API Reference
The localskills.sh REST API powers all platform functionality. Full interactive documentation is available at /api-docs.
Authentication
All API endpoints accept two authentication methods:
Session cookie — Automatically included when signed in via the browser. Managed by Better Auth.
Bearer token — Pass an API token in the Authorization header:
Authorization: Bearer lsk_your_token_hereAll endpoints accept either method. Bearer tokens are recommended for programmatic access, CI/CD pipelines, and CLI usage. Personal tokens start with lsk_; organization tokens start with lskt_.
Endpoints overview
Skills — Create, list, update, and delete skills. Manage versions (publish, revert), download content and packages, and view analytics.
Folders — Manage each organization's folder tree and per-folder access restrictions.
Organizations — Create and manage organizations, invite members, assign roles, manage teams and custom roles, and upload avatars.
Organization tokens & OIDC — Issue and revoke organization API tokens, manage CI/CD trust policies, and exchange pipeline OIDC tokens for short-lived access.
SSO — Configure SAML 2.0 connections, retrieve SP metadata, and manage identity provider settings and domain verification.
SCIM — SCIM 2.0 endpoints for automated user and group provisioning, provider configuration, schemas, and resource types.
User — Manage your profile, create and revoke API tokens, and view your audit log.
CLI Auth — Device code flow for CLI authentication. The CLI initiates a device code request, the user approves in the browser, and the CLI polls for completion.
For full endpoint details, request and response schemas, and interactive testing, visit the interactive API documentation.