Skip to content

API Reference

Interactive documentation

Clavis provides two interactive API documentation interfaces:

URLDescription
/api/docsSwagger UI — interactive API explorer
/api/redocReDoc — readable, two-column view

Both are generated from the OpenAPI specification and reflect the actual available endpoints.

Authentication

JWT Bearer (internal users)

For logged-in users (coordinators, creators, admins):

Authorization: Bearer <access_token>

The token is returned on login (POST /api/auth/login).

For guests and participants, session cookies are used (set during the join flow). No manual header required.

WebSocket token

For WebSocket connections, a short-lived WS token must first be obtained:

GET /api/auth/ws-token
Authorization: Bearer <access_token>

The WS token is passed as a query parameter.

WebSocket endpoints

EndpointDescription
GET /api/orgs/{slug}/runs/{run_id}/wsCoordinator stream: run state updates, team events, feed
GET /api/orgs/{slug}/runs/{run_id}/teams/{team_id}/wsTeam stream: submissions, chat, feed, run state

Connecting

javascript
const wsToken = await fetch('/api/auth/ws-token', {
  headers: { Authorization: `Bearer ${accessToken}` }
}).then(r => r.json()).then(d => d.token);

const ws = new WebSocket(
  `wss://app.clavis-rallye.com/api/orgs/${slug}/runs/${runId}/ws?token=${wsToken}`
);

Key endpoints (overview)

MethodPathDescription
POST/api/auth/loginLogin; returns JWT
POST/api/auth/refreshRenew token
GET/api/auth/ws-tokenWS token for WebSocket auth
GET/api/healthService health status
GET/api/orgs/{slug}/rallyesRallye list
POST/api/orgs/{slug}/runsCreate a new run
POST/api/orgs/{slug}/runs/{run_id}/joinGuest join flow
POST/api/orgs/{slug}/runs/{run_id}/teams/{team_id}/submissionsCreate a submission

The complete endpoint list with parameters and response formats is available at /api/docs.

Tenant isolation

All endpoints are isolated by the organization's {slug}. A user can only access resources of their own organization. Cross-tenant access is rejected server-side.