Authentication

All public endpoints except healthcheck require an API token.

X-API-Key: <api_token>

Getting an API key

API keys are currently issued by the administrator. Contact: @iambatashev

Each API key has a list of allowed scopes. If the key is missing a required scope, the API returns 403.

Scope	Access
`messages.read`	Source metadata and source messages
`search.read`	Semantic message search
`summary.run`	Chat and channel summaries
`message.send`	Outbound message sending
`workflow.manage`	Reserved for workflow routes, currently not public

{
  "status": 401,
  "detail": "Missing API key.",
  "error_code": "auth.api_key_missing",
  "extra": null
}