Nolixan

API reference

The Nolixan REST API surface — base URL, auth, the response envelope, and a catalog of every endpoint group.

All endpoints are mounted under /api/v1. Public (SDK) routes authenticate with an API key; admin routes authenticate with a JWT and (where noted) an Environment-Id header. See Authentication for the three auth methods.

Base URL:  https://your-host/api/v1
Auth:      API-Key: sk_…                    (SDK / execution)
           Authorization: Bearer <JWT>      (admin / dashboard)
           Environment-Id: <id>             (with JWT, to scope the environment)

Response envelope

Successful responses return the resource directly. Errors are always normalized to a single envelope:

{ "error": { "code": "http_error", "message": "…" } }
  • Validation errors → { "error": { "code": "validation_error", "message": "Invalid request", "details": [...] } } (HTTP 422).
  • Unhandled errors → { "error": { "code": "internal_server_error", "message": "An unexpected error occurred" } } (HTTP 500).

Stack traces and SQL never reach the client. See Troubleshooting for status codes and Rate limits for 429 + X-RateLimit-* headers.

Execution & connections (API-Key)

MethodPathPurpose
POST/actions/executeRun a governed action (Executing actions)
POST/actions/execute-asyncRun asynchronously; pair with /actions/await-webhook
POST/actions/{provider}/{action_name}/policy-checkDry-run the policy decision
GET/catalog, /catalog/{provider}Browse providers and actions
GET/actions/{provider}/{action_name}Action schema + risk classification
GET/POST/connections, /connections/{provider}/{connection_id}Manage connections
POST/connections/{provider}/{connection_id}/testHealth-check a connection
*/proxy/{provider}/{connection_id}/...Governed passthrough to the provider API
POST/mcp/, GET /mcp/configMCP gateway (JSON-RPC)

Governance (JWT)

GroupBase pathDocs
Policies (allow/deny/approval/transform, simulate, lineage)/governance/policiesPolicies
Approvals (list, approve, deny)/governance/approvalsApprovals
Tool-poisoning scan/governance/tool-scanTool scanner
Data redaction (DLP)/redaction/*Redaction
Compliance, data export, retention, SIEM/compliance/*Compliance
Spend budgets/cost/*Spend budgets
SLOs/slo/*SLOs
Agent identity + JIT credentials/agents/*Agent identity

Platform (JWT)

GroupBase pathDocs
API keys & grants/api-keys/*API keys
Team & roles/team/*, /roles/*Team & RBAC
MCP OAuth (AS+RS)/oauth-server/*, /.well-known/oauth-*MCP OAuth
Webhooks & triggers/webhook*, /triggers/*Webhooks · Triggers
Audit export/admin/audit-events/exportAudit export
Usage & metering/admin/usage/*Observability

The backend also serves an OpenAPI schema at /openapi.json and interactive docs at /docs on the API host — useful for exploring exact request/response models.

On this page