REST API Reference

All endpoints are served by api-server (default port 3000). Authenticate with your root API key unless noted.

REST API Reference

All endpoints are served by api-server (default port 3000). Authenticate with your root API key unless noted.

Authentication

Authorization: Bearer storsko_root_<64-hex-chars>

Agent JWTs (Authorization: Bearer <jwt>) are accepted on routes that accept agent-scoped tokens.

Agents

MethodPathDescription
GET/api/v1/agentsList all registered agents
POST/api/v1/agentsRegister a new agent
GET/api/v1/agents/:idGet agent details
PATCH/api/v1/agents/:idUpdate agent metadata
DELETE/api/v1/agents/:idRemove an agent
POST/api/v1/agents/:id/transferTransfer agent to another org
POST/api/v1/agents/:id/deactivateDeactivate agent
PATCH/api/v1/agents/:id/risk-levelSet EU AI Act risk level

Capabilities

MethodPathDescription
GET/api/v1/capabilitiesList all capability definitions
POST/api/v1/capabilities/grantGrant a capability to an agent
DELETE/api/v1/capabilities/grant/:idRevoke a capability grant

Execution

MethodPathDescription
POST/api/v1/executeExecute a governed agent action

HITL

MethodPathDescription
GET/api/v1/hitlList pending HITL requests
GET/api/v1/hitl/:idGet a HITL request
POST/api/v1/hitl/:id/approveApprove a HITL request
POST/api/v1/hitl/:id/rejectReject a HITL request
POST/api/v1/hitl/:id/escalateEscalate to org admin
POST/api/v1/hitl/:id/timeoutMark request as timed out
GET/api/v1/hitl/check-timeoutsTrigger timeout sweep

Audit

MethodPathDescription
GET/api/v1/auditQuery audit log
GET/api/v1/audit/:user_id/exportGDPR data export

Teams

MethodPathDescription
GET/api/v1/teamsList teams
POST/api/v1/teamsCreate a team
GET/api/v1/teams/:idGet team
PATCH/api/v1/teams/:idUpdate team
DELETE/api/v1/teams/:idDelete team
POST/api/v1/teams/:id/membersAdd member
DELETE/api/v1/teams/:id/members/:userIdRemove member

Routing

MethodPathDescription
POST/api/v1/routing/resolveResolve best agent for a task
GET/api/v1/routing/logLast 200 routing decisions
POST/api/v1/routing/delegateDelegate task to another agent

Compliance

MethodPathDescription
DELETE/api/v1/users/:id/dataGDPR erasure

Notifications

MethodPathDescription
PUT/api/v1/notifications/config/:channelConfigure notification channel
GET/api/v1/notifications/config/:channelGet channel config
DELETE/api/v1/notifications/config/:channelRemove channel config

Health

GET /health

Returns { status: "ok" } when the API server is up.

Edit this page
Architecture Overview
Storsko is designed around a single core principle: every agent action flows through a governance chokepoint. This document explains how the system is structured, how data flows through it, and how the packages compose into a coherent whole.