REST API Reference
The Strongly REST API provides programmatic access to all platform resources. All endpoints are served at https://<your-instance>/api/v1.
Base URL
https://<your-instance>/api/v1
Replace <your-instance> with your Strongly instance hostname (e.g., mycompany.strongly.ai).
Authentication
All API requests require authentication via an API key. Include your key in the X-API-Key header:
curl -H "X-API-Key: sk-prod-your-key-here" \
https://<your-instance>/api/v1/auth/whoami
Creating an API Key
Create API keys in the Strongly UI under Profile > Security > API Keys, or via the session-authenticated API key endpoints.
Scopes
API keys are scoped to specific permissions. Available scopes:
| Scope | Description |
|---|---|
apps:read | Read app information |
apps:write | Create, update, delete apps |
apps:deploy | Deploy, start, stop, restart apps |
addons:read | Read addon information |
addons:write | Create, update, delete addons |
addons:deploy | Start, stop, restart addons |
datasources:read | Read data source information |
datasources:write | Create, update, delete data sources |
workflows:read | Read workflows and executions |
workflows:write | Create, update, delete workflows |
workflows:execute | Execute and stop workflows |
projects:read | Read project information |
projects:write | Create, update, delete projects |
workspaces:read | Read workspace information |
workspaces:write | Create, update, delete workspaces |
volumes:read | Read volume information |
volumes:write | Create, update, delete volumes |
ai-gateway:read | Read AI models and analytics |
ai-gateway:write | Create, update, delete AI models |
ai-gateway:inference | Run chat completions, embeddings |
fine-tuning:read | Read fine-tuning jobs |
fine-tuning:write | Create, manage fine-tuning jobs |
ml-workbench:read | Read experiments and AutoML jobs |
ml-workbench:write | Create, manage experiments and AutoML |
model-registry:read | Read model registry |
model-registry:write | Register and deploy models |
governance:read | Read governance policies and compliance |
governance:write | Create, manage governance resources |
finops:read | Read cost and budget data |
finops:write | Create, manage budgets and schedules |
users:read | Read user information |
users:write | Update own profile |
organizations:read | Read organization information |
organizations:write | Manage org members and invitations |
admin | Full admin access |
* | Wildcard — all scopes |
Scope Bundles:
Bundles expand to a set of individual scopes when assigned to a key.
| Bundle | Includes |
|---|---|
read-only | All *:read scopes + marketplace:read |
developer | Read + write for apps, addons, datasources, workflows (incl. execute), projects, workspaces, volumes, AI gateway (incl. inference), fine-tuning, ML workbench, model registry. Read-only for governance, finops, users, organizations. Includes marketplace:read, marketplace:deploy |
ci-cd | apps:read, apps:write, apps:deploy, workflows:read, workflows:write, workflows:execute, addons:read, datasources:read, marketplace:read, marketplace:deploy |
ml-ops | ai-gateway:read, ai-gateway:write, ai-gateway:inference, fine-tuning:read, fine-tuning:write, ml-workbench:read, ml-workbench:write, model-registry:read, model-registry:write |
full-access | Wildcard * (all scopes) |
Rate Limiting
Requests are rate-limited per API key using a sliding window:
| Tier | Limit | Applied To |
|---|---|---|
| Standard | 120 req/min | Default for all endpoints |
| Inference | 300 req/min | AI chat, completions, embeddings endpoints |
| Bulk | 30 req/min | Bulk import endpoints |
| Admin | 600 req/min | Keys with admin or * scope |
Rate limit headers are included in every response:
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 119
X-RateLimit-Reset: 1706000000
When rate limited, the API returns 429 Too Many Requests with a Retry-After header.
Pagination
List endpoints return paginated results. Use these query parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | integer | 50 | Items per page (max: 200) |
offset | integer | 0 | Number of items to skip |
sort | string | -createdAt | Sort field. Prefix with - for descending |
Paginated Response Format:
{
"data": [ ... ],
"meta": {
"total": 150,
"limit": 50,
"offset": 0,
"hasMore": true,
"requestId": "req_abc123"
}
}
The X-Total-Count header is also set on paginated responses.
Response Format
Success Response (200/201)
{
"data": { ... },
"meta": {
"requestId": "req_abc123"
}
}
Delete Response (204)
Empty body with 204 No Content status.
Error Response (4xx/5xx)
{
"error": {
"code": "not-found",
"message": "Resource not found",
"status": 404,
"requestId": "req_abc123"
}
}
The details field is included when additional context is available (e.g., validation errors, scope requirements):
{
"error": {
"code": "scope-required",
"message": "Scope 'apps:read' is required for this operation",
"status": 403,
"requestId": "req_abc123",
"details": {
"requiredScope": "apps:read",
"currentScopes": ["workflows:read"]
}
}
}
Error Codes:
| Code | Status | Description |
|---|---|---|
unauthorized | 401 | Invalid or missing API key |
forbidden | 403 | Insufficient permissions |
scope-required | 403 | API key missing required scope (response includes requiredScope and currentScopes in details) |
not-found | 404 | Resource does not exist |
validation-error | 400 | Invalid request parameters (or 413 if body exceeds 10 MB) |
duplicate | 409 | Resource conflict (e.g., duplicate name) |
resource-in-use | 422 | Resource is currently in use |
action-in-progress | 422 | An action is already in progress |
rate-limited | 429 | Too many requests |
backend-unavailable | 502 | Backend service unreachable (or 504 on timeout) |
internal-error | 500 | Internal server error |
Quick Start
Test your API key with a single curl command:
curl -H "X-API-Key: sk-prod-your-key-here" \
https://<your-instance>/api/v1/auth/whoami
A successful response returns your user, organization, and key details. If you get a 401 error, see the Authentication Troubleshooting guide.
API Sections
| Section | Endpoints | Description |
|---|---|---|
| Authentication | 6 | API keys and identity |
| Apps | 11 | Application lifecycle |
| Addons | 18 | Managed databases and services |
| Data Sources | 9 | External data connections |
| Workflows | 17 | Workflow pipelines |
| Executions | 7 | Workflow execution history |
| Workflow Nodes | 8 | Node catalog |
| AI Inference | 3 | Chat completions, embeddings |
| AI Models | 14 | AI model catalog and lifecycle |
| AI Provider Keys | 6 | Provider API key management |
| AI Analytics | 5 | AI usage analytics |
| Fine-Tuning | 13 | Fine-tune language models |
| Experiments | 9 | ML experiment tracking |
| AutoML | 9 | Automated machine learning |
| Model Registry | 6 | Model versioning and deployment |
| Projects | 15 | Project management |
| Workspaces | 12 | Development environments |
| Volumes | 8 | Persistent storage |
| Users | 8 | User management |
| Organizations | 12 | Organization management |
| Governance | 40 | Policies, solutions, compliance |
| FinOps | 34 | Costs, budgets, schedules |