Hivekeep exposes a REST API used by the web UI and available for external integrations. All endpoints are under /api/ and require authentication unless noted otherwise.
Authenticate using either:
API key header: X-API-Key: <your-api-key>Session cookie set during login
Auth routes (/api/auth/*) are handled by Better Auth and don’t require pre-authentication. Onboarding routes (/api/onboarding/*) are also unauthenticated (first-run setup).
All API routes return JSON. Errors use a consistent envelope with a machine-readable code and a human-readable message:
" code " : "PROVIDER_NOT_FOUND" ,
" message " : "Provider not found"
The HTTP status reflects the error class (400 validation, 401 unauthenticated, 403 forbidden, 404 not found, 409 conflict, 429 rate-limited, 500 server error). Common codes include VALIDATION_ERROR, NOT_FOUND, UNAUTHORIZED, FORBIDDEN, and resource-specific codes such as PROVIDER_NOT_FOUND or SESSION_EXPIRED.
Method Endpoint Description GET/api/agentsList all Agents POST/api/agentsCreate a new Agent GET/api/agents/:idGet Agent details PATCH/api/agents/:idUpdate an Agent DELETE/api/agents/:idDelete an Agent GET/api/agents/:id/toolsList available tools (grouped by domain) GET/api/agents/:id/context-usageGet context window usage GET/api/agents/:id/context-previewGet full LLM context preview (system prompt, messages, tools, token estimates). Accepts ?taskId or ?sessionId query params POST/api/agents/:id/avatarUpload avatar (multipart) POST/api/agents/:id/avatar/generateGenerate avatar with AI POST/api/agents/avatar/previewPreview generated avatar POST/api/agents/generate-configAI-generate Agent config from description GET/api/agents/:id/exportExport Agent as archive POST/api/agents/importImport Agent from archive
Method Endpoint Description GET/api/agents/:agentId/messagesGet conversation history POST/api/agents/:agentId/messagesSend a message to an Agent POST/api/agents/:agentId/messages/injectInject a message with high priority (aborts current stream if active, used by /btw command)
Method Endpoint Description GET/api/agents/:agentId/messages/:messageId/reactionsList reactions on a message POST/api/agents/:agentId/messages/:messageId/reactionsAdd or toggle a reaction
Method Endpoint Description GET/api/agents/:id/compacting/summariesList compacting summaries (with date ranges, token estimates, depth) GET/api/agents/:id/compacting/snapshotsList compacting summaries (backwards-compatible alias, returns legacy format) POST/api/agents/:id/compacting/runTrigger manual compacting POST/api/agents/:id/compacting/purgePurge compacting data (deactivate all active summaries) POST/api/agents/:id/compacting/rollbackRollback to a summary (archives newer summaries)
Memories can be accessed via Agent-scoped routes or global maintenance routes.
Method Endpoint Description GET/api/agents/:id/memoriesList memories for an Agent POST/api/agents/:id/memoriesCreate a memory PATCH/api/agents/:id/memories/:memoryIdUpdate a memory DELETE/api/agents/:id/memories/:memoryIdDelete a memory
Method Endpoint Description GET/api/memoriesList all memories (cross-Agent) POST/api/memories/backfill-importanceBackfill importance scores POST/api/memories/consolidateRun memory consolidation POST/api/memories/reembedRe-embed all memories
Agent-scoped knowledge base (RAG document sources).
Method Endpoint Description GET/api/agents/:agentId/knowledgeList knowledge sources POST/api/agents/:agentId/knowledgeAdd a knowledge source GET/api/agents/:agentId/knowledge/searchSearch knowledge GET/api/agents/:agentId/knowledge/:sourceIdGet source details DELETE/api/agents/:agentId/knowledge/:sourceIdDelete a source POST/api/agents/:agentId/knowledge/:sourceId/reprocessReprocess a source
Channels are managed globally (not scoped to an Agent).
Method Endpoint Description GET/api/channelsList all channels POST/api/channelsCreate a channel GET/api/channels/pending-countGet pending message counts GET/api/channels/:idGet channel details PATCH/api/channels/:idUpdate a channel DELETE/api/channels/:idDelete a channel POST/api/channels/:id/activateActivate a channel POST/api/channels/:id/deactivateDeactivate a channel POST/api/channels/:id/testTest channel configuration GET/api/channels/:id/user-mappingsList user mappings POST/api/channels/:id/user-mappings/:mapId/approveApprove a user mapping
Platform-specific webhook endpoints (no auth required, verified by platform signature):
Method Endpoint Description POST/api/channels/telegram/:channelIdTelegram webhook POST/api/channels/slack/webhook/:channelIdSlack Events API GET/POST/api/channels/whatsapp/webhook/:channelIdWhatsApp verification & webhook POST/api/channels/signal/webhook/:channelIdSignal webhook
Method Endpoint Description GET/api/mini-appsList all mini-apps POST/api/mini-appsCreate a mini-app GET/api/mini-apps/:idGet mini-app details PATCH/api/mini-apps/:idUpdate a mini-app DELETE/api/mini-apps/:idDelete a mini-app GET/api/mini-apps/by-slug/:agentId/:slugGet mini-app by Agent + slug GET/api/mini-apps/gallery/browseBrowse mini-app gallery POST/api/mini-apps/:id/generate-iconGenerate an icon with AI
Method Endpoint Description GET/api/mini-apps/:id/filesList app files GET/api/mini-apps/:id/files/*Read a file PUT/api/mini-apps/:id/files/*Write a file DELETE/api/mini-apps/:id/files/*Delete a file
Method Endpoint Description GET/api/mini-apps/:id/storageList all keys GET/api/mini-apps/:id/storage/:keyGet a value PUT/api/mini-apps/:id/storage/:keySet a value DELETE/api/mini-apps/:id/storage/:keyDelete a key DELETE/api/mini-apps/:id/storageClear all storage
Method Endpoint Description GET/api/mini-apps/:id/snapshotsList snapshots POST/api/mini-apps/:id/snapshotsCreate a snapshot POST/api/mini-apps/:id/snapshots/:version/rollbackRollback to snapshot
Method Endpoint Description POST/api/mini-apps/:id/httpProxy HTTP request to app backend GET/api/mini-apps/:id/eventsSSE stream from app backend GET/api/mini-apps/:id/memories/searchSearch mini-app memories POST/api/mini-apps/:id/memoriesCreate a mini-app memory
Method Endpoint Description GET/api/mini-apps/:id/serveServe mini-app HTML GET/api/mini-apps/:id/static/*Serve static assets
Method Endpoint Description GET/api/mini-apps/sdk/hivekeep-sdk.jsSDK JavaScript GET/api/mini-apps/sdk/hivekeep-react.jsReact bindings GET/api/mini-apps/sdk/hivekeep-components.jsComponent library GET/api/mini-apps/sdk/hivekeep-sdk.cssSDK stylesheet GET/api/mini-apps/sdk/*.d.tsTypeScript declarations
Ephemeral conversation sessions for quick interactions.
All session responses include an expiresAt field (Unix timestamp in ms, or null). Sending a message to an expired session returns 409 SESSION_EXPIRED.
Method Endpoint Description GET/api/agents/:agentId/quick-sessionsList sessions for an Agent POST/api/agents/:agentId/quick-sessionsCreate a session
Method Endpoint Description GET/api/quick-sessions/:idGet session with messages POST/api/quick-sessions/:id/messagesSend a message POST/api/quick-sessions/:id/messages/stopStop AI generation POST/api/quick-sessions/:id/closeClose a session
Sub-tasks spawned by Agents (inter-Agent delegation, subtasks). Tasks support concurrency groups : tasks in the same group are limited to a max number of parallel executions, with excess tasks queued and auto-promoted.
Method Endpoint Description GET/api/tasksList all tasks GET/api/tasks/:idGet task details with messages POST/api/tasks/:id/cancelCancel a running task POST/api/tasks/:id/pausePause a running task (preserves state) POST/api/tasks/:id/resumeResume a paused task, optionally with a message ({ message?: string }) POST/api/tasks/:id/injectInject a message into a running task ({ content: string }), aborts current stream and re-triggers with addendum POST/api/tasks/:id/force-promoteForce-start a queued task (ignoring concurrency limit)
Method Endpoint Description GET/api/pluginsList installed plugins POST/api/pluginsInstall a plugin PATCH/api/plugins/:idUpdate plugin config DELETE/api/plugins/:idUninstall a plugin
See Plugin API for the full plugin store and registry routes.
Method Endpoint Description GET/api/providersList providers with status POST/api/providersConfigure a provider PATCH/api/providers/:idUpdate provider config DELETE/api/providers/:idRemove provider config POST/api/providers/:id/testTest provider connection
See Providers for the full provider reference.
Method Endpoint Description GET/api/contactsList contacts POST/api/contactsCreate a contact GET/api/contacts/:idGet contact details PATCH/api/contacts/:idUpdate a contact DELETE/api/contacts/:idDelete a contact PUT/api/contacts/:id/identifiersReplace all identifiers atomically POST/api/contacts/:id/identifiersAdd an identifier PATCH/api/contacts/:id/identifiers/:identifierIdUpdate an identifier DELETE/api/contacts/:id/identifiers/:identifierIdRemove an identifier GET/api/contacts/:id/platform-idsList platform IDs POST/api/contacts/:id/platform-idsAdd a platform ID DELETE/api/contacts/:id/platform-ids/:pidIdRemove a platform ID POST/api/contacts/:id/notesAdd a note PATCH/api/contacts/:id/notes/:noteIdUpdate a note DELETE/api/contacts/:id/notes/:noteIdDelete a note
Method Endpoint Description GET/api/mcp-serversList MCP server configs POST/api/mcp-serversAdd an MCP server PATCH/api/mcp-servers/:idUpdate MCP server POST/api/mcp-servers/:id/approveApprove an MCP server DELETE/api/mcp-servers/:idRemove MCP server
Cron jobs are managed globally (not scoped to an Agent).
Method Endpoint Description GET/api/cronsList cron jobs POST/api/cronsCreate a cron job PATCH/api/crons/:idUpdate a cron job POST/api/crons/:id/triggerTrigger a job immediately POST/api/crons/:id/approveApprove a pending job DELETE/api/crons/:idDelete a cron job
Webhooks are managed globally.
Method Endpoint Description GET/api/webhooksList webhooks POST/api/webhooksCreate a webhook PATCH/api/webhooks/:idUpdate a webhook DELETE/api/webhooks/:idDelete a webhook GET/api/webhooks/:id/logsGet webhook execution logs POST/api/webhooks/:id/regenerate-tokenRegenerate webhook token POST/api/webhooks/:id/test-filterTest a payload filter against a sample payload POST/api/webhooks/:id/suggest-fieldsExtract field path suggestions from the last received payload
Method Endpoint Description POST/api/webhooks/incoming/:webhookIdReceive an incoming webhook (rate-limited)
Secure storage for secrets and sensitive data.
Method Endpoint Description GET/api/vaultList vaults POST/api/vaultCreate a vault PATCH/api/vault/:idUpdate a vault DELETE/api/vault/:idDelete a vault
Method Endpoint Description GET/api/vault/entriesList entries POST/api/vault/entriesCreate an entry GET/api/vault/entries/:idGet entry details PATCH/api/vault/entries/:idUpdate an entry DELETE/api/vault/entries/:idDelete an entry
Method Endpoint Description GET/api/vault/entries/:id/attachmentsList attachments POST/api/vault/entries/:id/attachmentsUpload attachment GET/api/vault/attachments/:idDownload attachment DELETE/api/vault/attachments/:idDelete attachment
Method Endpoint Description GET/api/vault/typesList vault types POST/api/vault/typesCreate a type PATCH/api/vault/types/:idUpdate a type DELETE/api/vault/types/:idDelete a type
Shared file hosting with optional expiration and passwords.
Method Endpoint Description GET/api/file-storageList stored files POST/api/file-storageUpload a file (multipart) GET/api/file-storage/:idDownload a file PATCH/api/file-storage/:idUpdate file metadata DELETE/api/file-storage/:idDelete a file
Internal file uploads (used by messages).
Method Endpoint Description POST/api/files/uploadUpload a file (multipart)
Method Endpoint Description GET/api/notificationsList notifications GET/api/notifications/unread-countGet unread count PATCH/api/notifications/:id/readMark as read POST/api/notifications/mark-all-readMark all as read DELETE/api/notifications/:idDelete a notification
Pending approval prompts (e.g. tool use confirmations).
Method Endpoint Description GET/api/prompts/pendingList pending prompts POST/api/prompts/:id/respondRespond to a prompt
Method Endpoint Description GET/api/usersList users GET/api/users/mentionablesList mentionable users DELETE/api/users/:idDelete a user
Method Endpoint Description GET/api/invitationsList invitations POST/api/invitationsCreate an invitation DELETE/api/invitations/:idDelete an invitation GET/api/invitations/:token/validateValidate an invitation token
Method Endpoint Description GET/api/settings/global-promptGet global system prompt PUT/api/settings/global-promptUpdate global prompt GET/api/settings/modelsGet extraction + embedding model config (legacy) GET/api/settings/default-modelsGet all model/service defaults (LLM, image, compacting, scout, extraction, embedding, search, TTS, STT) PUT/api/settings/default-llmSet default LLM model + provider PUT/api/settings/default-imageSet default image generation model + provider PUT/api/settings/default-compactingSet default compacting model + provider PUT/api/settings/default-scoutSet default scout model + provider PUT/api/settings/default-searchSet default search provider PUT/api/settings/default-ttsSet default text-to-speech provider/model PUT/api/settings/default-sttSet default speech-to-text provider/model PUT/api/settings/extraction-modelSet memory extraction model PUT/api/settings/embedding-modelSet embedding model GET/api/settings/task-limitsGet task concurrency/depth limits PUT/api/settings/task-limitsUpdate task limits GET/api/settings/avatar-styleGet the global avatar art style PUT/api/settings/avatar-styleUpdate the avatar art style GET/api/settings/dismissed-setup-itemsList dismissed setup-checklist items POST/api/settings/dismissed-setup-items/:itemIdDismiss a setup-checklist item DELETE/api/settings/dismissed-setup-items/:itemIdRestore a dismissed setup item
Method Endpoint Description GET/api/meGet current user info PATCH/api/meUpdate profile POST/api/me/avatarUpload avatar (multipart)
Public access to shared files (no auth required, token-based).
Method Endpoint Description GET/s/:tokenView shared content POST/s/:tokenAccess password-protected share
Method Endpoint Description GET/api/version-checkGet cached version info (current version, latest, update available, release notes). Returns isUpdateAvailable: false if disabled POST/api/version-check/checkForce a fresh version check (admin only). Returns 400 if version check is disabled POST/api/version-check/updateSelf-update: runs git pull + bun install and restarts (admin only, non-Docker). Returns 400 in Docker mode
Token usage tracking for all LLM calls. All routes require admin role.
Method Endpoint Description GET/api/usagePaginated list of LLM usage records with filters (agentId, providerId, providerType, modelId, taskId, cronId, callSite, from/to timestamps) GET/api/usage/summaryAggregated usage grouped by dimension (groupBy: provider_type, model_id, agent_id, call_site, day)
Method Endpoint Description GET/api/sseSSE event stream (see SSE Events )
