API Endpoints
Crude Functions provides a comprehensive REST API for programmatic management.
Authentication:
- All
/api/*endpoints require authentication via session cookie (web UI) ORX-API-Keyheader - The
X-API-Keymust belong to an authorized group (configurable in Settings,managementby default)
Functions
Section titled “Functions”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/functions | List all functions |
| GET | /api/functions/:id | Get a function by ID |
| POST | /api/functions | Create a new function |
| PUT | /api/functions/:id | Update a function |
| DELETE | /api/functions/:id | Delete a function |
| PUT | /api/functions/:id/enable | Enable a function |
| PUT | /api/functions/:id/disable | Disable a function |
Code Files
Section titled “Code Files”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/files | List all files in code directory |
| GET | /api/files/:path | Get file content |
| POST | /api/files/:path | Create a new file |
| PUT | /api/files/:path | Create or update a file |
| DELETE | /api/files/:path | Delete a file |
Notes:
- File paths are URL-encoded (use
%2Ffor nested paths) - GET supports content negotiation - use
Accept: application/jsonfor JSON envelope with metadata - POST returns 201 (created), fails with 409 if file exists
- PUT returns 201 (created) or 200 (updated)
- Returns 413 if file exceeds configured max size (default 50 MB)
Upload content formats (POST/PUT):
# JSON bodycurl -X PUT -H "X-API-Key: key" -H "Content-Type: application/json" \ -d '{"content": "file contents", "encoding": "utf-8"}' \ http://localhost:8000/api/files/example.ts
# Base64 for binary filescurl -X PUT -H "X-API-Key: key" -H "Content-Type: application/json" \ -d '{"content": "base64data...", "encoding": "base64"}' \ http://localhost:8000/api/files/image.png
# Multipart form-datacurl -X PUT -H "X-API-Key: key" \ http://localhost:8000/api/files/example.ts
# Raw binarycurl -X PUT -H "X-API-Key: key" -H "Content-Type: application/octet-stream" \ --data-binary @local-file.bin \ http://localhost:8000/api/files/binary.binAPI Key Groups
Section titled “API Key Groups”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/key-groups | List all API key groups |
| GET | /api/key-groups/:groupId | Get a specific group by ID |
| POST | /api/key-groups | Create a new API key group |
| PUT | /api/key-groups/:groupId | Update a group’s description |
| DELETE | /api/key-groups/:groupId | Delete an empty group |
Note: The management group cannot be deleted. Groups must be empty before deletion.
API Keys
Section titled “API Keys”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/keys | List all API keys (optional ?groupId filter) |
| GET | /api/keys/:keyId | Get a specific API key by ID |
| POST | /api/keys | Create a new API key |
| PUT | /api/keys/:keyId | Update an API key |
| DELETE | /api/keys/:keyId | Delete an API key |
Secrets
Section titled “Secrets”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/secrets | List all secrets (with optional filtering) |
| GET | /api/secrets/:id | Get a secret by ID |
| GET | /api/secrets/by-name/:name | Search secrets by name |
| POST | /api/secrets | Create a new secret |
| PUT | /api/secrets/:id | Update a secret |
| DELETE | /api/secrets/:id | Delete a secret |
Query parameters for listing:
scope- Filter by scope (global, function, group, key)functionId- Filter by function IDgroupId- Filter by key group IDkeyId- Filter by API key IDincludeValues=true- Include decrypted values (default: false)
Creating a secret:
curl -X POST \ -H "X-API-Key: your-key" \ -H "Content-Type: application/json" \ -d '{ "name": "DATABASE_URL", "value": "postgresql://...", "scope": "global", "comment": "Main database connection" }' \ http://localhost:8000/api/secretsScopes: Secrets support hierarchical scopes (key > group > function > global). More specific scopes override general ones.
User Management
Section titled “User Management”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/users | List all users |
| GET | /api/users/:id | Get a user by ID |
| POST | /api/users | Create a new user |
| PUT | /api/users/:id | Update a user (password, roles) |
| DELETE | /api/users/:id | Delete a user |
Note: Cannot delete your own account. First user created has permanent admin access.
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/logs | Query logs with pagination and filtering |
| DELETE | /api/logs/:functionId | Delete all logs for a function |
Query parameters:
functionId- Filter by function ID (omit for all functions)level- Filter by log level (comma-separated: log, debug, info, warn, error, trace, stdout, stderr, exec_start, exec_end, exec_reject)limit- Results per page (1-1000, default: 50)cursor- Pagination cursor from previous response
Response includes pagination:
{ "data": { "logs": [...], "pagination": { "limit": 50, "hasMore": true, "next": "/api/logs?limit=50&cursor=..." } }}Metrics
Section titled “Metrics”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/metrics | Query aggregated execution metrics |
Required query parameter:
resolution- Time resolution:minutes(last 60),hours(last 24), ordays(configurable retention)
Optional query parameter:
functionId- Filter by function ID (omit for global metrics)
Example:
curl -H "X-API-Key: your-key" \ "http://localhost:8000/api/metrics?resolution=hours&functionId=1"Returns time-series data with execution counts, avg/max execution times, and summary statistics.
Settings
Section titled “Settings”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/settings | Get all settings (global + user if authenticated) |
| PUT | /api/settings | Update multiple settings atomically |
Updating settings:
curl -X PUT \ -H "X-API-Key: your-key" \ -H "Content-Type: application/json" \ -d '{ "settings": { "log.level": "info", "metrics.retention-days": "30" } }' \ http://localhost:8000/api/settingsSettings are managed through the web UI. See the Settings page for available options.
Encryption Keys
Section titled “Encryption Keys”| Method | Endpoint | Description |
|---|---|---|
| GET | /api/encryption-keys/rotation | Get key rotation status |
| POST | /api/encryption-keys/rotation | Manually trigger key rotation |
Rotation status includes:
- Last rotation timestamp
- Days since last rotation
- Next scheduled rotation
- Current key version
- Whether rotation is in progress
Manual rotation: Re-encrypts all secrets, API keys, and settings. Can take time with large datasets.
Function Execution
Section titled “Function Execution”Functions are executed via the /run prefix:
# Call a function at /hellocurl http://localhost:8000/run/hello
# With API keycurl -H "X-API-Key: your-api-key" http://localhost:8000/run/users/123
# POST with bodycurl -X POST -H "X-API-Key: your-api-key" \ -H "Content-Type: application/json" \ -d '{"name": "John"}' \ http://localhost:8000/run/users
# API key in query param (avoid)curl http://localhost:8000/run/hello?api_key=your-api-key