Skip to content
OverviewGetting StartedAgent ArchitectureSkills DevelopmentSecurity FeaturesAPI ReferenceFAQ

API Reference

All public and authenticated endpoints with examples.

Base URL

https://api.opensyber.cloud

Authentication

Authenticated endpoints require a Bearer token from Clerk in the Authorization header.

Authorization: Bearer <clerk-session-token>

Public Endpoints

GET /health

Returns API health status.

curl https://api.opensyber.cloud/health # Response: { "status": "healthy" }

GET /api/skills

List all published skills in the marketplace.

GET /api/badges/:instanceId/security-score

Returns an SVG badge with the instance's security score.

curl https://api.opensyber.cloud/api/badges/inst_1/security-score # Response: SVG image (Content-Type: image/svg+xml)

GET /api/badges/:instanceId/security-score.json

Returns shields.io-compatible JSON for badge embedding.

Authenticated Endpoints

GET /api/user

Returns the authenticated user's profile.

GET /api/user/onboarding

Returns computed onboarding progress.

PATCH /api/user/onboarding

Mark a step complete or dismiss the checklist.

# Mark a step complete curl -X PATCH -H "Authorization: Bearer <token>" \ -H "Content-Type: application/json" \ -d '{"step": "reviewSecurity"}' \ /api/user/onboarding # Dismiss the checklist curl -X PATCH -H "Authorization: Bearer <token>" \ -H "Content-Type: application/json" \ -d '{"dismiss": true}' \ /api/user/onboarding

GET /api/user/referral

Returns referral code, referred count, and credits earned.

GET /api/instances

List user's agent instances.

POST /api/instances

Deploy a new agent instance.

GET /api/instances/:id

Get instance details, health metrics, and skills.

DELETE /api/instances/:id

Destroy an agent instance.

POST /api/instances/:id/skills/:skillId

Install a skill on an instance.

DELETE /api/instances/:id/skills/:skillId

Uninstall a skill from an instance.

GET /api/security/instances/:id/dashboard

Security dashboard with score, events, and categories.

GET /api/security/instances/:id/alerts

List security alerts for an instance.

GET /api/security/instances/:id/incidents

List security incidents for an instance.

Webhooks

POST /webhooks/clerk

Clerk webhook endpoint for user.created and user.updated events. Requires Svix HMAC signature verification.

POST /webhooks/lemonsqueezy

LemonSqueezy webhook for subscription events (created, updated, cancelled, expired). Requires HMAC signature verification.