REST API
Base URL: https://api.exepad.com/v1 · Auth: Authorization: Bearer exepad_dk_… (Authentication)
The complete machine-readable specification is served at
https://api.exepad.com/v1/openapi.json (OpenAPI 3, generated from the live service). Browse the full per-endpoint REST API reference → — request/response schemas for every operation, generated from that spec.
Endpoint map
Section titled “Endpoint map”| Area | Endpoints |
|---|---|
| Apps | GET/POST /apps · GET/PATCH/DELETE /apps/{id} · GET /apps/{id}/config · POST /apps/{id}/clone · GET /apps/{id}/hosting-usage |
| Edits (AI) | GET/POST /apps/{id}/edits · GET /apps/{id}/edits/{eid} · POST …/cancel · GET …/logs · GET …/stream (SSE) |
| Files (RAG) | GET/POST /apps/{id}/files · GET/DELETE /apps/{id}/files/{fid} |
| Deploy | POST /apps/{id}/deploy/preview · POST …/publish · POST …/unpublish · GET …/status · GET /apps/{id}/deployments · POST /apps/{id}/rollback |
| Settings | PUT /apps/{id}/domains · PUT /apps/{id}/services/{service} · PUT /apps/{id}/auth |
| Observability | GET /apps/{id}/logs · GET /apps/{id}/health · GET /apps/{id}/errors |
| Gateway | GET /apps/{id}/discover · POST /apps/{id}/execute — call your app’s own backend tools |
| Keys | GET/POST /keys · GET/PATCH/DELETE /keys/{id} · POST /keys/{id}/rotate |
| Webhooks | GET/POST /webhooks · GET/PATCH/DELETE /webhooks/{id} · POST …/test · GET …/deliveries · POST …/deliveries/{did}/retry |
| Billing | GET /billing/wallet · GET /billing/ledger · GET /billing/usage · GET /billing/pricing · PUT /billing/limits · POST /billing/topup |
| Discovery | GET /capabilities · GET /services |
Conventions
Section titled “Conventions”- JSON in, JSON out. File upload (
POST /apps/{id}/files) also acceptsmultipart/form-data. - Async operations return
202with a resource to poll (edits, deploys). Terminal states arecompleted/failed/cancelled(edits) anddeployed/failed(deploys). - Errors use a consistent envelope — see Errors.
- Pagination: list endpoints take
limitandoffsetand return{items…, total, limit, offset}. - Request IDs: every response carries
x-request-id— include it when reporting issues. - Rate limit headers:
x-ratelimit-limit / -remaining / -reseton every response — see Rate limits.
Idempotency
Section titled “Idempotency”Mutating requests accept an Idempotency-Key header. Replays with the same key return the original response (flagged with X-Idempotent-Replayed: true); reusing a key with a different body returns 409. Use it for payment-adjacent and deploy operations in retry loops.
Calling your app’s backend (gateway)
Section titled “Calling your app’s backend (gateway)”Apps generated with a backend expose their CRUD/custom handlers as tools. Discover and invoke them through the gateway without handling per-app auth yourself:
curl https://api.exepad.com/v1/apps/{id}/discover -H "Authorization: Bearer $EXEPAD_KEY"# → { "tools": [ { "name": "tasks_list", ... } ], "tool_count": 4 }
curl -X POST https://api.exepad.com/v1/apps/{id}/execute \ -H "Authorization: Bearer $EXEPAD_KEY" \ -H "Content-Type: application/json" \ -d '{"tool_name": "tasks_list", "input": {}}'Gateway calls require the app to be published with its per-app MCP surface enabled.