API & automation
REST API
The control plane is fully programmable over a documented OpenAPI 3.1 REST API, authenticated by session cookie or org API key.
Everything you can do in the console is a REST endpoint. The API is described by an OpenAPI 3.1 document generated from the route definitions themselves, so it never drifts from the implementation.
- Interactive reference: /api/reference — browse endpoints, schemas, and try requests.
- Raw spec: /api/openapi.json — feed it to a client generator.
Base URL & shape
Section titled “Base URL & shape”https://cloud.backlex.com/apiOrg-scoped routes live under /api/org/{slug}/…. Responses are JSON. Errors use a uniform envelope:
{ "error": { "code": "FORBIDDEN", "message": "Insufficient role for this action" } }| Status | Meaning |
|---|---|
401 | Not authenticated |
403 | Authenticated but insufficient role |
404 | Org / resource not found |
422 | Request validation failed (code: "VALIDATION") |
429 | Rate limited |
Authentication
Section titled “Authentication”Two ways to authenticate:
- Session cookie — the browser SPA sends it automatically. Good for first-party use.
- API key —
Authorization: Bearer pak_…. Good for scripts, CI, and agents. See API keys.
curl https://cloud.backlex.com/api/org/<org>/projects \ -H "Authorization: Bearer pak_..."Endpoint groups
Section titled “Endpoint groups”The reference groups endpoints by area: Organization (members, settings, audit, usage, invitations, SCIM), Projects (CRUD, lifecycle, backups, domains, branches, deploys, errors, alarms), Integrations (API keys, integrations, webhooks, notifications), Enterprise SSO, and Billing.