HTTP API Overview
FlowLayer exposes a minimal HTTP surface for session access.
API availability
Section titled “API availability”The HTTP API exists only when a session bind is active:
- CLI:
-s <bind> - server config:
session.bind
If no effective bind is resolved, the server still runs orchestration but does not expose session HTTP routes.
Authentication model
Section titled “Authentication model”All routes require:
Authorization: Bearer <token>Responses:
- missing header:
401 Unauthorized - invalid token:
403 Forbidden
Current endpoint surface
Section titled “Current endpoint surface”| Method | Path | Purpose |
|---|---|---|
GET | /health | Session health check ({"ok": true}) |
GET | /ws | WebSocket upgrade endpoint for protocol commands/events |
There are no REST action endpoints in the current API.
Runtime interaction model
Section titled “Runtime interaction model”Runtime operations use WebSocket protocol messages on /ws:
- commands from client to server
ackandresultresponses- async events (
hello,snapshot,service_status,log)
See Protocol Overview, Logs, and Actions.
Example checks
Section titled “Example checks”Health:
curl -H "Authorization: Bearer <token>" http://127.0.0.1:6999/healthWebSocket upgrade (example tooling):
wscat -H "Authorization: Bearer <token>" -c ws://127.0.0.1:6999/ws