openapi: 3.0.1 info: title: XPipe API Documentation description: | The XPipe API provides programmatic access to XPipe’s features. You can get started by either using this page as an API reference or alternatively import the OpenAPI definition file into your API client of choice: OpenAPI .yaml specification The XPipe application will start up an HTTP server that can be used to send requests. Note that this server is HTTP-only for now as it runs only on localhost. HTTPS requests are not accepted. You can either call the API directly or using the official [XPipe Python API](https://github.com/xpipe-io/xpipe-python-api). To start off with the API, you can query connections based on various filters. With the matched connections, you can start remote shell sessions for each one and run arbitrary commands in them. You get the command exit code and output as a response, allowing you to adapt your control flow based on command outputs. Any kind of passwords and other secrets are automatically provided by XPipe when establishing a shell connection. If a required password is not stored and is set to be dynamically prompted, the running XPipe application will ask you to enter any required passwords. See the authentication handshake below on how to authenticate prior to sending requests. For development, you can also skip the authentication step by disabling it in the settings menu. termsOfService: https://docs.xpipe.io/terms-of-service contact: name: XPipe - Contact us url: mailto:hello@xpipe.io version: "13.0" externalDocs: description: XPipe - Plans and pricing url: https://xpipe.io/pricing servers: - url: http://localhost:21721 description: XPipe Daemon API paths: /handshake: post: summary: Establish a new API session description: | Prior to sending requests to the API, you first have to establish a new API session via the handshake endpoint. In the response you will receive a session token that you can use to authenticate during this session. This is done so that the daemon knows what kind of clients are connected and can manage individual capabilities for clients. If your client is running on the same system as the daemon, you can choose the local authentication method to avoid having to deal with API keys. If your client does not have file system access, e.g. if it is running remotely, then you have to use an API key. Note that for development you can also turn off the required authentication in the XPipe settings menu, allowing you to send unauthenticated requests. operationId: handshake security: [ ] requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/HandshakeRequest' examples: standard: summary: API key handshake value: { "auth": { "type": "ApiKey", "key": "" }, "client": { "type": "Api", "name": "My client name" } } local: summary: Local application handshake value: { "auth": { "type": "Local", "authFileContent": "/xpipe_auth>" }, "client": { "type": "Api", "name": "My client name" } } local-ptb: summary: Local PTB application handshake value: { "auth": { "type": "Local", "authFileContent": "/xpipe_ptb_auth>" }, "client": { "type": "Api", "name": "My client name" } } responses: '200': description: The handshake was successful. The returned token can be used for authentication in this session. The token is valid as long as XPipe is running. content: application/json: schema: $ref: '#/components/schemas/HandshakeResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/InternalServerError' /connection/query: post: summary: Query connections description: | Queries all connections using various filters. The filters support globs and can match the category names and connection names. All matching is case insensitive. operationId: connectionQuery requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionQueryRequest' examples: all: summary: All value: { "categoryFilter": "*", "connectionFilter": "*", "typeFilter": "*" } simple: summary: Simple filter value: { "categoryFilter": "default", "connectionFilter": "local machine", "typeFilter": "*" } globs: summary: Globs value: { "categoryFilter": "*", "connectionFilter": "*/podman/*", "typeFilter": "*" } responses: '200': description: The query was successful. The body contains all matched connections. content: application/json: schema: $ref: '#/components/schemas/ConnectionQueryResponse' examples: standard: summary: Matched connections value: { "found": [ "f0ec68aa-63f5-405c-b178-9a4454556d6b" ] } '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /connection/info: post: summary: Connection information description: | Queries detailed information about a connection. operationId: connectionInfo requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionInfoRequest' examples: simple: summary: Standard value: { "connections": [ "f0ec68aa-63f5-405c-b178-9a4454556d6b" ] } responses: '200': description: The query was successful. The body contains the detailed connection information. content: application/json: schema: $ref: '#/components/schemas/ConnectionInfoResponse' examples: standard: summary: Connection information value: { "infos": [ { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b", "category": [ "default" ] , "name": [ "local machine" ], "type": "local", "rawData": { }, "usageCategory": "shell", "lastUsed": "2024-05-31T11:53:02.408504600Z", "lastModified": "2024-06-23T21:15:25.608097Z", "state": { } } ] } '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /connection/add: post: summary: Add new connection description: | Creates the new connection in the xpipe vault from raw json data. This can also perform an optional validation first to make sure that the connection can be established. If an equivalent connection already exists, no new one will be added. operationId: connectionAdd requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionAddRequest' examples: simple: summary: Add new pwsh shell environment value: { "name": "my connection", "validate": true, "category": "97458c07-75c0-4f9d-a06e-92d8cdf67c40", "data": { "type": "shellEnvironment", "commands": null, "host": { "storeId": "f0ec68aa-63f5-405c-b178-9a4454556d6b" }, "shell": "pwsh", "elevated": false, } } responses: '200': description: The request was successful. The connection was added. content: application/json: schema: $ref: '#/components/schemas/ConnectionAddResponse' examples: standard: summary: Connection information value: { "connection": "36ad9716-a209-4f7f-9814-078d3349280c" } '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /connection/remove: post: summary: Remove connection description: | Removes a set of connection. This includes any possible children associated with the connection. Some connections, for example the local machine, can not be removed. operationId: connectionRemove requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionRemoveRequest' examples: simple: summary: Remove single connection value: { "connections": [ "36ad9716-a209-4f7f-9814-078d3349280c" ] } responses: '200': description: The removal was successful. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /connection/browse: post: summary: Open connection in file browser description: | Creates a new tab in the file browser and opens the specified connections with an optional starting directory. operationId: connectionBrowse requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionBrowseRequest' examples: simple: summary: Open local file browser value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b" } responses: '200': description: The request was successful. The connection was opened. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /connection/terminal: post: summary: Open terminal for shell connection description: | Launches a new terminal session for a connection with an optional specified working directory. operationId: connectionTerminal requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionTerminalRequest' examples: simple: summary: Open terminal for local shell value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b" } responses: '200': description: The request was successful. The connection was opened. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /connection/toggle: post: summary: Toggle state of a connection description: | Updates the state of a connection to either start or stop a session. This can be used for all kinds of services and tunnels. operationId: connectionToggle requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionToggleRequest' examples: simple: summary: Activate connection value: { "connection": "36ad9716-a209-4f7f-9814-078d3349280c", "state": true } responses: '200': description: The request was successful. The connection state was updated. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /connection/refresh: post: summary: Refresh state of a connection description: | Performs a refresh on the specified connection. This will update the connection state information and also any children if the connection type has any. operationId: connectionRefresh requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConnectionRefreshRequest' examples: simple: summary: Refresh connection value: { "connection": "36ad9716-a209-4f7f-9814-078d3349280c" } responses: '200': description: The request was successful. The connection state was updated. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /shell/start: post: summary: Start shell connection description: | Starts a new shell session for a connection. If an existing shell session is already running for that connection, this operation will do nothing. Note that there are a variety of possible errors that can occur here when establishing the shell connection. These errors will be returned with the HTTP return code 500. operationId: shellStart requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ShellStartRequest' examples: local: summary: Start local shell value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b" } responses: '200': description: The operation was successful. The shell session was started. content: application/json: schema: $ref: '#/components/schemas/ShellStartResponse' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /shell/stop: post: summary: Stop shell connection description: | Stops an existing shell session for a connection. This operation will return once the shell has exited. If the shell is busy or stuck, you might have to work with timeouts to account for these cases. operationId: shellStop requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ShellStopRequest' examples: local: summary: Stop local shell value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b" } responses: '200': description: The operation was successful. The shell session was stopped. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /shell/exec: post: summary: Execute command in a shell session description: | Runs a command in an active shell session and waits for it to finish. The exit code and output will be returned in the response. Note that a variety of different errors can occur when executing the command. If the command finishes, even with an error code, a normal HTTP 200 response will be returned. However, if any other error occurs like the shell not responding or exiting unexpectedly, an HTTP 500 response will be returned. operationId: shellExec requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ShellExecRequest' examples: user: summary: echo $USER value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b", "command": "echo $USER" } invalid: summary: invalid value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b", "command": "invalid" } responses: '200': description: The operation was successful. The shell command finished. content: application/json: schema: $ref: '#/components/schemas/ShellExecResponse' examples: user: summary: echo $USER value: { "exitCode": 0, "stdout": "root", "stderr": "" } fail: summary: invalid value: { "exitCode": 127, "stdout": "", "stderr": "invalid: command not found" } '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /fs/blob: post: summary: Store a raw blob to be used later description: | Stores arbitrary binary data in a blob such that it can be used later on to for example write to a remote file. This will return a uuid which can be used as a reference to the blob. You can also store normal text data in blobs if you intend to create text or shell script files with it. operationId: fsData requestBody: required: true content: application/octet-stream: schema: type: string format: binary responses: '200': description: The operation was successful. The data was stored. content: application/json: schema: $ref: '#/components/schemas/FsBlobResponse' examples: success: summary: Success value: { "blob": "854afc45-eadc-49a0-a45d-9fb76a484304" } '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /fs/read: post: summary: Read the content of a remote file description: | Reads the entire content of a remote file through an active shell session. operationId: fsRead requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FsReadRequest' examples: simple: summary: Read file value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b", "path": "/home/user/myfile.txt" } responses: '200': description: The operation was successful. The file was read. content: application/octet-stream: schema: type: string format: binary '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /fs/write: post: summary: Write a blob to a remote file description: | Writes blob data to a file through an active shell session. operationId: fsWrite requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FsWriteRequest' examples: simple: summary: Write simple file value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b", "blob": "854afc45-eadc-49a0-a45d-9fb76a484304", "path": "/home/user/myfile.txt" } responses: '200': description: The operation was successful. The file was written. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /fs/script: post: summary: Create a shell script file from a blob description: | Creates a shell script in the temporary directory of the file system that is access through the shell connection. This can be used to run more complex commands on remote systems. operationId: fsScript requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FsScriptRequest' examples: standard: summary: Standard write value: { "connection": "f0ec68aa-63f5-405c-b178-9a4454556d6b", "blob": "854afc45-eadc-49a0-a45d-9fb76a484304" } responses: '200': description: The operation was successful. The script file was created. content: application/json: schema: $ref: '#/components/schemas/FsScriptResponse' examples: success: summary: Success value: { "path": "/tmp/exec-123.sh" } '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' /daemon/version: post: summary: Query daemon version description: Retrieves version information from the daemon operationId: daemonVersion responses: '200': description: The operation was successful content: application/json: schema: $ref: '#/components/schemas/DaemonVersionResponse' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' components: schemas: ShellStartRequest: type: object properties: connection: type: string description: The connection uuid required: - connection ShellStartResponse: type: object properties: shellDialect: type: integer description: The shell dialect osType: type: string description: The general type of operating system osName: type: string description: The display name of the operating system ttyState: type: string description: Whether a tty/pty has been allocated for the connection. If allocated, input and output will be unreliable. It is not recommended to use a shell connection then. temp: type: string description: The location of the temporary directory required: - shellDialect - osType - osName - temp ShellStopRequest: type: object properties: connection: type: string description: The connection uuid required: - connection ShellExecRequest: type: object properties: connection: type: string description: The connection uuid command: type: string description: The command to execute required: - connection - command ShellExecResponse: type: object properties: exitCode: type: integer description: The exit code of the command stdout: type: string description: The stdout output of the command stderr: type: string description: The stderr output of the command required: - exitCode - stdout - stderr FsBlobResponse: type: object properties: blob: type: string description: The data uuid required: - blob FsWriteRequest: type: object properties: connection: type: string description: The connection uuid blob: type: string description: The blob uuid path: type: string description: The target filepath required: - connection - blob - path FsReadRequest: type: object properties: connection: type: string description: The connection uuid path: type: string description: The target file path required: - connection - path FsScriptRequest: type: object properties: connection: type: string description: The connection uuid blob: type: string description: The blob uuid required: - connection - blob FsScriptResponse: type: object properties: path: type: string description: The generated script file path required: - path ConnectionQueryRequest: type: object properties: categoryFilter: type: string description: The filter string to match categories. Categories are delimited by / if they are hierarchical. The filter supports globs. connectionFilter: type: string description: The filter string to match connection names. Connection names are delimited by / if they are hierarchical. The filter supports globs. typeFilter: type: string description: The filter string to connection types. Every unique type of connection like SSH or docker has its own type identifier that you can match. The filter supports globs. required: - categoryFilter - connectionFilter - typeFilter ConnectionQueryResponse: type: object properties: found: type: array description: The found connections items: type: string description: The connection uuid required: - found ConnectionInfoRequest: type: object properties: connections: type: array description: The connections items: type: string description: The unique id of the connection required: - connections ConnectionInfoResponse: type: array items: type: object description: The array of information for each connection properties: connection: type: string description: The unique id of the connection category: type: array description: The full category path as an array items: type: string description: Individual category name name: type: array description: The full connection name path as an array items: type: string description: Individual connection name type: type: string description: The type identifier of the connection rawData: type: object description: The raw internal configuration data for the connection. The schema for these is internal and should not be relied upon. usageCategory: type: string description: The category of how this connection can be used. enum: - shell - tunnel - script - database - command - desktop - group lastModified: type: string description: The timestamp of when the connection configuration was last modified in ISO 8601 lastUsed: type: string description: The timestamp of when the connection was last launched in ISO 8601 state: type: object description: The internal persistent state information about the connection cache: type: object description: The temporary cache data for the connection required: - connection - category - name - type - rawData - usageCategory - lastUsed - lastModified - state - cache ConnectionRefreshRequest: type: object properties: connection: type: string description: The connection uuid required: - connection ConnectionAddRequest: type: object properties: name: type: string description: The connection name data: type: object description: The raw connection store data. Schemas for connection types are not documented but you can find the connection data of your existing connections in the xpipe vault. validate: type: boolean description: Whether to perform a connection validation before adding it, i.e., probe the connection first. If validation is enabled and fails, the connection will not be added required: - name - data - validate ConnectionAddResponse: type: object properties: connection: type: string description: The connection uuid required: - connection ConnectionRemoveRequest: type: object properties: connections: type: array description: The connections to remove items: type: string description: The unique id of the connection required: - connections ConnectionBrowseRequest: type: object properties: directory: type: string description: The optional directory to browse to connection: type: string description: The connection uuid required: - directory - connection ConnectionToggleRequest: type: object properties: state: type: boolean description: The state to switch to connection: type: string description: The connection uuid required: - state - connection ConnectionTerminalRequest: type: object properties: directory: type: string description: The optional directory to use as the working directory connection: type: string description: The connection uuid required: - directory - connection HandshakeRequest: type: object properties: auth: $ref: '#/components/schemas/AuthMethod' client: $ref: '#/components/schemas/ClientInformation' required: - auth - client HandshakeResponse: type: object properties: sessionToken: type: string description: The generated bearer token that can be used for authentication in this session required: - sessionToken DaemonVersionResponse: type: object properties: version: type: string description: The version of the running daemon canonicalVersion: type: string description: The canonical version of the running daemon buildVersion: type: string description: The build timestamp jvmVersion: type: string description: The version of the Java Virtual Machine in which the daemon is running pro: type: boolean description: Whether the daemon supports professional edition features required: - version - canonicalVersion - buildVersion - jvmVersion - pro AuthMethod: discriminator: propertyName: type mapping: apiKey: '#/components/schemas/ApiKey' local: '#/components/schemas/Local' oneOf: - $ref: '#/components/schemas/ApiKey' - $ref: '#/components/schemas/Local' ApiKey: description: API key authentication type: object properties: type: type: string key: type: string description: The API key required: - key - type Local: description: | Authentication method for local applications. Uses file system access as proof of authentication. You can find the authentication file at: - %TEMP%\xpipe_auth on Windows - $TMP/xpipe_auth on Linux - $TMPDIR/xpipe_auth on macOS For the PTB releases the file name is changed to xpipe_ptb_auth to prevent collisions. As the temporary directory on Linux is global, the daemon might run as another user and your current user might not have permissions to access the auth file. type: object properties: type: type: string authFileContent: type: string description: The contents of the local file /xpipe_auth. This file is automatically generated when XPipe starts. required: - authFileContent - type ClientInformation: type: object discriminator: propertyName: type properties: type: type: string required: - type ApiClientInformation: description: Provides information about the client that connected to the XPipe API. allOf: - $ref: '#/components/schemas/ClientInformation' - type: object properties: name: type: string description: The name of the client. required: - name ClientErrorResponse: description: Error returned in case of a client exception type: object properties: message: type: string description: The error message required: - message ServerErrorResponse: description: Error returned in case of a server exception with HTTP code 500 type: object properties: error: type: object description: The exception information properties: cause: type: object description: The exception cause stackTrace: type: array description: The java stack trace information suppressed: type: array description: Any suppressed exceptions localizedMessage: type: string description: Not used message: type: string description: The error message required: - message required: - error responses: Success: description: The action was successfully performed. BadRequest: description: Bad request. Please check error message and your parameters. content: application/json: schema: $ref: '#/components/schemas/ClientErrorResponse' Unauthorized: description: Authorization failed. Please supply a `Bearer` token via the `Authorization` header. Forbidden: description: Authorization failed. Please supply a valid `Bearer` token via the `Authorization` header. NotFound: description: The requested resource could not be found. InternalServerError: description: Internal error. content: application/json: schema: $ref: '#/components/schemas/ServerErrorResponse' securitySchemes: bearerAuth: type: http scheme: bearer description: The bearer token used is the session token that you receive from the handshake exchange. security: - bearerAuth: [ ]