Skip to main content
This reference covers the core AutoSage API resources and runtime workflows. For the complete current route and schema inventory, use the OpenAPI explorer at /swagger. If you are new to the API, read the Introduction and Authentication first, then follow the Quickstart.

Base URL

All resource endpoints are served under a versioned prefix:
https://api.autosage.ai/api/v1
Authentication flows live under /api/auth, and invitation endpoints are served at the root (/invites). Every endpoint page states its exact path.

Versioning

The current resource API uses the /api/v1 path prefix. Write clients that ignore unknown response fields, and use the OpenAPI explorer for the current contract.

Conventions

JSON everywhere

Requests and responses are JSON. Send Content-Type: application/json on any request with a body.

Bearer auth

Authenticate with an API key: Authorization: Bearer sk_.... See Authentication.

Schema-defined fields

Field naming follows each endpoint schema and can mix styles. Use the endpoint reference or OpenAPI explorer for the exact shape.

Predictable errors

Errors return the right HTTP status with a JSON message. See the table below.

Error codes

StatusMeaningTypical cause
400Bad requestValidation failed — a field is missing, malformed, or out of range.
401UnauthorizedMissing, malformed, or invalid credentials.
403ForbiddenAuthenticated, but lacking the required role or scope.
404Not foundThe resource does not exist or is outside your access.
409ConflictThe request collides with existing state (for example a duplicate name).
Errors return a JSON body with a human-readable message. Treat any non-2xx status as a failure and read the message for detail.

Who can call what

Endpoints differ in the kind of caller they accept:

User session required

Organization, environment, and member administration. These are dashboard operations and are intentionally not exposed to API keys.

API key allowed

Content operations — tenants, knowledge bases, documents, chats, and agents — accept API keys so your application can run them directly.
Throughout this reference each endpoint is tagged: [User] requires a user session, [Key] accepts an API key, and [User+Key] accepts either.

Resource groups

Organizations

Create organizations and manage members, roles, and invitations.

Environments

Isolate dev, staging, and production inside an organization.

Tenants

Provision tenants, set limits, and manage tenant memory.

Users

Discover the resources and scopes the current caller can reach.

Invites

Accept team invitations and read invite details.

API keys

Create, list, and revoke the sk_... keys your application uses.

Billing

Read credit balances and usage for a tenant.

Knowledge bases

Configure retrieval boundaries, prompts, sharing, and restricted memory.

Documents

Upload, discover, inspect, reprocess, download, and delete content.

Chats

Create conversations, send messages, stream runs, and manage chat access.

Agents

Configure, deploy, schedule, run, and archive saved agents.

Shared chats

Read sanitized public or organization-shared transcripts.

Connectors & connections

Configure connected app access; use /swagger for database connection routes.

Skills

Manage the reusable skill library that agents attach at run time.

Interactive explorer

An OpenAPI-powered explorer is available at /swagger on the API host. Use it to see full request and response schemas for any endpoint; these pages add the concepts, roles, and guidance the raw schema can’t express.