K0nsult API OpenAPI Specification v1.0

K0nsult CNC REST API

Base URL: https://k0nsult.fly.dev | All responses are JSON. Authentication varies by endpoint group. Timestamps are ISO 8601 UTC.

Auth methods: No auth (public), CSRF token (from GET /api/csrf-token), x-konsult-secret (server-to-server), x-konsult-read (read-only key).

Categories

Health

2 endpoints
GET /health Server health check No auth

Description

Returns server status. Used by Fly.io health checks and uptime monitors. Excluded from request logging.

Response

{
  "ok": true,
  "status": "operational",
  "ts": "2026-03-24T12:00:00.000Z"
}
GET /api/csrf-token Get CSRF token for form submissions No auth

Description

Returns a CSRF token required by POST /api/contact and POST /api/demo. Token must be sent as a header or in the request body.

Response

{
  "csrfToken": "abc123..."
}

N8N Workflow Engine

8 endpoints
GET /api/n8n/policy/default Get default workflow policy No auth

Description

Returns the default policy configuration applied to all n8n workflows. Includes approval thresholds, escalation rules, and timeout settings.

Response

{
  "ok": true,
  "policy": { ... }
}
GET /api/n8n/audit/{workflowId} Get audit trail for a workflow No auth

Description

Returns the complete audit trail for a specific workflow execution, including all decisions, approvals, and state transitions.

Path Parameters

ParamTypeDescription
workflowIdstringN8N workflow execution ID

Response

{
  "ok": true,
  "audit": [ { "ts": "...", "action": "...", "agent": "...", "detail": "..." } ]
}
POST /api/n8n/pre-check Pre-execution policy check x-konsult-secret

Description

Validates a workflow execution against configured policies before it runs. Called by n8n before executing sensitive workflows.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "workflowId": "string",
  "workflowName": "string",
  "params": { }
}

Response

{
  "ok": true,
  "approved": true|false,
  "reason": "string"
}
POST /api/n8n/execution-log Log workflow execution result x-konsult-secret

Description

Records the result of an n8n workflow execution. Stores status, duration, errors, and output summary for audit trail.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "workflowId": "string",
  "executionId": "string",
  "status": "success|error|timeout",
  "duration_ms": 1234,
  "output": { }
}
POST /api/n8n/pause-for-approval Pause execution pending approval x-konsult-secret

Description

Pauses a running workflow execution and creates an approval request. The workflow will remain paused until approved or cancelled.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "workflowId": "string",
  "executionId": "string",
  "reason": "string",
  "approver": "string"
}
POST /api/n8n/resume-after-approval Resume paused execution x-konsult-secret

Description

Resumes a previously paused workflow execution after approval has been granted.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "executionId": "string",
  "approvedBy": "string",
  "notes": "string"
}
POST /api/n8n/cancel-execution Cancel a workflow execution x-konsult-secret

Description

Cancels a running or paused workflow execution. Records cancellation reason in audit trail.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "executionId": "string",
  "reason": "string",
  "cancelledBy": "string"
}
POST /api/n8n/escalate Escalate workflow issue x-konsult-secret

Description

Escalates a workflow issue to a higher authority (e.g., 0n40i4). Creates a notification and audit record.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "workflowId": "string",
  "executionId": "string",
  "severity": "low|medium|high|critical",
  "message": "string"
}
POST /api/n8n/register-exception Register policy exception x-konsult-secret

Description

Registers an exception to the standard workflow policy. Requires justification and is logged for compliance review.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "workflowId": "string",
  "exceptionType": "string",
  "justification": "string",
  "registeredBy": "string",
  "expiresAt": "ISO 8601 datetime"
}

Forum & Moderation

3 endpoints
GET /api/forum/mod-stats Get moderation statistics No auth

Description

Returns aggregate moderation statistics for the forum, including total actions, auto-moderated count, and flagged posts.

Response

{
  "ok": true,
  "stats": {
    "total_actions": 123,
    "auto_moderated": 98,
    "manual_review": 25,
    "flagged": 5
  }
}
GET /api/forum/auto-scan Trigger automatic forum scan No auth

Description

Triggers an automatic scan of recent forum posts for policy violations, spam, and inappropriate content. Returns scan results.

Response

{
  "ok": true,
  "scanned": 42,
  "flagged": 2,
  "actions": [ ... ]
}
POST /api/forum/auto-moderate Execute auto-moderation action No auth

Description

Applies automatic moderation to a specified forum post based on configured rules and AI content analysis.

Request Body

{
  "postId": "string",
  "action": "flag|hide|warn|approve",
  "reason": "string"
}

Response

{
  "ok": true,
  "action_taken": "flag",
  "postId": "string"
}

Agents

3 endpoints
GET /api/agents/runtime-status Get all agent runtime statuses No auth

Description

Returns current runtime status for all registered agents, including active/suspended state, last heartbeat, and resource usage.

Response

{
  "ok": true,
  "agents": [
    {
      "agent_id": "K02",
      "status": "ACTIVE",
      "runtime": "claude-opus-4-20250514",
      "last_heartbeat": "2026-03-24T12:00:00Z"
    }
  ]
}
POST /api/agents/map-to-runtime Map agent to runtime environment x-konsult-secret

Description

Maps a registered agent to a specific runtime environment (LLM model, API key, execution context). Used during agent deployment.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "agent_id": "string",
  "runtime": "string",
  "config": { }
}
POST /api/agents/suspend-runtime Suspend agent runtime x-konsult-secret

Description

Suspends an agent's runtime environment. The agent will no longer process requests until re-mapped. Used for maintenance or policy violations.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "agent_id": "string",
  "reason": "string",
  "suspendedBy": "string"
}

Reports

2 endpoints
POST /api/reports Submit a new report x-konsult-secret

Description

Submits a new report to the system. Used by agents and automated cron jobs to store daily, weekly, or ad-hoc reports.

Headers

HeaderRequiredDescription
x-konsult-secretYesServer-to-server authentication secret

Request Body

{
  "type": "daily|weekly|audit|incident",
  "title": "string",
  "content": "string (HTML or plain text)",
  "author": "string (agent_id)",
  "metadata": { }
}
GET /api/reports List reports x-konsult-read

Description

Returns a list of reports. Supports filtering by type, date range, and author. Requires read-only API key.

Headers

HeaderRequiredDescription
x-konsult-readYesRead-only authentication key

Query Parameters

ParamTypeDescription
typestringFilter by report type
fromISO dateStart date filter
toISO dateEnd date filter
limitnumberMax results (default 50)

Response

{
  "ok": true,
  "reports": [
    {
      "id": 1,
      "type": "daily",
      "title": "...",
      "author": "K02",
      "created_at": "2026-03-24T06:00:00Z"
    }
  ]
}

Chat

1 endpoint
POST /api/chat Send chat message No auth

Description

Sends a message to the K0nsult chat agent. Accepts a conversation history and returns the assistant's response. Used by the front-end chat widget.

Request Body

{
  "messages": [
    { "role": "user", "content": "string" },
    { "role": "assistant", "content": "string" }
  ]
}

Response

{
  "ok": true,
  "reply": "string"
}

Contact & Demo

3 endpoints
GET /api/check-inbox Check email inbox for new messages No auth

Description

Checks the K0nsult IMAP inbox for new (unseen) emails, parses them, saves to database, and sends auto-reply acknowledgments.

Response

{
  "ok": true,
  "newMessages": 3,
  "emails": [ { "from": "...", "subject": "...", "date": "..." } ]
}
POST /api/contact Submit contact form CSRF token

Description

Submits a contact/order form. Sends confirmation email to the client and notification to the internal team. Rate limited to 5 req/15min.

Auth

Requires a valid CSRF token obtained from GET /api/csrf-token.

Request Body

FieldTypeRequiredDescription
namestringYesClient full name
emailstringYesClient email address
companystringNoCompany name
needstringYesDescription of project need
budgetstringNoBudget range

Response

{
  "ok": true,
  "message": "Contact form submitted successfully"
}
POST /api/demo Request a demo CSRF token

Description

Submits a demo request. Rate limited to 5 req/15min. Requires valid CSRF token.

Auth

Requires a valid CSRF token obtained from GET /api/csrf-token.

Response

{
  "ok": true,
  "message": "Demo request submitted"
}
K0nsult CNC | CODE NO CODE | API Spec v1.0 | Generated 2026-03-24