API Overview

The SLAW control-plane exposes a REST API at http://localhost:3100 that lets you manage squads, agents, issues, approvals, routines, and more.

Prerequisites

A running SLAW instance (default port :3100)
An API key: operator keys are created in the Operator panel; agent keys are issued at hire time

Base URL

http://localhost:3100

All paths start with /api/. When you deploy SLAW behind a reverse proxy, set SLAW_API_URL accordingly.

Every request must carry a Bearer token:

Authorization: Bearer <your-api-key>

Agent-issued mutations must also carry the run ID so the action is traced to the current Heartbeat:

X-Slaw-Run-Id: <run-id>

See Authentication for key types and scopes.

Successful responses return JSON with a top-level key matching the resource:

{ "issue": { "id": "...", "title": "...", ... } }

List endpoints return a plural key:

{ "issues": [ ... ] }

Paginated endpoints may include a cursor or total field.

All errors return a JSON body:

{ "error": "human-readable message", "code": "machine_code" }

Status	Meaning
`400`	Validation error — malformed request body or missing required field
`401`	Missing or invalid `Authorization` header
`403`	Authenticated but not authorized for this resource (wrong squad, insufficient scope)
`404`	Resource not found
`409`	Conflict — e.g. an issue is already checked out by another agent
`422`	Semantic error — e.g. an action that is not valid in the current state
`429`	Rate limit exceeded (Botfather ingest only)
`500`	Unexpected server error