Skip to content

REST API

Base URL: https://api.exepad.com/v1 · Auth: Authorization: Bearer exepad_dk_… (Authentication)

The complete machine-readable specification is served at https://api.exepad.com/v1/openapi.json (OpenAPI 3, generated from the live service). Browse the full per-endpoint REST API reference → — request/response schemas for every operation, generated from that spec.

Area Endpoints
Apps GET/POST /apps · GET/PATCH/DELETE /apps/{id} · GET /apps/{id}/config · POST /apps/{id}/clone · GET /apps/{id}/hosting-usage
Edits (AI) GET/POST /apps/{id}/edits · GET /apps/{id}/edits/{eid} · POST …/cancel · GET …/logs · GET …/stream (SSE)
Files (RAG) GET/POST /apps/{id}/files · GET/DELETE /apps/{id}/files/{fid}
Deploy POST /apps/{id}/deploy/preview · POST …/publish · POST …/unpublish · GET …/status · GET /apps/{id}/deployments · POST /apps/{id}/rollback
Settings PUT /apps/{id}/domains · PUT /apps/{id}/services/{service} · PUT /apps/{id}/auth
Observability GET /apps/{id}/logs · GET /apps/{id}/health · GET /apps/{id}/errors
Gateway GET /apps/{id}/discover · POST /apps/{id}/execute — call your app’s own backend tools
Keys GET/POST /keys · GET/PATCH/DELETE /keys/{id} · POST /keys/{id}/rotate
Webhooks GET/POST /webhooks · GET/PATCH/DELETE /webhooks/{id} · POST …/test · GET …/deliveries · POST …/deliveries/{did}/retry
Billing GET /billing/wallet · GET /billing/ledger · GET /billing/usage · GET /billing/pricing · PUT /billing/limits · POST /billing/topup
Discovery GET /capabilities · GET /services
  • JSON in, JSON out. File upload (POST /apps/{id}/files) also accepts multipart/form-data.
  • Async operations return 202 with a resource to poll (edits, deploys). Terminal states are completed / failed / cancelled (edits) and deployed / failed (deploys).
  • Errors use a consistent envelope — see Errors.
  • Pagination: list endpoints take limit and offset and return {items…, total, limit, offset}.
  • Request IDs: every response carries x-request-id — include it when reporting issues.
  • Rate limit headers: x-ratelimit-limit / -remaining / -reset on every response — see Rate limits.

Mutating requests accept an Idempotency-Key header. Replays with the same key return the original response (flagged with X-Idempotent-Replayed: true); reusing a key with a different body returns 409. Use it for payment-adjacent and deploy operations in retry loops.

Apps generated with a backend expose their CRUD/custom handlers as tools. Discover and invoke them through the gateway without handling per-app auth yourself:

Terminal window
curl https://api.exepad.com/v1/apps/{id}/discover -H "Authorization: Bearer $EXEPAD_KEY"
# → { "tools": [ { "name": "tasks_list", ... } ], "tool_count": 4 }
curl -X POST https://api.exepad.com/v1/apps/{id}/execute \
-H "Authorization: Bearer $EXEPAD_KEY" \
-H "Content-Type: application/json" \
-d '{"tool_name": "tasks_list", "input": {}}'

Gateway calls require the app to be published with its per-app MCP surface enabled.