HTTP API Reference
The Akshi runtime exposes an HTTP API for monitoring, control, and inter-agent communication. The dashboard and SDKs use this API internally.
Base URL
http://127.0.0.1:3210/api/v1/
The port is configured by dashboard.port in runtime.toml.
Authentication
All endpoints require authentication unless the runtime is started in local-only mode. Two methods are supported:
| Method | Header / Cookie |
|---|---|
| Bearer token (recommended) | Authorization: Bearer <token> |
| Dashboard cookie | akshi_dashboard_token=<token> |
See Authentication for details on CSRF and CORS.
CSRF protection
Mutating requests (POST, PUT, PATCH, DELETE) that use cookie
authentication must include the X-Akshi-Csrf header. Bearer-token requests
are exempt.
Rate limiting
Every response includes rate-limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Remaining requests in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Error format
All errors return a JSON body:
{"error": "code", "detail": "human-readable message"}
HTTP status codes follow standard semantics: 400 for bad input, 401 for
missing auth, 403 for forbidden, 404 for not found, 429 for rate limited.
Endpoint categories
| Category | Page | Prefix |
|---|---|---|
| Health & Metrics | health-metrics | /api/v1/health, /api/v1/metrics |
| Agent Status | agent-status | /api/v1/agents |
| Logs & Findings | logs-findings | /api/v1/logs, /api/v1/findings |
| Event Streams | event-streams | /api/v1/events (SSE) |
| A2A Tasks | a2a-tasks | /api/v1/a2a |
| Approvals | approvals | /api/v1/approvals |
| Broker Grants | broker-grants | /api/v1/broker |
| Sync & Convergence | sync-convergence | /api/v1/sync |
| Registry | registry | /api/v1/registry |
| MCP Server | mcp-server | /api/v1/mcp |
| Discovery | discovery | /.well-known/ |