List & create
GET /:project/api/sessions
- Query –
limit&offset. - Response – each entry contains
{ id, name, description, image, args, screen, status }plus metadata obtained fromCloudSessionManager.
PUT /:project/api/sessions
- Body
- Behavior – validates cookies with
assertCookie, normalizes proxy settings, and persists the session. Returns the new session ID.
Inspect, update, delete
GET /.../sessions/{sessionId}
Requires read permission for the session. Returns core metadata plus:
cookieswhen you also havecookies.read.resources: enumerates active resources, each with URLs and status when you have permission to read the underlying session resource.
PATCH /.../sessions/{sessionId}
Accepts any combination of cookies, screen, name, description, args, image, or proxy. Fields are validated before calling CloudSessionManager.update.
DELETE /.../sessions/{sessionId}
Ensures write permission then removes the session entirely.
Starting sessions & working with resources
| Endpoint | Description |
|---|---|
POST /.../sessions/{sessionId}/start | Starts a new browser resource. Response contains { id, ...info, vncUrl, remoteUrl, status }. |
GET /.../sessions/{sessionId}/{resourceId} | Returns metadata and URLs for a specific resource. |
GET /.../sessions/{sessionId}/{resourceId}/capture | Streams captured cookies (requires both resource read and cookies read permissions). |
GET /.../sessions/{sessionId}/{resourceId}/logs | Supports SSE or paged JSON logs, filtered by offset/limit. |
POST /.../sessions/{sessionId}/{resourceId}/stop | Stops the resource container. |
{ context, severity, message, area, object }.
Permissions are enforced per resource ID, so sharing a session with another team only grants them access to the exact resources they are authorized to read or execute.