API reference

The narrowapi management API lets you create actions, issue tokens, and view executions programmatically. All management endpoints live under /api/v1.

OpenAPI spec ↗

Machine-readable contract for every endpoint. JSON and YAML available.

/.well-known/openapi.json

llms.txt ↗

Agent-friendly API summary for LLM tool-use discovery.

/.well-known/llms.txt

Authentication

There are two types of credentials. Both are passed via the Authorization: Bearer <token> header.

Credential	Prefix	Used for
API key	sk_	Management API (`/api/v1/*`)
Execution token	sxt_	Proxy endpoint (`/x/{id}`)

Endpoints

Actions

POST /api/v1/actions Create action

GET /api/v1/actions List actions

GET /api/v1/actions/{id} Get action

PATCH /api/v1/actions/{id} Update action

DELETE /api/v1/actions/{id} Delete action

Tokens

POST /api/v1/tokens Create token

GET /api/v1/tokens List tokens

GET /api/v1/tokens/{id} Get token

DELETE /api/v1/tokens/{id} Revoke token

POST /api/v1/actions/{id}/rotate-token Rotate token

Executions

GET /api/v1/actions/{id}/executions List executions

GET /api/v1/actions/{id}/executions/{exec_id} Get execution

Proxy

POST /x/{action_id} Execute action (agent endpoint)

API keys

POST /api/v1/api-keys Create API key

GET /api/v1/api-keys List API keys

DELETE /api/v1/api-keys/{id} Delete API key

Pagination

List endpoints use cursor-based pagination. Responses include a next_cursor field when more results are available. Pass it as the cursor query parameter to fetch the next page.

$ curl https://narrowapi.com/api/v1/actions?limit=10&cursor=eyJpZCI6NDJ9 \
  -H "Authorization: Bearer sk_..."

Error format

All errors return a JSON body with error (machine-readable code) and message (human-readable). Validation errors also include a details array.

{
  "error": "validation_failed",
  "message": "request body is invalid",
  "details": [
    {"field": "name", "message": "is required"},
    {"field": "target_url", "message": "must be a valid HTTPS URL"}
  ]
}

Common error codes

Status	Error code	Meaning
401	unauthorized	Missing or invalid API key / token
403	action_limit_reached	Free plan limit of 5 active actions
403	execution_limit_reached	300 monthly executions exhausted
404	not_found	Resource does not exist or is not owned by you
422	validation_failed	Request body failed schema validation
429	rate_limited	Too many requests; see `retry_after_seconds`

Rate limits

Each action has configurable per-minute (rate_limit_rpm) and per-hour (rate_limit_rph) limits. The default is 60 RPM with no hourly limit. When exceeded, the proxy returns 429 with a retry_after_seconds field.

← Examples Getting help →