Skip to Content
API ReferenceAPI Reference

API Reference

The platform ships with a full OpenAPI 3.0 specification and an interactive Swagger UI explorer.

The interactive API explorer is served directly from your running BuildPad DaaS instance. Navigate to /api-explorer in the admin UI to explore and test all endpoints interactively.

OpenAPI Specification

The raw OpenAPI JSON is available at:

GET /api/docs/openapi.json

You can import this URL into any API client that supports OpenAPI — Postman, Insomnia, Bruno, or any code generator.

Endpoint Groups

GroupBase PathDescription
Auth/api/auth/*Login, logout, refresh, password reset
Items/api/items/:collectionGeneric CRUD for any collection
Users/api/usersUser management
Roles/api/rolesRole management
Policies/api/policiesPolicy management
Permissions/api/permissionsPermission rules
Access/api/accessAccess records (role-policy-user assignments)
Collections/api/collectionsSchema introspection and DDL
Fields/api/fieldsColumn metadata and DDL
Relations/api/relationsForeign key and relation metadata
Files/api/filesFile upload and management
Folders/api/foldersFolder management
Assets/api/assets/:idFile asset serving
Versions/api/versionsContent versioning
Workflows/api/workflowsWorkflow definitions
Workflow Assignments/api/workflow-assignmentsWorkflow–collection assignments
Workflow Instances/api/workflow-instancesActive workflow states
Extensions/api/ext/*Custom extension endpoint execution
Extension Management/api/extensionsExtension CRUD, activate, deactivate
Schema/api/schema/*Snapshot, diff, apply
Settings/api/settingsGeneral, CORS, SMTP, MCP project settings
Utils/api/utils/*Hash, random, export, import, sort, cache
Server/api/server/*Ping, health, info
Health/api/healthTop-level liveness probe
Activity/api/activityUser activity log (admin only)
Revisions/api/revisionsRead-only item change audit log (admin only)
Logs/api/logsIn-memory runtime logs and SSE stream (admin only)
Cron/api/cronScheduled cron job management (admin only)
Services/api/servicesCustom HTTP service definitions (admin only)
Scope/api/scopeHierarchical scope and multi-tenancy management
Workflow/api/workflowWorkflow transition endpoint
MCP/api/mcpModel Context Protocol server

Base URL

Development: http://localhost:3000 Production: https://your-domain.com

Authentication

All endpoints require a Bearer token in the Authorization header, a session cookie, or a static token. See Authentication for details.

Error Format

Two error shapes are used across the API:

Structured envelope (used by most endpoints — items, collections, settings, schema, etc.):

{ "errors": [ { "message": "You don't have permission to access this.", "extensions": { "code": "FORBIDDEN" } } ] }

Simple message (used by auth, MCP settings, and a subset of utility endpoints):

{ "error": "Not authenticated" }
Last updated on