owlette docs
api

owlette API overview

the owlette public API lets you automate fleet operations from scripts, CI, internal tools, and SDKs. use it to inspect sites and machines, queue commands, manage deployments, publish roost content, run Cortex diagnostics, manage webhooks, and read logs.

The dashboard and API operate on the same underlying resources. Use the dashboard for exploration and one-off admin work; use the API when the workflow should be repeatable, audited, or integrated into another system.


base URLs

environmentbase URL
productionhttps://owlette.app
developer previewhttps://dev.owlette.app
local developmenthttp://localhost:3000

Public API paths are rooted at /api. The rendered endpoint reference is available at /docs/api, with raw OpenAPI JSON at /api/openapi.

scalar api reference


core resources

resourcepurpose
sitestenant boundary for machines, quotas, logs, webhooks, deployments, and roost content
machinesWindows agents registered to a site
commandsasync work queued to a machine, such as screenshots or process actions
deploymentsclassic installer fan-out records and per-target status
roostscontent-addressed project bundles, versions, chunks, rollouts, and rollback
Cortexsite and machine diagnostics over /api/cortex/conversations
webhooksoutbound event subscriptions and delivery history
API keysscoped credentials for automation

shared conventions

  • Authentication uses scoped owk_live_* and owk_test_* API keys in Authorization: Bearer ...; dashboard and setup flows may use Firebase ID tokens or sessions. See authentication.
  • Errors: Most public errors use application/problem+json; routes using the shared problem helper include stable code, docsUrl, and requestId fields, but some compatibility routes still return a smaller problem body. See errors.
  • Pagination uses page_size, page_token, and next_page_token, with documented compatibility aliases on older routes. See pagination.
  • Idempotency uses Idempotency-Key for safe retries of mutating requests. See idempotency.
  • Rate limits use RateLimit-*, Retry-After, and Roost-Rate-Limited-Reason headers where the active limiter can report them. See rate limits.

developer path

  1. Start with the quickstart: create a key, verify auth, list inventory, queue a safe machine command, and poll it.
  2. Read the shared convention pages: authentication, pagination, idempotency, errors, and rate limits.
  3. Use the interactive reference for operation-level scopes, parameters, required idempotency headers, and response shapes.
  4. Check the SDK/CLI distribution gate, then use the SDK docs for Node and Python when you want typed clients.
  5. Move to the resource guide you need: chunks, versions, cortex, or webhooks.

on this page