Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

API overview

ScaiControl exposes a single REST API at /api/v1. All endpoints take and return JSON unless explicitly noted.

Base URL#

  • Production: https://www.scailabs.ai/api/v1
  • Local/dev: http://localhost:8000/api/v1

Authentication#

All endpoints other than /auth/config require a Bearer token issued by ScaiKey. The token's claims (sub, tenant_id, partner_id, roles, permissions) flow into FastAPI dependencies for tenant filtering and RBAC.

text
1
Authorization: Bearer <jwt>

Most admin endpoints additionally check a permission scope via require_permission("<scope>"). Roles map to permission sets server-side; see Authentication & RBAC.

Error envelope#

Non-2xx responses follow a consistent envelope:

json
1
2
3
4
5
6
7
{
  "error": {
    "code": "not_found",
    "message": "Invoice 'foo' not found",
    "request_id": "req_…"
  }
}

Common codes: not_found (404), bad_request (400), conflict (409), forbidden (403), unauthorized (401), internal_error (500).

Versioning#

The API uses a single major version (v1) baked into the URL. Backwards-compatible field additions to responses do not bump the version; breaking changes ship under v2 once they accumulate.

Endpoint groups#

Each group page lists every endpoint with its parameters, request body shape, response shape, and the permission scope required.

Updated 2026-05-18 01:48:41 View source (.md) rev 2