
provisionKeySet | Provision an Anvil KMS keyset for a project. |
revokeGrant | Revoke the platform client grant on a project keyset. |
restoreGrant | Restore the platform client grant on a project keyset. |
workflows
| Method | Description |
|---|---|
getWorkflowSnapshot | Get a workflow snapshot with all its nodes and edges. Call this before executeWorkflow to learn the input schema. |
listWorkflows | List workflows for a project with snapshot, version count, and active-deployment flag. |
executeWorkflow | Execute a workflow with optional input. Returns { executionId }. |
getExecution | Get the status and results of a workflow execution, including all node executions. |
listRunnableWorkflows | List workflows in a deployment with each workflow's entry-node input schema and last execution. |
deployments
| Method | Description |
|---|---|
deploy | Deploy a compiled project definition. Returns { deployment, missingVendorKeys[] }. Non-empty missingVendorKeys means affected nodes will pause with secrets_hold. |
getDeployment | Get a deployment by ID. |
getMissingVendorKeys | Get vendor keys missing from the project vault for a deployment. Empty for Enterprise. |
listDeployments | List deployments for a project. Filterable by environment and source. |
listExecutions | List executions for a deployment. |
forms
| Method | Description |
|---|---|
getForm | Get stable form identity and preferred snapshot. Snapshot includes visibility, authName, allowedOrigins, successContent, csrfKeyGeneration. |
listForms | List forms for a project with preferred snapshot and version count. |
listFormSubmissions | List form submissions. Filter by formId or formSnapshotId. |
webhooks
| Method | Description |
|---|---|
getWebhook | Get stable webhook identity and preferred snapshot. Snapshot includes headerName, secretRefBlock, secretRefVar. |
listWebhooks | List webhooks for a project with preferred snapshot. |
schedules
| Method | Description |
|---|---|
getSchedule | Get stable schedule identity and preferred snapshot. Snapshot includes cron, timezone, nextRunAt, running. |
listSchedules | List schedules for a project with preferred snapshot. |
reviews
Reviews pause workflow execution at any node configured with review: { enabled: true }.
| Method | Description |
|---|---|
listReviews | List reviews for a project. Filter by status (pending, approved, rejected). |
getReview | Get a review with its associated node execution, node, and workflow execution. |
approveReview | Approve a review. Optionally pass formData for validation against the node's review schema. Resumes execution. |
rejectReview | Reject a review. Optionally pass reason. Resumes execution with a failure state. |
secrets
| Method | Description |
|---|---|
listSecretBlocks | List secret blocks from the active deployment with per-var value presence. |
listAuthBlocks | List auth blocks from the active deployment with authType, secretBlockName, and config. |
getSecretValues | List secret value keys, presence, and kind (block_var or vendor). |
setSecretValue | Upsert a secret value. Set kind to vendor for platform API keys. |
deleteSecretValue | Remove a stored secret value. |
streams
| Method | Description |
|---|---|
listStreams | List stream definitions for a project. |
queryStreamOutputs | Query persisted rows for a stream name and version. filter is Record<string, Record<string, unknown>>. Operators: eq, ne, gt, gte, lt, lte, like, in. |
billing
| Method | Description |
|---|---|
getUsage | Get feature usage for the authenticated org. Returns { features: [{ featureId, allowed, balance, usage, limit, nextResetAt }] }. |
getBillingHoldCount | Get the number of executions held due to billing limits. Returns { count }. |
getExecutionCreditsUsage | Get credit usage by project. Input: { projectId?, range? }. Range options: 24h, 7d, 30d, 90d, last_cycle, 1bc, 3bc. Returns { range, byProject: [{ projectId, name, credits }] }. |
audit
Audit procedures use cursor-based pagination with limit (1–500, default 100) and optional cursor.
| Method | Description |
|---|---|
listByOrg | List audit events for an organization. |
listByActor | List audit events for a specific actor. |
Audit event fields: id, occurredAt, ingestedAt, subject, actorId, actorType (user, service, or agent), orgId, projectId, resourceType, resourceId, action, workflowId, executionId, traceId, outcome (success, failure, or denied), errorCode, metadata.
traces
Execution and agent-session observability. Every procedure is scoped to a project; access is enforced per tenant.
| Method | Description |
|---|---|
listExecutions | List recent executions and agent sessions for a project. Input: { projectId, limit?, beforeTimestamp? }. |
getTrace | Fetch every span in a trace, scoped to the project. Input: { projectId, traceId }. |
getExecutionSpans | Fetch the spans for one execution id. Input: { projectId, executionId }. |
integrations.github
| Method | Description |
|---|---|
getInstallUrl | Get the GitHub App installation URL for a project. |
createRepoLink | Link a GitHub repository to a project for git push deploys. |
updateRepoLink | Update repository link settings. |
deleteRepoLink | Remove the repository link. |
triggerManualDeploy | Trigger a deploy from the linked repository. |
listUserInstallations | List GitHub App installations for the authenticated user. |
listInstallationRepos | List repositories for a GitHub App installation. |
getRepoLink | Get the current repository link for a project. |
integrations.connections
| Method | Description |
|---|---|
listProviders | List available third-party identity providers. |
listConnections | List authorized accounts for the authenticated user or workspace. |
revokeConnection | Revoke a third-party connection. |
promoteToWorkspace | Promote a user-scoped connection to workspace scope. Admin or owner only. |
listProjectSlots | List the connection slots declared by a project's active deployment, with binding status. |
bindConnection | Bind an authorized account to a named project connection slot. |
unbindConnection | Clear the account bound to a project connection slot. |
cli
| Method | Description |
|---|---|
revokeSession | Revoke a CLI session by ID. Called by swirls auth logout. |
Public endpoints
The Triggers service (apps/triggers) exposes these endpoints without API key authentication.
Form submission
GET /triggers/forms/:projectId/:formName
POST /triggers/forms/:projectId/:formNameGET renders the HTML form. Forms with visibility: internal return 404. Forms with basic auth return 401 when credentials are missing.
POST validates the CSRF token, validates the submission against the form schema, and enqueues a workflow execution. Returns 503 if the 5-second hot-path budget is exceeded.
Webhook ingestion
POST /triggers/webhooks/:projectId/:webhookNameVerifies the optional shared secret (header name and value from the webhook's secret block), then enqueues a workflow execution.
Pagination
Standard list operations return:
{
"pagination": {
"hasNextPage": true,
"hasPreviousPage": false,
"startCursor": "...",
"endCursor": "..."
},
"results": [],
"totalCount": 42
}Pass before, after, first, or last to navigate pages. Maximum page size is 500.
Audit procedures use a separate cursor pagination shape:
{
"data": [],
"nextCursor": "..."
}Error handling
The API returns errors in a consistent format:
{
"error": {
"code": "NOT_FOUND",
"message": "Workflow not found"
}
}| Code | HTTP Status | Description |
|---|---|---|
UNAUTHORIZED | 401 | Authentication is missing or invalid. |
FORBIDDEN | 403 | The authenticated user does not have access to this resource. |
BAD_REQUEST | 400 | The request is malformed or contains invalid parameters. |
NOT_FOUND | 404 | The requested resource does not exist. |
INTERNAL_SERVER_ERROR | 500 | An unexpected error occurred on the server. |
Next steps
- SDK reference: Typed TypeScript client for every namespace above.
- CLI reference: Authenticate and deploy from the command line.