Imperal Docs
API Reference

Auth Gateway

Reference for the Imperal Auth Gateway public API (auth.imperal.io) — identity, JWT auth, extensions, marketplace, billing, developer portal, secrets, tenants, and real-time events.

The Imperal Auth Gateway (auth.imperal.io) is the public API host for the Imperal Cloud platform. Every user-facing request crosses it. It issues JWTs, applies RBAC, records all actions in the audit ledger, and exposes the full developer-facing REST surface.

Specs

Link
Live spec (always current)https://auth.imperal.io/v1/openapi.json
Downloadable snapshot/openapi/auth-gateway.json

The live spec is the filtered public endpoint — internal/service routes are excluded. It is CORS-open and can be imported directly into any OpenAPI-compatible tool.

Base URL

https://auth.imperal.io

Authentication

All endpoints (except /v1/auth/signup, /v1/auth/login, /v1/auth/refresh, and /v1/auth/.well-known/jwks.json) require one of:

  • Authorization: Bearer <jwt> — issued by POST /v1/auth/login
  • X-Service-Token: <token> — for trusted backend callers (kernel/service-only routes)

See the API Reference index for the full auth flow.

Public endpoint groups

Auth

Identity and session management.

MethodPathDescription
POST/v1/auth/signupSelf-service user registration (email + verify-email flow)
POST/v1/auth/verify-emailComplete registration with emailed token
POST/v1/auth/loginObtain JWT from credentials
POST/v1/auth/refreshRotate JWT using refresh token
POST/v1/auth/logoutInvalidate session
GET/v1/auth/meCurrent user profile
POST/v1/auth/me/change-passwordChange password
GET/v1/auth/.well-known/jwks.jsonPublic JWK set for token verification

POST /v1/auth/register is a service-token-gated programmatic registration route — it is not for user-facing clients. Use POST /v1/auth/signup for public user self-registration.

API Keys

Long-lived API keys for non-interactive integrations.

MethodPathDescription
POST/v1/keysCreate an API key
GET/v1/keysList API keys
DELETE/v1/keys/{key_id}Revoke a key

Tenants

Multi-organisation scope. Direct users have tenant_id == imperal_id.

MethodPathDescription
POST/v1/tenantsCreate a tenant
GET/v1/tenantsList tenants
GET/v1/tenants/{tenant_id}Get tenant details
PATCH/v1/tenants/{tenant_id}Update tenant
DELETE/v1/tenants/{tenant_id}Delete tenant
GET/v1/tenants/{tenant_id}/healthTenant health check

Billing

User-facing wallet, plans, and payment management.

MethodPathDescription
GET/v1/billing/plansList available plans
GET/v1/billing/balanceCurrent credit balance
GET/v1/billing/usageQuota and consumption
GET/v1/billing/walletWallet details
GET/v1/billing/wallet/historyTransaction history
POST/v1/billing/subscribeSubscribe to a plan
POST/v1/billing/topupTop up wallet
POST/v1/billing/checkoutInitiate checkout session
POST/v1/billing/payment-methods/setupAdd a payment method
GET/v1/billing/payment-methodsList payment methods
DELETE/v1/billing/payment-methods/{pm_id}Remove a payment method

Extensions — call surface

MethodPathDescription
POST/v1/extensions/{app_id}/callInvoke a @chat.function on an extension
POST/v1/extensions/{app_id}/batchInvoke multiple functions in one round-trip

See Endpoint 5 in the API map for the full request/response shape and the deploy_ir example.

Extensions — user registry

MethodPathDescription
GET/v1/me/extensionsList installed extensions with function manifests
POST/v1/me/extensions/disableDisable an extension
DELETE/v1/me/extensions/disable/{app_id}Re-enable an extension
GET/v1/extensions/{app_id}/usersUsers with access to an extension

Marketplace

MethodPathDescription
GET/v1/marketplace/appsBrowse published extensions
GET/v1/marketplace/apps/{app_id}Extension details
GET/v1/marketplace/featuredFeatured extensions
GET/v1/marketplace/categoriesAvailable categories
POST/v1/marketplace/apps/{app_id}/installInstall an extension
DELETE/v1/marketplace/apps/{app_id}/installUninstall an extension
POST/v1/marketplace/apps/{app_id}/reviewsSubmit a review
GET/v1/marketplace/apps/{app_id}/reviewsList reviews

Developer Portal

MethodPathDescription
POST/v1/developer/registerEnroll as a developer
GET/v1/developer/profileDeveloper profile
POST/v1/developer/appsCreate an app record
GET/v1/developer/appsList your apps
GET/v1/developer/apps/{app_id}App details
PUT/v1/developer/apps/{app_id}Update app metadata
DELETE/v1/developer/apps/{app_id}Delete app
POST/v1/developer/apps/{app_id}/deploysRecord a deploy
GET/v1/developer/apps/{app_id}/deploysDeploy history
POST/v1/developer/apps/{app_id}/submitSubmit for review
GET/v1/developer/earningsEarnings overview
POST/v1/developer/payouts/requestRequest a payout

Secrets

Per-extension secret management. Accessed through ctx.secrets in extension handlers.

MethodPathDescription
GET/v1/secrets/{ext_id}List secret metadata for an extension
PUT/v1/secrets/{ext_id}/{name}Set a secret value
DELETE/v1/secrets/{ext_id}/{name}Delete a secret
POST/v1/secrets/{ext_id}/{name}/rotateRotate a secret

Automations

POST /v1/automations is deprecated. Automation management is handled through the automations extension via POST /v1/extensions/automations/call.

MethodPathDescription
GET/v1/automationsList automations
DELETE/v1/automations/{rule_id}Delete an automation
POST/v1/automations/{rule_id}/pausePause an automation
POST/v1/automations/{rule_id}/resumeResume an automation

Actions & audit

Read-only view of the action ledger for the authenticated user.

MethodPathDescription
GET/v1/actionsList actions
GET/v1/actions/{trace_id}Action details
GET/v1/actions/statsAction statistics
GET/v1/actions/stats/extension/{app_id}Stats per extension

Confirmations & Tasks

MethodPathDescription
GET/v1/confirmations/activeActive confirmation cards
POST/v1/confirmations/{id}/confirmConfirm an action
POST/v1/confirmations/{id}/cancelCancel a pending action
GET/v1/tasks/activeActive background tasks
DELETE/v1/tasks/{task_id}Cancel a task

Events

MethodPathDescription
GET/v1/events/streamSSE stream of real-time kernel events

Webhooks

MethodPathDescription
GET/v1/ext/{app_id}/webhook/{path}Extension webhook (OAuth callbacks, push)
POST/v1/webhooks/stripeStripe payment event callback

On this page