HTTP API

What this API is

EnderDash exposes an authenticated HTTP API generated from the app's tRPC router.

This is separate from the real-time browser-to-agent channel, which uses protobuf RPC over WebRTC data channels.

Authentication

The HTTP API accepts either:

• a signed-in EnderDash session cookie
• a user API key sent as X-API-Key

It does not accept per-server agent keys.

OpenAPI documents

• Production schema: https://app.enderdash.com/openapi.json
• Local development schema: http://app.enderdash.localhost:1355/openapi.json
• Generated docs section: OpenAPI

Import the schema into Postman, Insomnia, or another OpenAPI-compatible tool if you want generated request shapes.

Base path and request model

The generated surface is exposed under /api/trpc.

Responses use the standard tRPC envelope:

{
  "result": {
    "data": {}
  }
}

Because EnderDash uses superjson, generated clients should use the same transformer when decoding responses.

What is included

The generated HTTP surface currently covers public and protected procedures from routers such as:

• activity
• auth
• ocelot
• organizations
• servers

Access rules still follow normal EnderDash authorization:

• organization membership
• server grants
• admin-only procedures
• plan limits

What is not included

• WebRTC signaling and the browser-to-agent transport
• tRPC subscriptions
• Ocelot streaming chat
• complete recursive schemas for some activity metadata, because @trpc/openapi has a depth limit

Error behavior

Practical curl example

curl \
  -H 'X-API-Key: <user-api-key>' \
  'https://app.enderdash.com/api/trpc/servers.listServers?input=%7B%22json%22%3A%7B%22organizationSlug%22%3A%22test%22%7D%7D'