All API endpoints accept two authentication methods:

Session cookie — Automatically included when signed in via the browser. Managed by NextAuth.

Bearer token — Pass an API token in the Authorization header:

Authorization: Bearer lsk_your_token_here

All endpoints accept either method. Bearer tokens are recommended for programmatic access, CI/CD pipelines, and CLI usage.

Skills — Create, list, update, and delete skills. Manage versions, track downloads, and view analytics.

Teams — Create and manage teams, invite members, assign roles, and upload avatars.

SSO — Configure SAML 2.0 connections, retrieve SP metadata, and manage identity provider settings.

SCIM — SCIM 2.0 endpoints for automated user and group provisioning, provider configuration, schemas, and resource types.

User — Manage your profile, create and revoke API tokens, and view your audit log.

CLI Auth — Device code flow for CLI authentication. The CLI initiates a device code request, the user approves in the browser, and the CLI polls for completion.

For full endpoint details, request and response schemas, and interactive testing, visit the interactive API documentation.