TurfAI DevelopersComprehensive API Documentation - TurfAI
Synced from the source repositories. Do not edit by hand.
Based on thorough analysis of all controller and route files, here is the complete API endpoint documentation:
Table of Contents
- Activity API
- Agent API
- Agent Conversation API
- Auth API
- Chatbot API
- Collection API
- Credential API
- Document API
- Event Bus API
- Google OAuth API
- Job API
- Prompt API
- RAG API
- Webhook API
- Squad API
- Workflow Execution API
- LLM Service API
- RAG Query Service API
Activity API
Base Path: /api
GET /activities
List all accessible activities for the authenticated user (system-level + user-owned)
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
pagination[page]: number (default: 1)pagination[pageSize]: number (default: 25)sort: string (sort field, e.g.,createdAt:desc)filters[...]: object (Strapi filters)
Response:
{
"data": [
{
"id": number,
"name": string,
"description": string,
"workflow_definition": object,
"level": "system|user|internal",
"status": "draft|published",
"owner": { "id": number, "username": string, "email": string },
"createdAt": string,
"updatedAt": string
}
],
"meta": {
"pagination": {
"page": number,
"pageSize": number,
"pageCount": number,
"total": number
}
}
}GET /activities/:id
Retrieve a single activity by ID
Path Parameters:
id: number (Activity ID)
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"id": number,
"name": string,
"workflow_definition": object,
"level": string,
"owner": object,
...
}
}POST /activities
Create a new activity/workflow
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string,
"workflow_definition": object,
"level": "system|user|internal" (optional, auto-detected),
"status": "draft|published",
"workflow_type": string
}
}Response: (201 Created)
{
"data": {
"id": number,
"name": string,
"workflow_definition": object,
"level": string,
"owner": object,
"createdAt": string
}
}PUT /activities/:id
Update an activity
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string,
"workflow_definition": object,
"status": string
}
}Response:
{
"data": { /* updated activity object */ }
}DELETE /activities/:id
Delete an activity
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { "id": number, ... }
}POST /activities/:id/instantiate
Clone a workflow to create a user-owned copy
Path Parameters:
id: number (Source workflow ID)
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"name": string (optional, defaults to "Name (Copy)"),
"description": string (optional)
}Response:
{
"data": {
"workflow_id": number,
"workflow": {
"id": number,
"name": string,
"level": "user",
"owner": { "id": number },
...
}
}
}Agent API
Base Path: /api
GET /agents/:slug/public-config
Get public agent configuration (no auth required)
Path Parameters:
slug: string (Agent slug)
Response:
{
"type": "agent",
"name": string,
"slug": string,
"description": string,
"welcome_message": string,
"branding": object,
"conversational": boolean
}POST /agents/:slug/public-chat
Chat with an agent via public API (no JWT auth required, API key in header)
Path Parameters:
slug: string
Headers:
- X-Agent-Key: string (agent API key) OR
- Authorization: Bearer {jwt_token} (agent owner's token)
- Content-Type: application/json
Request Body:
{
"query": string,
"session_id": string (optional),
"file_urls": [
{
"url": string,
"mime_type": string,
"name": string
}
] (optional, files to attach)
}Query Parameters:
session_id: string (optional, for conversational mode)
Response:
{
"answer": string,
"trace": string,
"tools_used": string[],
"session_id": string
}GET /agents
List agents owned by authenticated user
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
pagination[page]: numberpagination[pageSize]: number
Response:
{
"data": [
{
"id": number,
"name": string,
"slug": string,
"goal": string,
"description": string,
"available_tools": string[],
"model": string,
"max_iterations": number,
"temperature": number,
"active": boolean,
"api_key": string,
"owner": { "id": number },
"createdAt": string
}
]
}POST /agents
Create a new agent
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"slug": string (optional, auto-generated if not provided),
"goal": string,
"description": string (optional),
"available_tools": string[],
"model": string (default: "vertex"),
"max_iterations": number (default: 10),
"temperature": number (default: 0.3),
"prompt_title": string (optional),
"conversational": boolean (default: false),
"branding": object (optional),
"welcome_message": string (optional),
"mcp_servers": object[] (optional)
}
}Response: (201 Created)
{
"data": {
"id": number,
"name": string,
"api_key": string,
...
}
}GET /agents/:id
Get a specific agent by ID
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { /* agent object */ }
}PUT /agents/:id
Update an agent
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string,
"goal": string,
"available_tools": string[],
"model": string,
"max_iterations": number,
"temperature": number,
"active": boolean,
"branding": object,
"mcp_servers": object[]
}
}Response:
{
"data": { /* updated agent */ }
}DELETE /agents/:id
Delete an agent
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}POST /agents/:id/regenerate-key
Regenerate agent API key (requires step-up authentication - CASA 3.7.1)
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- X-Step-Up-Verified: true (after step-up verification)
Response:
{
"data": {
"id": number,
"api_key": string (new key),
...
}
}Agent Conversation API
Base Path: /api
GET /agent-conversations
List agent conversation sessions for authenticated user
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
pagination[page]: numberpagination[pageSize]: numberfilters[agent_id][$eq]: number (optional, filter by agent)
Response:
{
"data": [
{
"session_id": string,
"title": string,
"message_count": number,
"active": boolean,
"agent_config": object,
"agent_id": number,
"createdAt": string,
"updatedAt": string
}
]
}POST /agent-conversations
Create a new conversation session
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"title": string (optional),
"agent_config": object (optional),
"agent_id": number (optional)
}
}Response: (201 Created)
{
"data": {
"session_id": string,
"title": string,
"message_count": 0,
"active": true,
...
}
}GET /agent-conversations/:sessionId/messages
Get messages for a conversation session
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
limit: number (default: 50)
Response:
{
"data": {
"session_id": string,
"messages": [
{
"role": "user|assistant|system",
"content": string,
"metadata": object,
"created_at": string,
"attachments": object[] (optional)
}
]
}
}POST /agent-conversations/:sessionId/messages
Add a message to a conversation
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"role": "user|assistant|system",
"content": string,
"metadata": object (optional)
}Response: (201 Created)
{
"data": {
"role": string,
"content": string,
"metadata": object,
"created_at": string
}
}POST /internal/agent-conversations/:sessionId/messages
Internal endpoint to add message (service key auth)
Path Parameters:
sessionId: string
Headers:
- X-Service-Key: string
- Content-Type: application/json
Request Body: (same as POST /agent-conversations/:sessionId/messages)
Response: (201 Created)
{
"success": true
}PUT /agent-conversations/:sessionId/escalate
Update escalation status for a conversation
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"escalation_status": string,
"escalation_reason": string (optional),
"assigned_agent": string (optional)
}Response:
{
"success": true
}PUT /internal/agent-conversations/:sessionId/escalate
Internal endpoint to update escalation (service key auth)
Path Parameters:
sessionId: string
Headers:
- X-Service-Key: string
- Content-Type: application/json
Request Body: (same as PUT /agent-conversations/:sessionId/escalate)
Response:
{
"success": true
}DELETE /agent-conversations/:sessionId
Delete a conversation session
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}Auth API
Base Path: /api
POST /auth/logout
Logout and blacklist current JWT token (CASA 3.3.1)
Headers:
- Authorization: Bearer {jwt_token}
Request Body: (empty)
Response:
{
"message": "Logged out successfully"
}POST /auth/step-up
Send OTP to authenticated user's email for step-up verification (CASA 3.7.1)
Headers:
- Authorization: Bearer {jwt_token}
Request Body: (empty)
Response:
{
"message": "Verification code sent to your email"
}POST /auth/step-up/verify
Verify OTP and grant step-up flag (CASA 3.7.1)
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"code": string (6-digit OTP)
}Response:
{
"message": "Identity verified. You may now proceed with the sensitive operation.",
"expiresIn": 300
}Chatbot API
Base Path: /api
GET /chatbots/:slug/config
Get public chatbot configuration (no auth required)
Path Parameters:
slug: string
Response:
{
"name": string,
"slug": string,
"welcome_message": string,
"branding": object
}POST /chatbots/:slug/chat
Chat with a chatbot via public API
Path Parameters:
slug: string
Headers:
- X-Chatbot-Key: string (chatbot API key)
- Content-Type: application/json
Request Body:
{
"query": string,
"session_id": string (optional)
}Response:
{
"answer": string,
"sources": [
{
"title": string,
"content": string,
"file_url": string,
"signed_url": string (optional)
}
],
"session_id": string (optional)
}GET /chatbots
List chatbots owned by authenticated user
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": [
{
"id": number,
"name": string,
"slug": string,
"active": boolean,
"api_key": string,
"welcome_message": string,
"branding": object,
"rate_limit": number,
"query_count": number,
"owner": { "id": number },
"createdAt": string
}
]
}POST /chatbots
Create a new chatbot
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"slug": string,
"welcome_message": string (optional),
"branding": object (optional),
"allowed_origins": string[],
"rate_limit": number (default: 60)
}
}Response: (201 Created)
{
"data": {
"id": number,
"api_key": string,
...
}
}GET /chatbots/:id
Get a specific chatbot
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { /* chatbot object */ }
}PUT /chatbots/:id
Update chatbot
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"slug": string,
"active": boolean,
"welcome_message": string,
"branding": object,
"rate_limit": number
}
}Response:
{
"data": { /* updated chatbot */ }
}DELETE /chatbots/:id
Delete a chatbot
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}POST /chatbots/:id/regenerate-key
Regenerate chatbot API key (requires step-up)
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"api_key": string,
...
}
}Collection API
Base Path: /api
GET /collections
List all accessible collections for user
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": [
{
"id": number,
"name": string,
"description": string,
"documents": [
{
"id": number,
"title": string,
"mimeType": string,
"visibility": string,
"owner": { "id": number, "username": string }
}
],
"createdAt": string
}
]
}POST /collections/create-collection
Create a new collection
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string (optional),
"documents": number[] (document IDs, optional)
}
}Response:
{
"id": number,
"name": string,
"owner": { "id": number },
"documents": number[]
}GET /collections/:id/documents
Get documents in a collection
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": [
{
"id": number,
"title": string,
"fileUrl": string,
"fileSize": number,
"mimeType": string,
"visibility": string,
"owner": { "id": number }
}
],
"meta": {
"collection": {
"id": number,
"name": string,
"description": string
}
}
}POST /collections/:id/add-document
Add a document to collection
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"documentId": number
}Response:
{
"id": number,
"documents": number[],
...
}POST /collections/:id/remove-document
Remove a document from collection
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"documentId": number
}Response:
{
"message": "Document removed from collection and storage adjusted",
"collectionId": number,
"documentId": number
}DELETE /collections/:id/delete
Delete a collection
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"message": "Collection and associated documents (if applicable) deleted",
"collectionId": number
}GET /collections/:collectionId/documents/:documentId/download
Download a document from collection
Path Parameters:
collectionId: numberdocumentId: number
Headers:
- Authorization: Bearer {jwt_token}
Response: (File stream)
- Content-Type: (document mime type)
- Content-Disposition: attachment; filename="..."
Credential API
Base Path: /api
GET /credentials
List credentials owned by authenticated user (metadata only)
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": [
{
"id": number,
"name": string,
"provider": string,
"description": string,
"field_names": string[],
"createdAt": string
}
]
}GET /credentials/:id
Get a single credential (metadata only)
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"id": number,
"name": string,
"provider": string,
"field_names": string[]
}
}POST /credentials
Create a new credential
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"provider": string,
"description": string (optional),
"fields": {
"key1": string,
"key2": string,
...
}
}
}Response: (201 Created)
{
"data": {
"id": number,
"name": string,
"provider": string,
"field_names": string[]
}
}PUT /credentials/:id
Update a credential
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string (optional),
"description": string (optional),
"fields": object (optional, re-encrypts if provided)
}
}Response:
{
"data": { /* updated credential */ }
}DELETE /credentials/:id
Delete a credential (requires step-up authentication - CASA 3.7.1)
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- X-Step-Up-Verified: true
Response:
{
"data": { "id": number }
}Document API
Base Path: /api
GET /documents
List documents
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
pagination[page]: numberpagination[pageSize]: numberfilters[...]: object
Response:
{
"data": [
{
"id": number,
"title": string,
"fileUrl": string,
"fileSize": number,
"mimeType": string,
"visibility": "user|global",
"owner": { "id": number },
"documentType": object (optional),
"ragEnabled": boolean,
"metadata": object
}
]
}POST /documents/upload
Upload a new document
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: multipart/form-data
Form Data:
file: file (required)global: "true"|"false" (optional, default: false)globalKey: string (optional)metadata: JSON string (optional)
Response: (201 Created)
{
"data": [
{
"id": number,
"title": string,
"fileUrl": string,
"fileSize": number,
"mimeType": string,
"documentType": object (if DOCX converted to PDF),
"metadata": object
}
]
}GET /documents/:id
Get a specific document
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"id": number,
"title": string,
"fileUrl": string,
...
}
}GET /documents/:id/download
Download a document
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response: (File stream)
- Content-Type: (document mime type)
- Content-Disposition: attachment
PUT /documents/:id
Update document metadata
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"title": string,
"metadata": object
}
}Response:
{
"data": { /* updated document */ }
}PUT /documents/:id/metadata
Update document metadata (alternative endpoint)
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"metadata": object
}Response:
{
"data": { /* updated document */ }
}PATCH /documents/:id/rag-status
Update RAG status for a document
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"ragEnabled": boolean,
"ragStatus": "enabled|disabled|processing|failed"
}Response:
{
"data": { /* updated document */ }
}DELETE /documents/:id
Delete a document
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { "id": number }
}GET /documents/global
List all global documents
Headers: (Optional)
- Authorization: Bearer {jwt_token}
Response:
{
"data": [
{
"id": number,
"title": string,
"visibility": "global",
...
}
]
}GET /documents/global/download/:key
Download a global document by key
Path Parameters:
key: string (global document key)
Response: (File stream)
GET /internal/documents
Internal endpoint to list RAG documents (service key auth)
Headers:
- X-Service-Key: string
Query Parameters:
user_id: numberenabled_only: boolean
Response:
{
"data": [
{
"id": number,
"title": string,
"fileUrl": string,
...
}
]
}GET /internal/documents/:id/rag-status
Internal endpoint to get RAG status
Path Parameters:
id: number
Headers:
- X-Service-Key: string
Response:
{
"data": {
"id": number,
"ragEnabled": boolean,
"ragStatus": string
}
}PATCH /internal/documents/:id/rag-status
Internal endpoint to update RAG status
Path Parameters:
id: number
Headers:
- X-Service-Key: string
- Content-Type: application/json
Request Body:
{
"ragStatus": "enabled|disabled|processing|failed",
"error": string (optional, for failed status)
}Response:
{
"data": { /* updated document */ }
}Event Bus API
Base Path: /api
POST /event-bus/drive-webhook
Handle Google Drive webhook notifications (public, called by Google)
Headers:
- X-Goog-Channel-ID: string
- X-Goog-Message-Number: string
- X-Goog-Resource-ID: string
- X-Goog-Resource-State: string
- X-Goog-Resource-URI: string
- X-Goog-Changed: string
Response: (200 OK, must respond quickly)
{
"received": true
}POST /event-bus/gmail-webhook
Handle Gmail Pub/Sub push notification (public)
Headers:
- Content-Type: application/json
Request Body:
{
"subscription": string,
"message": {
"messageId": string
}
}Response: (200 OK)
{
"received": true
}POST /event-bus/sources
Create a new event source
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"source_type": "google_drive|email",
"folder_id": string (for google_drive),
"folder_name": string (optional),
"email_address": string (for email),
"label_ids": string[] (optional, for email)
}Response:
{
"success": true,
"data": {
"id": number,
"source_type": string,
"status": string,
...
}
}GET /event-bus/sources
List event sources for current user
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"data": [
{
"id": number,
"source_type": string,
"folder_id": string,
"folder_name": string,
"status": "pending|active|disabled",
"createdAt": string
}
]
}DELETE /event-bus/sources/:id
Delete an event source
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"message": "Event source deleted"
}POST /event-bus/sources/:id/activate
Activate a pending event source
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"data": { /* activated source */ }
}GET /event-bus/stats
Get event bus statistics
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"data": {
"total_sources": number,
"active_sources": number,
"total_events_processed": number,
...
}
}GET /event-bus/logs
List event logs
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
limit: number (default: 50)offset: number (default: 0)source_id: number (optional)
Response:
{
"success": true,
"data": [
{
"id": number,
"event_source": { "id": number, "folder_name": string },
"event_type": string,
"status": string,
"createdAt": string
}
],
"pagination": {
"total": number,
"limit": number,
"offset": number
}
}POST /event-bus/renew-watches
Manually trigger watch renewal (admin)
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
force: "true"|"false" (optional)
Response:
{
"success": true,
"message": "Watch renewal completed"
}Google OAuth API
Base Path: /api
GET /google/oauth/authorize
Initiate OAuth flow to get authorization URL
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"authUrl": "https://accounts.google.com/o/oauth2/v2/auth?...",
"message": "Redirect user to this URL to authorize access"
}GET /google/oauth/callback
Handle OAuth callback (no auth required)
Query Parameters:
code: string (authorization code)state: string (state parameter for CSRF protection)error: string (optional, error from Google)
Response: (Redirect to frontend with result)
Redirect to: {FRONTEND_URL}/integrations?error={error} (on error)
or status page (on success)POST /google/oauth/revoke
Revoke Google access
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"message": "Google access revoked"
}GET /google/oauth/status
Get OAuth connection status
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"connected": boolean,
"user_email": string (optional),
"provider": string
}Job API
Base Path: /api
POST /jobs/generate-and-submit/:collection_id
Submit a job (document extraction, metadata scraping, RAG, or workflow)
Path Parameters:
collection_id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"job_type": "document_extraction|metadata_scraping|rag_processing|rag_chat|task_based_workflow",
"document_ids": number[] (for extraction/RAG),
"metadata": object (optional),
"documentType": number|string (optional),
"section": string (optional),
"workflow_definition": object (for workflow jobs),
"inputs": object (for workflow jobs),
"batch_mode": boolean (optional),
"config": object (optional)
}Response:
{
"job_id": string,
"success": true,
"message": string
}GET /jobs/:job_id
Get job status and results
Path Parameters:
job_id: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"id": number,
"job_id": string,
"job_type": string,
"status": "pending|processing|completed|failed",
"results": object (if completed),
"error": string (if failed),
"createdAt": string,
"updatedAt": string
}GET /jobs
Get all jobs submitted by current user
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
pagination[page]: numberpagination[pageSize]: numberfilters[status][$eq]: string
Response:
{
"data": [
{
"id": number,
"job_id": string,
"job_type": string,
"status": string,
"createdAt": string
}
]
}PUT /jobs/:job_id
Update job results (typically called by processor service)
Path Parameters:
job_id: string
Headers:
- Content-Type: application/json
- X-Service-Key: string (service auth)
Request Body:
{
"status": "completed|failed",
"results": object (if completed),
"error": string (if failed)
}Response:
{
"success": true,
"data": { /* updated job */ }
}DELETE /jobs/:job_id
Delete a job
Path Parameters:
job_id: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}Prompt API
Base Path: /api
GET /prompts
List prompts accessible to user
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
pagination[page]: numberpagination[pageSize]: number
Response:
{
"data": [
{
"id": number,
"name": string,
"description": string,
"content": string,
"category": string,
"tags": string[],
"visibility": "private|public|system",
"owner": { "id": number },
"createdAt": string
}
]
}GET /prompts/:id
Get a specific prompt
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { /* prompt object */ }
}POST /prompts
Create a new prompt
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string,
"content": string,
"category": string (optional),
"tags": string[],
"visibility": "private|public" (optional)
}
}Response: (201 Created)
{
"data": { /* created prompt */ }
}PUT /prompts/:id
Update a prompt
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string,
"content": string,
"tags": string[]
}
}Response:
{
"data": { /* updated prompt */ }
}DELETE /prompts/:id
Delete a prompt
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { "id": number }
}GET /prompts/permissions
Get user's prompt permissions
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"can_create": boolean,
"can_edit_own": boolean,
"can_delete_own": boolean
}
}POST /prompts/bulk-upload-system
Bulk upload system prompts (admin)
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: multipart/form-data
Form Data:
file: CSV|JSON file
Response:
{
"success": true,
"imported": number,
"skipped": number
}GET /prompts/system-stats
Get system prompts statistics (admin)
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"total_system_prompts": number,
"total_user_prompts": number,
"categories": object
}
}POST /prompts/generate-rtio
Generate RTIO (Role, Task, Input, Output) from prompt content
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"prompt_content": string
}Response:
{
"data": {
"role": string,
"task": string,
"input": string,
"output": string
}
}POST /internal/prompts/by-title
Internal endpoint to find prompt by title (service key auth)
Headers:
- X-Service-Key: string
- Content-Type: application/json
Request Body:
{
"title": string
}Response:
{
"data": { /* prompt object or null */ }
}RAG API
Base Path: /api
POST /documents/:id/enable-rag
Enable RAG for a document
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"data": {
"id": number,
"ragEnabled": true,
"ragStatus": "processing|enabled"
}
}POST /documents/:id/disable-rag
Disable RAG for a document
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true,
"data": {
"id": number,
"ragEnabled": false
}
}GET /documents/:id/rag-status
Get RAG status for a document
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"id": number,
"ragEnabled": boolean,
"ragStatus": "enabled|disabled|processing|failed",
"error": string (optional)
}
}POST /rag/query
Query RAG system for document retrieval
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"query": string,
"session_id": string (optional),
"filters": object (optional),
"top_k": number (default: 5),
"use_reranking": boolean (default: true),
"similarity_threshold": number (default: 0.3)
}Response:
{
"answer": string,
"sources": [
{
"title": string,
"content": string,
"file_url": string,
"similarity_score": number
}
],
"session_id": string
}POST /rag/sessions
Create a new RAG conversation session
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"title": string (optional)
}Response: (201 Created)
{
"data": {
"session_id": string,
"title": string,
"createdAt": string
}
}GET /rag/sessions
List RAG conversation sessions for user
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
limit: number (default: 50)offset: number
Response:
{
"data": [
{
"session_id": string,
"title": string,
"message_count": number,
"createdAt": string
}
]
}GET /rag/sessions/:sessionId
Get a specific RAG session
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"session_id": string,
"title": string,
"messages": [
{
"role": "user|assistant",
"content": string,
"created_at": string
}
]
}
}PATCH /rag/sessions/:sessionId
Update RAG session title
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"title": string
}Response:
{
"success": true
}DELETE /rag/sessions/:sessionId
Delete a RAG session
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}POST /internal/rag/enable
Internal endpoint to enable RAG (service key auth)
Headers:
- X-Service-Key: string
- Content-Type: application/json
Request Body:
{
"user_id": number,
"document_id": number
}Response:
{
"success": true
}POST /internal/rag/query
Internal endpoint to query RAG (service key auth)
Headers:
- X-Service-Key: string
- Content-Type: application/json
Request Body:
{
"user_id": number,
"query": string,
"top_k": number,
"filters": object
}Response:
{
"answer": string,
"sources": object[]
}Webhook API
Base Path: /api
POST /webhooks/trigger/:webhookId
Trigger a webhook (public, no auth required)
Path Parameters:
webhookId: string
Headers:
- Content-Type: application/json
- X-Webhook-Signature: string (HMAC-SHA256 of body)
Request Body:
{
"event": string,
"data": object,
"timestamp": string
}Response:
{
"success": true,
"deliveryId": string
}POST /webhooks
Create a new webhook
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"url": string,
"events": string[],
"active": boolean,
"headers": object (optional)
}
}Response: (201 Created)
{
"data": {
"id": number,
"webhookId": string,
"secret": string,
...
}
}GET /webhooks
List webhooks owned by user
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": [
{
"id": number,
"name": string,
"url": string,
"events": string[],
"active": boolean,
"createdAt": string
}
]
}GET /webhooks/:id
Get a specific webhook
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { /* webhook object */ }
}PUT /webhooks/:id
Update a webhook
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"url": string,
"events": string[],
"active": boolean
}
}Response:
{
"data": { /* updated webhook */ }
}DELETE /webhooks/:id
Delete a webhook
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}POST /webhooks/:id/regenerate-secret
Regenerate webhook secret
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"id": number,
"secret": string (new secret),
...
}
}Squad API
Base Path: /api
GET /squads
List squads owned by user
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": [
{
"id": number,
"name": string,
"description": string,
"agents": object[],
"status": string,
"createdAt": string
}
]
}POST /squads
Create a new squad
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string,
"agents": object[]
}
}Response: (201 Created)
{
"data": { /* created squad */ }
}GET /squads/:id
Get a specific squad
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": { /* squad object */ }
}PUT /squads/:id
Update a squad
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"name": string,
"description": string,
"agents": object[]
}
}Response:
{
"data": { /* updated squad */ }
}DELETE /squads/:id
Delete a squad
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}POST /squads/:id/kickoff
Execute a squad
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"inputs": object,
"config": object (optional)
}Response:
{
"jobId": string,
"status": "processing",
"startedAt": string
}GET /squads/jobs/:jobId
Poll squad job status
Path Parameters:
jobId: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"jobId": string,
"status": "processing|completed|failed",
"result": object (if completed),
"error": string (if failed)
}Workflow Execution API
Base Path: /api
GET /workflow-executions
List workflow executions
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
pagination[page]: numberfilters[...]: object
Response:
{
"data": [
{
"id": number,
"name": string,
"status": "pending|running|completed|failed",
"activity": { "id": number, "name": string },
"createdAt": string
}
]
}GET /workflow-executions/:id
Get a specific workflow execution
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"id": number,
"status": string,
"results": object,
"logs": string,
...
}
}POST /workflow-executions
Create a new workflow execution
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"activity": number,
"inputs": object
}
}Response: (201 Created)
{
"data": { /* created execution */ }
}PUT /workflow-executions/:id
Update workflow execution
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"data": {
"status": string,
"results": object
}
}Response:
{
"data": { /* updated execution */ }
}DELETE /workflow-executions/:id
Delete a workflow execution
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}POST /workflow-executions/:id/execute
Execute a workflow
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"inputs": object
}Response:
{
"data": {
"id": number,
"status": "queued",
"startedAt": string
}
}GET /workflow-executions/:id/status
Get workflow execution status
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"data": {
"id": number,
"status": "pending|running|completed|failed",
"progress": number,
"results": object (if completed)
}
}POST /workflow-executions/:id/resume
Resume a paused workflow execution
Path Parameters:
id: number
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"inputs": object (optional, for resuming with new inputs)
}Response:
{
"success": true,
"status": "resumed"
}POST /workflow-executions/test-llm-node
Test an LLM node configuration
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"node_config": {
"model": string,
"prompt": string,
"temperature": number
},
"inputs": object
}Response:
{
"success": true,
"output": string
}PUT /workflow-executions/internal/:id/results
Internal endpoint to update execution results (service key auth)
Path Parameters:
id: number
Headers:
- X-Service-Key: string
- Content-Type: application/json
Request Body:
{
"status": "completed|failed",
"results": object,
"error": string (optional)
}Response:
{
"success": true
}LLM Service API
Base URL: http://localhost:8080 (or deployed instance)
GET /health
Health check endpoint (no auth required)
Response:
{
"service": "turfai-llm",
"status": "healthy",
"version": "0.9.0",
"timestamp": "2025-03-27T...",
"dependencies": {
"llm_service": {
"status": "healthy",
"message": "LLM service initialized"
},
"configuration": {
"status": "healthy",
"message": "Configuration loaded"
}
}
}POST /api/v1/chat
Generate chat completions
Headers:
- Authorization: Bearer {api_key} OR X-API-Key: {api_key}
- Content-Type: application/json
Request Body:
{
"messages": [
{
"role": "system|user|assistant",
"content": string
}
],
"model_type": "vertex|openai|anthropic|ollama|gemini2.5",
"temperature": number (optional, default: 0.7),
"max_tokens": number (optional),
"top_p": number (optional),
"stream": boolean (optional, default: false),
"thinking_config": object (optional, for gemini2.5 only)
}Response:
{
"content": string,
"model": string,
"usage": {
"input_tokens": number,
"output_tokens": number,
"total_tokens": number
},
"stop_reason": string
}POST /api/v1/extract
Extract structured information from content
Headers:
- Authorization: Bearer {api_key}
- Content-Type: application/json
Request Body:
{
"messages": [
{
"role": "user",
"content": string
}
],
"model_type": "vertex|openai|anthropic",
"output_format": {
"type": "json|xml",
"schema": object (optional, for JSON schema)
},
"file_urls": [
{
"url": string,
"type": "pdf|text|image|json"
}
] (optional)
}Response:
{
"content": object (parsed from LLM response),
"raw_response": string,
"model": string,
"usage": object
}POST /api/v1/classify
Classify content into categories
Headers:
- Authorization: Bearer {api_key}
- Content-Type: application/json
Request Body:
{
"content": string,
"categories": string[],
"model_type": "vertex|openai|anthropic",
"explain": boolean (optional, default: false)
}Response:
{
"category": string,
"confidence": number,
"explanation": string (optional),
"model": string
}POST /api/v1/embed
Generate text embeddings
Headers:
- Authorization: Bearer {api_key}
- Content-Type: application/json
Request Body:
{
"texts": string[],
"model_type": "vertex|openai|anthropic"
}Response:
{
"embeddings": [
{
"text": string,
"vector": number[],
"dimension": number
}
],
"model": string
}GET /api/v1/models
List available models
Headers:
- Authorization: Bearer {api_key}
Response:
{
"models": [
{
"name": string,
"provider": string,
"context_window": number,
"supports_vision": boolean
}
]
}RAG Query Service API
Base URL: http://localhost:8003 (or deployed instance)
GET /health
Health check endpoint (no auth required)
Response:
{
"service": "rag-query-service",
"status": "healthy",
"version": "1.0.0",
"timestamp": "2025-03-27T...",
"dependencies": {
"database": {
"status": "healthy",
"message": "Database connection successful"
},
"vector_store": {
"status": "healthy",
"message": "Vector store initialized"
}
}
}POST /api/v1/rag/query
Query RAG system for documents and generate answer
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"query": string,
"user_id": number,
"session_id": string (optional),
"document_ids": number[] (optional, filter to specific documents),
"top_k": number (default: 5, number of documents to retrieve),
"use_reranking": boolean (default: true),
"similarity_threshold": number (default: 0.3),
"filters": object (optional, metadata filters),
"collection_id": number (optional)
}Response:
{
"answer": string,
"sources": [
{
"document_id": number,
"title": string,
"content": string (snippet),
"file_url": string,
"similarity_score": number,
"chunk_index": number
}
],
"session_id": string,
"tokens_used": {
"input": number,
"output": number
}
}POST /api/v1/rag/sessions
Create a new RAG conversation session
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"title": string (optional),
"user_id": number,
"document_ids": number[] (optional)
}Response: (201 Created)
{
"session_id": string,
"title": string,
"user_id": number,
"document_ids": number[],
"created_at": string,
"updated_at": string
}GET /api/v1/rag/sessions
List RAG sessions for user
Headers:
- Authorization: Bearer {jwt_token}
Query Parameters:
user_id: numberlimit: number (default: 50)offset: number (default: 0)
Response:
{
"sessions": [
{
"session_id": string,
"title": string,
"message_count": number,
"updated_at": string
}
],
"total": number,
"limit": number,
"offset": number
}GET /api/v1/rag/sessions/:sessionId
Get a specific RAG session with all messages
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"session_id": string,
"title": string,
"user_id": number,
"messages": [
{
"role": "user|assistant",
"content": string,
"sources": object[] (for assistant messages),
"timestamp": string
}
],
"created_at": string,
"updated_at": string
}PATCH /api/v1/rag/sessions/:sessionId
Update session title
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
- Content-Type: application/json
Request Body:
{
"title": string
}Response:
{
"success": true
}DELETE /api/v1/rag/sessions/:sessionId
Delete a RAG session
Path Parameters:
sessionId: string
Headers:
- Authorization: Bearer {jwt_token}
Response:
{
"success": true
}Authentication & Authorization
Token Types
-
JWT (Bearer Token): User authentication via
/auth/loginendpoint (Strapi standard)- Used for all authenticated endpoints
- Header:
Authorization: Bearer {jwt_token} - Expires: Usually 30 days (configurable)
-
API Keys: Service-to-service authentication
- Agent API Key: Format
ak_... - Chatbot API Key: Format
cb_... - Service Key: X-Service-Key header for internal service authentication
- Agent API Key: Format
-
Step-Up Authentication: Additional verification for sensitive operations
- CASA 3.7.1 compliance
- Requires OTP verification
- Header:
X-Step-Up-Verified: true
Authorization Levels
- Public (no auth): Some endpoints like public chat, OAuth callback
- Authenticated (JWT required): Most endpoints require valid user token
- Owner-scoped: Resources scoped to authenticated user (agent, chatbot, credential ownership)
- Admin: Super Admin role required for system-level operations
- Service (internal): Internal service-to-service communication via service key
Security Features
- JWT Blacklist on Logout (CASA 3.3.1): Invalidates tokens immediately
- Step-Up Re-authentication (CASA 3.7.1): OTP verification for sensitive operations
- API Key Rotation: Regenerate keys via dedicated endpoints
- Rate Limiting: Built-in per agent/chatbot (e.g., 60 requests/minute)
- Credential Encryption: Fields encrypted at rest using AES-256-GCM
- CORS: Configurable allowed origins
- CSRF Protection: State parameter in OAuth flows
Error Responses
All endpoints return error responses in this format:
400 Bad Request
{
"error": "Invalid request",
"message": "Descriptive error message",
"details": object (optional)
}401 Unauthorized
{
"error": "Unauthorized",
"message": "Authentication required or invalid token"
}403 Forbidden
{
"error": "Forbidden",
"message": "You do not have permission to access this resource"
}404 Not Found
{
"error": "Not found",
"message": "Resource not found"
}429 Too Many Requests
{
"error": "Rate limit exceeded",
"message": "Maximum requests per minute exceeded",
"retryAfter": 60
}500 Internal Server Error
{
"error": "Internal server error",
"message": "Server encountered an error processing your request"
}File Paths Reference
All controller and route files are located at:
/Users/shwethashankar/openturf/turfai/dms/src/api/{module}/routes//Users/shwethashankar/openturf/turfai/dms/src/api/{module}/controllers/
External services:
- LLM Service:
/Users/shwethashankar/openturf/turfai/llm-service/api/main.py - RAG Query Service:
/Users/shwethashankar/openturf/turfai/rag_query_service/main.py
This comprehensive documentation covers all 23 API modules with complete endpoint specifications for request/response bodies, headers, query/path parameters, and types.