Files
CyberStrikeAI/docs/en-US/api-reference.md
T
2026-07-07 14:04:18 +08:00

2.4 KiB

API Reference

中文

CyberStrikeAI exposes built-in OpenAPI docs:

/api-docs
GET /api/openapi/spec

The OpenAPI spec is protected to avoid exposing the API surface to unauthenticated users.

Authentication

Login:

POST /api/auth/login
Content-Type: application/json

{"password":"your-password"}

The auth middleware accepts token from:

  1. Authorization: Bearer <token>
  2. Authorization: <token>
  3. ?token=<token>
  4. auth_token cookie

Prefer Authorization: Bearer for scripts. Query tokens can leak through logs.

Agent APIs

Single-agent:

  • POST /api/eino-agent
  • POST /api/eino-agent/stream

Multi-agent:

  • POST /api/multi-agent
  • POST /api/multi-agent/stream

orchestration may be deep, plan_execute, or supervisor.

SSE Notes

Streaming endpoints are long-lived. Clients should:

  • handle error events;
  • wait for done;
  • avoid blindly replaying destructive requests;
  • disable proxy buffering;
  • pass conversationId when continuing a conversation.

Stability Tiers

API type Stability Recommendation
/api/auth/* high safe to integrate
/api/eino-agent* high preferred chat entry
/api/openapi/spec high client generation
/api/config* medium admin automation only
/api/c2/*, /api/webshell/* medium high-risk, restrict access
frontend private calls low avoid plugin dependency

Common Areas

  • Conversations: /api/conversations
  • Projects/facts: /api/projects
  • Vulnerabilities: /api/vulnerabilities
  • Knowledge: /api/knowledge/*
  • Roles: /api/roles
  • Skills: /api/skills
  • External MCP: /api/external-mcp
  • Monitoring: /api/monitor
  • Audit: /api/audit
  • C2: /api/c2
  • WebShell: /api/webshell

Curl Example

curl -k https://127.0.0.1:8080/api/conversations \
  -H "Authorization: Bearer <token>"
curl -k https://127.0.0.1:8080/api/eino-agent \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"message":"Run authorized basic recon against 127.0.0.1; avoid high-risk actions."}'

Source Anchors

  • Routes: internal/app/app.go
  • Auth middleware: internal/security/auth_middleware.go
  • OpenAPI: internal/handler/openapi.go
  • Single-agent: internal/handler/eino_single_agent.go
  • Multi-agent: internal/handler/multi_agent.go