API Overview
This page covers the conventions every WebAgent endpoint shares. For per-endpoint field details, see the OpenAPI 3.1 spec — every SDK and the Console's Get Code dialog generate from it.
Base URL
https://api.web-agent.asix.incAll resource paths are scoped to a project:
/v1/projects/{project_id}/...Authentication
Bearer token in the Authorization header. See Authentication & API keys.
Authorization: Bearer wa_xxxxxxxxxxxxxxxxxxxxxxxxErrors
JSON body, HTTP status, and a stable code you can switch on:
{
"code": "session_not_found",
"detail": "Session sess_demo_0001 not found.",
"extra": { "session_id": "sess_demo_0001" }
}| Status | Common codes |
|---|---|
| 400 | bad_request |
| 401 | unauthorized |
| 402 | insufficient_credits, budget_exceeded |
| 403 | forbidden, safety_boundary_violated |
| 404 | session_not_found, task_not_found, profile_not_found, … |
| 409 | conflict |
| 422 | validation_error |
| 429 | rate_limit_exceeded, too_many_concurrent_sessions |
| 5xx | internal_error |
Rate limits
- Per-key concurrent sessions — set by your plan.
- Per-key request rate — sliding-window;
429withRetry-Afteron breach. - Per-project monthly credit budget — soft warning at 80%, hard stop at 100%.
Pagination
List endpoints are cursor-paginated:
GET /v1/projects/{pid}/do_anything/sessions?limit=50&cursor=eyJ…Response includes next_cursor (or null at the end). Limits cap at 100 per page.
Idempotency
Mutating endpoints (POST /sessions, POST /messages, …) accept an optional Idempotency-Key header. Send the same UUID and you'll get the same response back; safe to retry.
SSE conventions
Streaming endpoints (e.g. …/events) emit JSON-encoded SSE events with a numeric id. To reconnect cleanly, send Last-Event-ID: <last_id> and the server replays everything after that id.
Next steps
- OpenAPI spec — every endpoint, every field, machine-readable.
- Sessions & Tasks — the resource model.
- Errors & retries — full error-code matrix.