HTTP API
This page documents the HTTP surface exposed by gestaltd.
Authentication Model
Authenticated routes accept:
- the
session_tokencookie - or
Authorization: Bearer <token>
For proxy routes, Gestalt also understands:
Proxy-Authorization: Bearer <token>
Valid bearer tokens are:
- platform session tokens
- Gestalt API tokens (
gst_api_...)
Unauthenticated Routes
| Method | Path | Purpose |
|---|---|---|
GET | /health | Basic liveness check. |
GET | /ready | Readiness check. Returns 503 until providers and datastore are ready. |
GET | /api/v1/auth/info | Returns platform auth metadata. |
POST | /api/v1/auth/login | Starts platform login. |
GET | /api/v1/auth/login/callback | Completes platform login. |
POST | /api/v1/auth/logout | Clears the current platform session. |
GET | /api/v1/auth/callback | Completes integration OAuth. |
POST | /api/v1/auth/pending-connection | Render or finalize a multi-candidate connection choice using a pending connection token. |
Authenticated User Routes
Integrations
| Method | Path | Purpose |
|---|---|---|
GET | /api/v1/integrations | List integrations, connection state, auth types, instances, icons, and connection parameter hints. |
DELETE | /api/v1/integrations/{name} | Disconnect an integration. Use ?instance=... when more than one connection exists. |
GET | /api/v1/integrations/{name}/operations | List operations for one integration. |
GET or POST | /api/v1/{integration}/{operation} | Invoke an integration operation. |
Integration Connection Flows
| Method | Path | Purpose |
|---|---|---|
POST | /api/v1/auth/start-oauth | Start an integration OAuth flow. |
POST | /api/v1/auth/connect-manual | Submit manual integration credentials. |
API Tokens
| Method | Path | Purpose |
|---|---|---|
POST | /api/v1/tokens | Create an API token. Plaintext is returned once. |
GET | /api/v1/tokens | List API tokens for the current user. |
DELETE | /api/v1/tokens/{id} | Revoke an API token. |
DELETE | /api/v1/tokens | Revoke all API tokens for the current user. |
Binding Discovery
| Method | Path | Purpose |
|---|---|---|
GET | /api/v1/bindings | List configured bindings. |
Dynamic Binding Routes
Bindings may add routes under:
/api/v1/bindings/{binding-name}/...The exact paths and auth behavior depend on the binding type and its config.
MCP
If any integration is MCP-enabled, Gestalt also mounts:
| Method | Path | Purpose |
|---|---|---|
GET or POST | /mcp | Model Context Protocol endpoint. |
/mcp is authenticated with the same session or bearer-token middleware as the rest of the authenticated API.
Invocation Semantics
When you call:
/api/v1/{integration}/{operation}Gestalt:
- authenticates the caller
- resolves the target provider and operation
- resolves credentials based on the connection’s
mode - auto-selects an instance when there is exactly one
- fails with an ambiguity error when there are multiple instances and none is specified
- refreshes OAuth tokens when needed
- executes the provider operation
Parameter Conventions
GETinvocations read parameters from the query stringPOSTinvocations read parameters from a JSON body_instancecan be supplied when an integration has more than one stored connection
Example
curl http://localhost:8080/api/v1/httpbin/get_headers