Skip to content

HTTP routes

All routes registered by the ingestion API (packages/ingestion/handler/routes.go). Auth column legend: none (public), SDK (X-API-Key per-environment key; browser endpoints also origin-gated and rate-limited per project), session (dashboard JWT cookie or CLI token), either (session or SDK).

These are curated tables, not a stability contract — the API is early-stage and may change. The drift check fails the repository test gate (pnpm test, which CI runs) if this page and routes.go disagree.

MethodPathAuthPurpose
GET/healthnoneLiveness + dependency checks
GET/metricsnoneInternal metrics
POST/auth/refreshnoneRotate session tokens
GET/auth/githubnoneBegin GitHub OAuth sign-in
GET/auth/github/callbacknoneOAuth callback
GET+POST/oauth/authorizenoneCLI PKCE authorization
POST/oauth/tokennoneCLI PKCE token exchange
POST/api/v1/agent/setupnoneAgent-first onboarding start
GET/api/v1/agent/poll/{sessionID}noneAgent onboarding poll
GET/agent/auth/{sessionID}noneAgent onboarding browser auth
GET/agent/auth/callbacknoneAgent onboarding callback
POST/api/v1/github/webhookHMACGitHub webhook receiver — requires X-GitHub-Delivery (400 without it); responds processed, no_match, or duplicate (idempotent on redelivery)
MethodPathOrigin-gatedPurpose
POST/api/v1/eventsyesIngest an error event
POST/api/v1/replays/inityesBegin a replay upload
POST/api/v1/replays/{replayID}/completeyesFinish a replay upload
POST/api/v1/replays/{replayID}/failyesRecord a replay upload failure
POST/api/v1/sessions/inityesRegister a session; returns the recording kill switch
POST/api/v1/sessions/{sessionID}/chunks/upload-urlyesSize-capped presigned POST policy for one chunk
POST/api/v1/sessions/{sessionID}/chunks/{seq}/commityesAcknowledge an uploaded chunk exists
POST/api/v1/sessions/{sessionID}/chunks/{seq}/inlineyesKeepalive tail flush on tab close (at most 64KB)
POST/api/v1/sourcemapsno (build-time upload)Upload source maps
MethodPathPurpose
GET/api/v1/auth/meCurrent user
GET/api/v1/auth/verifyValidate session
POST/api/v1/auth/logoutEnd session
GET/api/v1/admin/overviewOperator-only cross-tenant observability overview (404 unless allowlisted)
GET/api/v1/admin/jobsOperator-only recent jobs (404 unless allowlisted)
POST/api/v1/onboarding/setupFirst-run setup
GET/api/v1/projectsList projects
POST/api/v1/projectsCreate project
PATCH/api/v1/projects/{projectID}Update project (partial: omitted/null fields are preserved, so github_repo can no longer be cleared here)
GET/api/v1/projects/{projectID}/fix-statsPer-kind fix generation and PR outcome receipts
GET/api/v1/projects/{projectID}/environmentsList environments
POST/api/v1/projects/{projectID}/environmentsCreate environment
POST/api/v1/environments/{envID}/api-keysCreate ingest key
GET/api/v1/projects/{projectID}/api-keysList ingest keys
GET/api/v1/projects/{projectID}/replays/{replayID}Fetch a replay
GET/api/v1/projects/{projectID}/sessionsList sessions with filters and keyset pagination
GET/api/v1/projects/{projectID}/sessions/{sessionID}Session detail and scrubbed chunk manifest
GET/api/v1/projects/{projectID}/sessions/{sessionID}/chunks/{seq}Fetch one decoded, re-redacted scrubbed chunk
GET/api/v1/projects/{projectID}/incidents/{incidentID}/affected-usersAffected users
POST/api/v1/projects/{projectID}/incidents/{incidentID}/fixTrigger an eligible error or approved friction fix
POST/api/v1/projects/{projectID}/incidents/{incidentID}/resolveResolve incident
POST/api/v1/projects/{projectID}/incidents/{incidentID}/archiveArchive incident
POST/api/v1/projects/{projectID}/incidents/{incidentID}/unarchiveUnarchive incident
GET/api/v1/projects/{projectID}/accountsList B2B accounts
GET/api/v1/projects/{projectID}/accounts/{accountID}Account detail
GET/api/v1/projects/{projectID}/accounts/{accountID}/incidentsAccount incidents
GET/api/v1/github/setupGitHub App install callback
GET/api/v1/github/statusGitHub App status
GET/api/v1/github/reposList installable repos
PUT/api/v1/projects/{projectID}/githubSet project repo config
GET/api/v1/projects/{projectID}/githubGet project repo config
DELETE/api/v1/projects/{projectID}/githubRemove project repo config
POST/api/v1/projects/{projectID}/setup-prOpen SDK setup PR
GET/api/v1/projects/{projectID}/setup-prSetup PR status
MethodPathPurpose
GET/api/v1/projects/{projectID}/event-countEvent count stats
GET/api/v1/projects/{projectID}/incidentsList incidents
GET/api/v1/projects/{projectID}/incidents/{incidentID}Incident detail
MethodPathAuthPurpose
GET/internal/v1/projects/{projectID}/sessions/{sessionID}/chunks/{seq}X-Internal-TokenWorker fetch of one decoded, re-redacted scrubbed chunk

Any other path serves the dashboard SPA from DASHBOARD_DIR (missing static assets 404 rather than falling back to index.html).