API reference

Every action you can take in the dashboard is also available over HTTP. The same permissions, the same workspace boundaries, and the same audit trail apply to API calls as to clicks in the UI.

What the API covers

The API exposes the entirety of the feature surface. You can manage workspaces, users, groups, services, environments, cloud accounts, Kubernetes connections, pipelines, configuration, credentials, and SCM providers. You can read the audit trail and subscribe to it as a stream of webhook events. You can run the same AI capabilities the dashboard offers, with the same workspace isolation in place.

Authentication

Every request carries a bearer token. Tokens are issued in the dashboard for human users and as API keys for machine-to-machine access. Each token carries the principal’s permission grants. There is no super-admin token that bypasses workspace boundaries or permission checks. The same access controls you set in the UI apply automatically to API calls.

Conventions

Timestamps are RFC 3339 UTC. Identifiers in responses follow a prefix convention so they are self-describing. Pagination is cursor-based on every list endpoint. Errors are returned as standard problem details so they are easy to parse. Every successful state-changing call returns an audit identifier in a response header for traceability.

Webhooks

Subscribe to events at the workspace level. Sciple posts JSON payloads to a URL you provide, signed with HMAC-SHA256. Replay protection comes from a monotonically increasing delivery identifier. Idempotency is the receiver’s responsibility. Subscriptions are configurable in the dashboard, including which event types to receive.

Getting the full schema

The full reference, including request and response schemas for every endpoint, is shared under NDA. Email sales@sciple.cloud to request access. For most procurement reviews this is a same-week turnaround.