EnderDashHTTP API
Use the authenticated HTTP API for organization data, server command automation, alerts management, and Ocelot notes.
What this API is for
EnderDash has two different integration surfaces:
- the real-time browser-to-agent channel, which uses protobuf RPC over WebRTC data channels internally
- an authenticated HTTP API for dashboard extensions, scripts, and internal tooling
Scope of this page
This page covers the HTTP API.
Authentication model
The HTTP API accepts either:
- your normal authenticated EnderDash session cookie
- a user API key created in the dashboard
It does not use the per-server API keys that the agent uses to register itself.
Agent API keys do not work here
Use a signed-in browser session or a user API key from the dashboard. The server agent API key is only for agent registration.
What that means in practice
- no session cookie or user API key, no access
- user API keys can be sent with
X-API-KeyorAuthorization: Bearer <key> - account-level and organization-filtered API key screens in the dashboard both create keys that work here
- agent API keys are not valid here
- access rules still follow organization membership, server access, and admin-only endpoint scope
Creating a user API key
- open
Account > API Keysto create a general user API key - open
Organization > API Keysto create or review keys already tagged to one workspace
cURL examples
curl \
-H "Authorization: Bearer <user-api-key>" \
https://app.enderdash.com/api/v1/organization/test/serverscurl \
-H "X-API-Key: <user-api-key>" \
-H "Content-Type: application/json" \
-d '{"command":"say hello from automation"}' \
https://app.enderdash.com/api/v1/organization/test/servers/<server-id>/console-commandsEndpoints
/api/v1/organization/{organizationSlug}/serversReturns the servers the current session can access in the given organization.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Response Body
application/json
application/json
application/json
application/json
curl -X GET "https://app.enderdash.com/api/v1/organization/string/servers"{
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"servers": [
{
"apiKeyPrefix": "string",
"connectionMetadata": {
"agentKind": 0,
"capabilities": [
0
],
"platform": 0,
"platformType": 0
},
"connectionState": "online",
"createdAt": "2019-08-24T14:15:22Z",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"isOnline": true,
"lastSeenAt": "2019-08-24T14:15:22Z",
"minecraftVersion": "string",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"serverType": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
]
}{
"error": "Unauthorized"
}{
"error": "You are missing permission to access this organization."
}{
"error": "Organization not found"
}/api/v1/organization/{organizationSlug}/serversCreates a new server record and returns the generated agent API key for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
1 <= length <= 120Response Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://app.enderdash.com/api/v1/organization/string/servers" \ -H "Content-Type: application/json" \ -d '{ "name": "string" }'{
"apiKey": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"server": {
"apiKeyPrefix": "string",
"connectionMetadata": {
"agentKind": 0,
"capabilities": [
0
],
"platform": 0,
"platformType": 0
},
"connectionState": "online",
"createdAt": "2019-08-24T14:15:22Z",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"isOnline": true,
"lastSeenAt": "2019-08-24T14:15:22Z",
"minecraftVersion": "string",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"serverType": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
}{
"error": "Invalid request body"
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can create servers."
}{
"error": "Organization not found"
}{
"error": "Server limit reached (5/5). Upgrade your plan to add more servers."
}/api/v1/organization/{organizationSlug}/servers/{serverId}Returns one accessible server record for the current session in the given organization.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Server identifier.
uuidResponse Body
application/json
application/json
application/json
application/json
curl -X GET "https://app.enderdash.com/api/v1/organization/string/servers/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"server": {
"apiKeyPrefix": "string",
"connectionMetadata": {
"agentKind": 0,
"capabilities": [
0
],
"platform": 0,
"platformType": 0
},
"connectionState": "online",
"createdAt": "2019-08-24T14:15:22Z",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"isOnline": true,
"lastSeenAt": "2019-08-24T14:15:22Z",
"minecraftVersion": "string",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"serverType": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
}{
"error": "Unauthorized"
}{
"error": "You are missing permission to access this organization."
}{
"error": "Server not found"
}/api/v1/organization/{organizationSlug}/servers/{serverId}Updates the display name of an existing server record for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Server identifier.
uuidRequest Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
1 <= length <= 120Response Body
application/json
application/json
application/json
application/json
application/json
curl -X PATCH "https://app.enderdash.com/api/v1/organization/string/servers/497f6eca-6276-4993-bfeb-53cbbbba6f08" \ -H "Content-Type: application/json" \ -d '{ "name": "string" }'{
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"server": {
"apiKeyPrefix": "string",
"connectionMetadata": {
"agentKind": 0,
"capabilities": [
0
],
"platform": 0,
"platformType": 0
},
"connectionState": "online",
"createdAt": "2019-08-24T14:15:22Z",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"isOnline": true,
"lastSeenAt": "2019-08-24T14:15:22Z",
"minecraftVersion": "string",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"serverType": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
}{
"error": "Invalid request body"
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can update servers."
}{
"error": "Server not found"
}/api/v1/organization/{organizationSlug}/servers/{serverId}Deletes an existing server record for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Server identifier.
uuidResponse Body
application/json
application/json
application/json
application/json
curl -X DELETE "https://app.enderdash.com/api/v1/organization/string/servers/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"serverId": "10d2345a-e43d-463d-830e-4f5b19b60d41",
"success": true
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can delete servers."
}{
"error": "Server not found"
}/api/v1/organization/{organizationSlug}/servers/{serverId}/regenerate-keyRotates the agent API key for an existing server record and returns the new plaintext key to organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Server identifier.
uuidResponse Body
application/json
application/json
application/json
application/json
curl -X POST "https://app.enderdash.com/api/v1/organization/string/servers/497f6eca-6276-4993-bfeb-53cbbbba6f08/regenerate-key"{
"apiKey": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"server": {
"apiKeyPrefix": "string",
"connectionMetadata": {
"agentKind": 0,
"capabilities": [
0
],
"platform": 0,
"platformType": 0
},
"connectionState": "online",
"createdAt": "2019-08-24T14:15:22Z",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"isOnline": true,
"lastSeenAt": "2019-08-24T14:15:22Z",
"minecraftVersion": "string",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"serverType": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can regenerate server API keys."
}{
"error": "Server not found"
}/api/v1/organization/{organizationSlug}/activityReturns recent organization activity and available server filters for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Query Parameters
Optional server ID filter.
uuidMaximum number of items to return.
501 <= value <= 200Response Body
application/json
application/json
application/json
application/json
curl -X GET "https://app.enderdash.com/api/v1/organization/string/activity"{
"items": [
{
"actorLabel": "string",
"description": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"kind": "access",
"metadata": {
"property1": "string",
"property2": "string"
},
"occurredAt": "2019-08-24T14:15:22Z",
"serverId": "10d2345a-e43d-463d-830e-4f5b19b60d41",
"serverName": "string",
"title": "string"
}
],
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"serverOptions": [
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string"
}
]
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can view activity."
}{
"error": "Organization not found"
}/api/v1/organization/{organizationSlug}/servers/{serverId}/console-commandsExecutes a single console command on a connected server for organization owners and admins. The request waits for the agent to acknowledge the command execution result.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Server identifier.
uuidRequest Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Console command to execute. A leading slash is accepted and removed before dispatch.
1 <= lengthResponse Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://app.enderdash.com/api/v1/organization/string/servers/497f6eca-6276-4993-bfeb-53cbbbba6f08/console-commands" \ -H "Content-Type: application/json" \ -d '{ "command": "string" }'{
"command": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"requestId": "d385ab22-0f51-4b97-9ecd-b8ff3fd4fcb6",
"serverId": "10d2345a-e43d-463d-830e-4f5b19b60d41",
"success": true
}{
"error": "Invalid request body",
"issues": [
{
"code": "too_small",
"message": "Command is required",
"path": "command"
}
]
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can run server console commands."
}{
"error": "Server not found"
}{
"error": "An active subscription is required to access this server."
}{
"error": "Server is not connected"
}{
"error": "Console command timed out"
}/api/v1/organization/{organizationSlug}/alertsReturns the current alert configuration and up to 100 recent delivery attempts for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Response Body
application/json
application/json
application/json
application/json
curl -X GET "https://app.enderdash.com/api/v1/organization/string/alerts"{
"destinations": [
{
"createdAt": "2019-08-24T14:15:22Z",
"createdByMemberId": "a8bc679e-5975-4202-af06-dcc7f02c5184",
"enabled": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"target": "string",
"type": "email",
"updatedAt": "2019-08-24T14:15:22Z"
}
],
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"recentDeliveries": [
{
"createdAt": "2019-08-24T14:15:22Z",
"deliveredAt": "2019-08-24T14:15:22Z",
"destinationId": "d0a0ebc7-d6b4-4f3c-a5af-5761a8148e3a",
"destinationName": "string",
"error": "string",
"eventId": "d6703cc8-9e79-415d-ac03-a4dc7f6ab43c",
"eventKind": "string",
"eventSeverity": "info",
"eventTitle": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"responseStatus": 0,
"ruleId": "70af3071-65d9-4ec3-b3cb-5283e8d55dac",
"ruleName": "string",
"status": "delivered"
}
],
"rules": [
{
"createdAt": "2019-08-24T14:15:22Z",
"createdByMemberId": "a8bc679e-5975-4202-af06-dcc7f02c5184",
"destinationIds": [
"497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"enabled": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"kinds": [
"string"
],
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"quietHoursEnd": "string",
"quietHoursStart": "string",
"quietHoursTimezone": "string",
"serverId": "10d2345a-e43d-463d-830e-4f5b19b60d41",
"severities": [
"info"
],
"updatedAt": "2019-08-24T14:15:22Z"
}
]
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can access this endpoint."
}{
"error": "Organization not found"
}/api/v1/organization/{organizationSlug}/alertsPerforms alert destination or alert rule mutations for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
true1 <= length3 <= length"email" | "webhook" | "discord"Response Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://app.enderdash.com/api/v1/organization/string/alerts" \ -H "Content-Type: application/json" \ -d '{ "action": "destination.create", "enabled": true, "name": "string", "target": "string", "type": "email" }'{
"createdAt": "2019-08-24T14:15:22Z",
"createdByMemberId": "a8bc679e-5975-4202-af06-dcc7f02c5184",
"enabled": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"target": "string",
"type": "email",
"updatedAt": "2019-08-24T14:15:22Z"
}{
"createdAt": "2019-08-24T14:15:22Z",
"createdByMemberId": "a8bc679e-5975-4202-af06-dcc7f02c5184",
"enabled": true,
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "string",
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"target": "string",
"type": "email",
"updatedAt": "2019-08-24T14:15:22Z"
}{
"error": "Invalid request body",
"issues": [
{
"code": "invalid_type",
"message": "Expected string, received undefined",
"path": "action"
}
]
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can access this endpoint."
}{
"error": "Alert rule not found"
}/api/v1/organization/{organizationSlug}/ocelot/notesReturns paginated Ocelot workspace notes for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Query Parameters
1-based page number.
11 <= valueOptional full-text search across title and content.
Response Body
application/json
application/json
application/json
application/json
curl -X GET "https://app.enderdash.com/api/v1/organization/string/ocelot/notes"{
"notes": [
{
"content": "string",
"createdAt": "2019-08-24T14:15:22Z",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"tags": "string",
"title": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
],
"organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
"organizationSlug": "string",
"page": 0,
"pageSize": 0,
"total": 0
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can access this endpoint."
}{
"error": "Organization not found"
}/api/v1/organization/{organizationSlug}/ocelot/notesCreates a workspace note for organization owners and admins. The current plan still applies note-capacity limits.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
1 <= length1 <= lengthResponse Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://app.enderdash.com/api/v1/organization/string/ocelot/notes" \ -H "Content-Type: application/json" \ -d '{ "content": "string", "title": "string" }'{
"noteId": "11bee8fe-2793-4911-9b27-a6f8473a2ccf",
"saved": true
}{
"error": "Invalid request body",
"issues": [
{
"code": "too_small",
"message": "String must contain at least 1 character(s)",
"path": "title"
}
]
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can access this endpoint."
}{
"error": "Organization not found"
}{
"error": "Saved note limit reached (10/10). Delete an old note or upgrade your plan for more note capacity."
}/api/v1/organization/{organizationSlug}/ocelot/notes/{noteId}Deletes a workspace note for organization owners and admins.
Signed EnderDash browser session cookie set by the dashboard.
In: cookie
Path Parameters
Organization slug.
Ocelot note identifier.
uuidResponse Body
application/json
application/json
application/json
application/json
application/json
curl -X DELETE "https://app.enderdash.com/api/v1/organization/string/ocelot/notes/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"success": true
}{
"error": "Invalid note id"
}{
"error": "Unauthorized"
}{
"error": "Only organization owners and admins can access this endpoint."
}{
"error": "Organization not found"
}Responses and limits
Raw spec
The machine-readable OpenAPI document is available at /http-api/openapi.json.
Error behavior
401if you are not signed in403if your session is valid but you do not have access400if a write endpoint receives invalid JSON or an invalid request body404if the organization slug does not exist409if a write endpoint is blocked by a plan limit, such as Ocelot note capacity
Current scope
GET /serversandGET /servers/{serverId}work for members who can access the organization workspacePOST /servers,PATCH /servers/{serverId},DELETE /servers/{serverId}, andPOST /servers/{serverId}/regenerate-keyare owner/admin onlyPOST /servers/{serverId}/console-commandsis owner/admin only and requires the target server to be connectedGET /activity,GET/POST /alerts, and Ocelot note endpoints are owner/admin only- alert mutations, console commands, and Ocelot note writes work with either a normal dashboard session or a user API key
- server agent API keys are still rejected everywhere on this API surface
What is still not public here
The browser-to-agent transport, signaling flow, interactive streaming RPCs, and internal server functions are still not exposed as public HTTP APIs.
Was this page helpful?
Send a quick note if anything is missing or unclear.
Last updated on