API reference
The Echopoint API is a REST API with server-sent events for live streams. The OpenAPI contract defines 91 operations; this page covers the surfaces most users automate. A fully generated, per-operation reference built from the contract is coming — until then, treat this overview plus the CLI as the practical interface.
Base URL
Section titled “Base URL”https://api.echopoint.devThe OpenAPI spec omits a servers block, so the base URL is stated here explicitly:
all paths below are relative to https://api.echopoint.dev.
Authentication
Section titled “Authentication”| Header | Used by |
|---|---|
Authorization: Bearer <Clerk JWT> | App sessions (the browser app) |
X-Api-Key: <org key> | Automation — CI, scripts, integrations |
Most routes also require the X-Organization-Id header to scope the request to your
organization. Create keys under API Keys in the app — see
API keys & permissions.
One deliberate exception: the webhook capture endpoint /webhook/{id} is
unauthenticated, so any external system can deliver events to it.
Resource groups
Section titled “Resource groups”The spec is organized into 11 tags:
| Tag | Key endpoints |
|---|---|
| Auth | Session endpoints used by the app sign-in |
| Webhook | /webhooks CRUD · /webhook/{id} unauthenticated capture (GET/POST/PUT/PATCH/DELETE) · /webhooks/{id}/stream (SSE) · /webhooks/{id}/requests/search |
| Analytics | Webhook traffic analytics — request volumes over time, method breakdown |
| Flows | /flows CRUD · /flows/search · /flows/{id}/launch · /flows/{id}/publish · /flows/{id}/versions and /{vid}/restore · /flows/{id}/environments · /flows/{id}/export · /flows/{flowId}/executions/{executionId} with /stream (SSE) and /nodes |
| Collections | /collections · /collections/import/openapi · OpenAPI-sync endpoints |
| Resources | Supporting resources referenced by flows and collections |
| Administration | /api-keys · GET /permissions (the scope catalog) |
| Extractors | Node output extractors — jsonPath, xmlPath, statusCode, header, body |
| Assertions | Node assertions — the 14 comparison operators |
| SpecialNodes | Non-request node types: Delay and Module nodes |
| Runner | Runner protocol — /runners, /runner/jobs/next, heartbeat |
Conventions
Section titled “Conventions”- SSE wire format — streams (
/webhooks/{id}/stream, execution/stream) emitdata:-prefixed flat JSON events. There is noevent:field; dispatch on the payload itself. - Pagination — list endpoints cap page size at 100.
- Idempotency — flow launch accepts an
Idempotency-Keyheader, so a retried pipeline does not start a duplicate execution.
Examples
Section titled “Examples”Create a webhook endpoint:
curl -X POST https://api.echopoint.dev/webhooks \ -H "X-Api-Key: $ECHOPOINT_API_KEY" \ -H "X-Organization-Id: $ECHOPOINT_ORGANIZATION_ID" \ -H "Content-Type: application/json" \ -d '{"name": "payment-events"}'Anything can then deliver to the capture URL — no auth, any of GET/POST/PUT/PATCH/DELETE,
answered with a JSON receipt (message, request_id, received_at):
curl -X POST https://api.echopoint.dev/webhook/wh_9f2k81 \ -H "Content-Type: application/json" \ -d '{"event": "payment_intent.succeeded", "amount": 4200}'List flows with an API key:
curl https://api.echopoint.dev/flows \ -H "X-Api-Key: $ECHOPOINT_API_KEY" \ -H "X-Organization-Id: $ECHOPOINT_ORGANIZATION_ID"Launch a flow, idempotently:
curl -X POST https://api.echopoint.dev/flows/$FLOW_ID/launch \ -H "X-Api-Key: $ECHOPOINT_API_KEY" \ -H "X-Organization-Id: $ECHOPOINT_ORGANIZATION_ID" \ -H "Idempotency-Key: deploy-2026-06-09-01"Launches can also pick an environment key and pin a published version — the CLI and GitHub Action expose both as flags and are the recommended way to launch from CI.
Next steps
Section titled “Next steps”- API keys & permissions — scopes, the ci preset, rotation
- Executions & live runs — what the execution endpoints return
- Webhook testing — the capture endpoint in practice
- CLI — the same API from your terminal