/api namespace so you can onboard users programmatically, automate browser sessions, or run and evolve pipelines from CI.
Platform pillars
- Identity & security – cookie-backed sessions for humans, API keys for services, hard requirements for email verification and TOTP-based two-factor auth.
- Projects & resources – every project slug unlocks a dedicated
/[project]/api/...surface for pipelines, functions, MCP servers, proxies, and browser sessions. - Execution fabric – coordinate browser containers, capture logs, and stream pipeline outputs over SSE without leaving the API.
- Billing controls – check balances, start subscriptions, issue one-off top-ups, and receive Stripe webhooks to mirror the ledgers in your systems.
- Integration hooks – external session bootstrap endpoints and a low-level coordinator API make it easy to plug Browsary into existing infrastructure.
Base URLs
Tip:GET /apialways returns the deployed API version plus asubjectpayload so you can validate that authentication worked before issuing sensitive calls.
Auth choices at a glance
- Session cookies – created by the
POST /api/auth/loginflow and automatically refreshed by verification, reset, and 2FA endpoints. Cookies are required for dashboard access. - API keys – mint scoped keys under
/api/api-keysand send them asx-api-keyorAuthorization: ApiKey <value>. Keys inherit the owner’s permissions but can be locked to specific projects or permission strings. - External tokens – some integration endpoints (
/api/external-sessionand/api/coordinator/<token>/*) expect shared secrets provided through environment variables.
Resource map
Use the sidebar to jump into the relevant reference page once you know which category you need.