API Reference

161 endpoints across 25 resource groups. All prefixed with /api/v1/. The machine-readable spec for agent self-discovery is at GET /api/v1/agent-docs (no auth required).

Endpoint groups

Overview

All endpoints are prefixed with /api/v1/. The machine-readable spec at GET /api/v1/agent-docs contains the full catalog with request shapes, pricing, and examples — paste it into any LLM and the agent can bootstrap itself.

Bearer tokens

Authentication

CredentialPrefixUse For
Agent API keyagent_key_live_ / agent_key_test_Agent identity. Dispatching service requests. Shown once.
Personal Access Tokenupivia_pat_live_Managing agents, checking balances, CLI, MCP. Mint at /settings/tokens.
Cookie session(browser)Web UI authentication. Automatic with NextAuth.js.
Webhook signaturesHMAC / Ed25519Inbound: Stripe, Discord, Twilio, generic reconcile.
bash
# Agent dispatching:
Authorization: Bearer agent_key_live_xxxxxxxxxxxxxxxxx

# You managing via PAT:
Authorization: Bearer upivia_pat_live_xxxxxxxxxxxxxxxx
31 endpoints

Agents API

EndpointDescription
GET /v1/agentsList agents in current org (excludes chat-owned)
POST /v1/agentsCreate agent — returns plaintext API key once
GET /v1/agents/:idGet agent details
PATCH /v1/agents/:idUpdate name, description, status, icon, category, personality, voiceConfig
DELETE /v1/agents/:idDelete agent (YUPI and chat agents protected)
PATCH /v1/agents/:id/keyRotate API key — returns new key once
POST /v1/agents/:id/servicesEnable a service with budget/limits
GET /v1/agents/:id/skillsList agent's workflow + service skills
POST /v1/agents/:id/cloneClone agent with all bindings, new key
PATCH /v1/agents/:id/budgetSet agent-level monthly budget cap
POST /v1/agents/:id/publishRequest publication (team/org scope)
GET /v1/agents/:id/activityActivity ledger: audit, delegations, service calls, memories
POST /v1/agents/spawnParent spawns child with bounded budget/services (max depth 3)
GET/POST /v1/agents/:id/memoriesList/create governed memories with vector search
PATCH/DELETE /v1/agents/:id/memories/:idUpdate/delete memories
GET /v1/agents/:id/memories/graphNodes + edges for 3D memory visualization
GET/POST /v1/agents/:id/conversationsPersistent agent conversations
GET/POST /v1/agents/:id/delegated-tasksDelegation management
GET/POST/PATCH /v1/agents/:id/skill-proposalsSelf-adjusting skill proposals
7 endpoints

Chat API

EndpointDescription
POST /v1/chat/turnSSE-streamed chat turn. Supports force-approval, resume, local tool delegation.
GET /v1/chat/sessionsList chat sessions (filterable by agent_id)
POST /v1/chat/sessionsCreate chat session bound to an agent
DELETE /v1/chat/sessions?session_id=Close (soft-delete) a session
GET /v1/chat/sessions/:idFull session with message history
POST /v1/chat/approvals/:idApprove/reject chat tool calls mid-stream
GET /v1/chat/artifacts/:idDownload chat artifact (e.g., code output)

SSE Events: status, tool_planned, tool_executing, tool_done/tool_pending, thinking (reasoning), message_delta (live text), local_tools_pending (batch for CLI), done.

19 endpoints

Workflows API

EndpointDescription
GET/POST /v1/workflowsList/create workflows
GET/PATCH/DELETE /v1/workflows/:idCRUD a single workflow
POST /v1/workflows/:id/versionsCreate version with steps + edges
POST /v1/workflows/:id/runsExecute a workflow
POST /v1/workflows/:id/versions/:versionId/publishRequest governance review
POST /v1/workflows/:id/agentsGrant workflow to agent (callable as run_workflow)
DELETE /v1/workflows/:id/agents?agent_id=Revoke workflow from agent
POST /v1/workflows/:id/shareSet team/org visibility

Step types (10): service_call, delegation, approval, condition, delay, webhook, memory_read, memory_write, agent_request, run_workflow. Template: ${input.key}, ${steps.StepLabel.output}.

14 endpoints

Teams & Workspaces API

EndpointDescription
GET /v1/teamsList teams
POST /v1/teams/switchSet active team
GET /v1/teams/:id/membersTeam members with roles+budgets
PATCH /v1/teams/:id/members/:idSet team member role
GET/POST /v1/teams/:id/budgetGet/allocate team pool
POST /v1/teams/:id/workers/:uid/budget/allocateAllocate to worker
GET/POST /v1/workspacesList/create workspaces
POST /v1/workspaces/switchSwitch active workspace
GET/POST/DELETE /v1/orgs/:id/invitesManage invitations
POST /v1/invites/:token/acceptAccept invite (public, token IS auth)
Core dispatch endpoint

Service Requests API

POST /v1/service-requests

The single endpoint your agent calls for every paid action.

bash
curl -X POST https://www.upivia.com/api/v1/service-requests \
  -H "Authorization: Bearer agent_key_live_..." \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: $(uuidgen)" \
  -d '{"operation":"text_generation.generate","payload":{"model":"openai/gpt-4o-mini","messages":[{"role":"user","content":"Summarize"}]}}'

Response Statuses

StatusMeaning
executedPassed all checks. cost_cents debited.
blockedBlocked by policy, budget, or balance. See reason_code.
approval_requiredCost exceeds threshold. Returns approval_id.
failedProvider error. See result.detail.
Always send an Idempotency-Key. Retries with same key return cached response — no double charges.
Quick reference

Other Endpoint Groups

GroupCountKey Endpoints
Approvals3GET /v1/approvals, POST approve, POST reject
Audit & Usage2GET /v1/audit-logs, GET /v1/usage
Scheduler6CRUD /v1/scheduled-tasks, GET runs, PATCH status
Publishing4GET /v1/publications, POST revoke, GET/PATCH publish-requests
Storage6CRUD /v1/storage/objects, presigned upload/download, restore
Webhooks4POST stripe, discord, twilio/voice-status, :provider/reconcile
Triggers6CRUD /v1/triggers (webhook HMAC fire, cron)
Knowledge7CRUD collections, ingest documents, chunk+embed, semantic query
Devices6POST heartbeat, GET sessions, queue commands, mark done
Connected Apps4OAuth install, list, refresh, revoke
Models4GET /v1/models/openrouter (300+, 1h cache), CRUD favorites
TTS2GET /v1/tts (Kokoro voices), POST /v1/tts (synthesize WAV)
Budget Requests3POST create, GET list, PATCH approve/reject
Personal Tokens4CRUD PATs (mint, list, toggle, revoke/delete)
Marketplace1GET /v1/marketplace/listings (cross-org scaffold)
Promo4POST redeem, GET/POST/DELETE admin promo codes
Agent Requests2POST create (agent → human), GET list
Balance2GET balance (org/team), POST top-up
Billing1POST /v1/billing/checkout-sessions (Stripe)
What can go wrong

Error Codes

StatusCodeMeaning
blockedpolicy_violationAgent has no binding for this operation
blockedmonthly_budget_exceededPer-op monthly cap hit
blockeddaily_limit_exceededPer-op daily request count hit
blockedinsufficient_balanceOrg wallet empty
approval_requiredapproval_thresholdCost exceeds threshold; awaiting approval
failedadapter_errorUpstream provider rejected
failedagent_disabledAgent status is paused or disabled
401unauthorizedMissing/expired/revoked credential
403forbiddenLacks required permission
404not_foundResource doesn't exist or belongs to another org
400invalid_requestMalformed request body