D driftstack
Start

API reference

Every endpoint, every shape.

The Driftstack API is documented as an OpenAPI 3.1 spec generated from the same Zod schemas the server uses at runtime. There is no second source of truth — if a route exists, it's in the spec; if it's in the spec, the SDK has typed bindings for it.

Open interactive reference → Download openapi.json

Interactive reference uses Scalar — try requests against your API key directly in the browser.

Surface map

Routes, grouped.

Sessions

  • POST /v1/sessions
  • GET /v1/sessions
  • GET /v1/sessions/:id
  • POST /v1/sessions/:id/navigate
  • POST /v1/sessions/:id/interact
  • POST /v1/sessions/:id/wait
  • GET /v1/sessions/:id/state
  • POST /v1/sessions/:id/capture
  • DELETE /v1/sessions/:id

Profiles

  • POST /v1/profiles
  • GET /v1/profiles
  • GET /v1/profiles/:id
  • PATCH /v1/profiles/:id
  • DELETE /v1/profiles/:id

API keys

  • POST /v1/api-keys
  • GET /v1/api-keys
  • POST /v1/api-keys/:id/rotate
  • DELETE /v1/api-keys/:id

Webhooks

  • POST /v1/webhooks
  • GET /v1/webhooks
  • GET /v1/webhooks/:id
  • DELETE /v1/webhooks/:id
  • GET /v1/webhooks/:id/deliveries
  • POST /v1/webhook-deliveries/:id/replay

Account

  • GET /v1/account/me
  • GET /v1/account/audit-log
  • GET /v1/account/audit-log/export
  • GET /v1/account/email-preferences
  • PUT /v1/account/email-preferences
  • GET /v1/account/rate-limits

Team

  • POST /v1/team/invites
  • GET /v1/team/invites
  • POST /v1/team/invites/accept
  • GET /v1/team/members
  • DELETE /v1/team/members/:id

Status

  • GET /v1/status
  • GET /v1/status/stream
  • GET /v1/status/sla
  • POST /v1/status/subscribe
  • POST /v1/status/subscribe/confirm
  • POST /v1/status/subscribe/unsubscribe

Auth flows

  • POST /v1/auth/signup
  • POST /v1/auth/login
  • POST /v1/auth/logout
  • POST /v1/auth/verify-email
  • POST /v1/auth/magic-link
  • POST /v1/auth/password-reset
  • POST /v1/auth/refresh

Billing

  • POST /v1/billing/checkout
  • POST /v1/billing/portal
  • POST /v1/billing/trial-pack
  • GET /v1/billing

Spec posture

Stable contract. Versioned. Auto-generated.

  • Every endpoint has Zod schemas for request + response. The OpenAPI 3.1 spec is generated from the schemas — there is no second source of truth.
  • Every error case maps to an RFC 7807 application/problem+json response with a stable type URI.
  • Breaking changes ship under a new path version. /v1 stays stable; /v2 would be a new prefix, not a silent shape change.