API Reference

Interactive API exploration is staging-first by recommendation. API version: v4.

Endpoint Scope

• POST /v4/sessions.start
• POST /v4/sessions/{sessionId}/executions.execute
• POST /v4/execute

Auth Contract

• Runtime endpoints in this reference require bearer session auth (Authorization: Bearer <session-token>).
• Service-account API keys (x-driftgate-api-key, dgk_*) are for admin/config APIs (policies, routes, connectors, secrets, webhooks) and are not valid runtime session credentials.
• dg_sa_* is a service-account identifier, not a token secret.
• Device-login metadata for CLI bootstrap is available at GET /v4/auth/device-config.
• Canonical matrix: Auth + Token Contract
• Operator runbook: Operator Auth + Token Runbook
• External operator flow: External Operator Quickstart
• Security reviewer flow: Security Review Quickstart

Environment Policy

• Staging: recommended first validation path in explorer
• Production: use after install and envelope smoke checks pass

OpenAPI Artifacts

• Download v4.yaml
• Download v4.json

Recommended rollout flow: validate in staging first, then promote the same contract checks to production.