* refactor: migrate to fastapi * structure refactor * fix: pyright fix * refactor: improve error handling and public messages in plugin services * feat(api): refactor API client integration and enhance request handling - Updated API client configuration to use a dedicated HTTP client. - Introduced utility functions for generating options, queries, and form data for API requests. - Refactored multiple API methods to utilize the new utility functions for improved consistency and readability. - Renamed types for clarity and updated import statements accordingly. feat(docs): add script to update OpenAPI JSON from YAML spec - Created a Python script to convert OpenAPI YAML specification to JSON format. - The script supports customizable input and output paths. - Ensured the script handles directory creation for output paths and validates the YAML structure. * fix * feat(auth): implement rate limiting for v1 login endpoint and enhance request handling * Refactor dashboard API routers to use legacy_router for backward compatibility - Changed all instances of dashboard_router to legacy_router across multiple API modules including platform, plugins, providers, sessions, skills, stats, subagents, t2i, tools, updates, and asgi_runtime. - Updated route definitions to ensure existing endpoints remain functional under the new router structure. - Introduced support for Quart request context in asgi_runtime to enhance compatibility with existing Quart-based plugins. - Added a test case to validate the functionality of the new Quart request context handling in plugin extensions. * chore: remove cli test * fix: update dashboard tests for fastapi migration * chore: satisfy ruff checks * fix: update openapi api key scopes * fix: sync config scope chip selection * fix: restore quart dependency * docs: clarify quart plugin api compatibility * docs: update openapi scope documentation * fix: use singular skill openapi scope * fix: hide update service exception details * fix: address fastapi review comments * fix: address dashboard review findings * docs: revert unrelated package deployment changes * docs: update agent api generation guidance * feat: add plugin page web api helpers * docs: add plugin page bridge demo * fix: type plugin upload files * fix: stabilize plugin page uploads * fix: type plugin web request proxy * docs: remove plugin page docs example * fix: authenticate plugin page SSE bridge
6.4 KiB
outline
| outline |
|---|
| deep |
AstrBot HTTP API
Starting from v4.18.0, AstrBot provides API Key based HTTP APIs for programmatic access.
Quick Start
- Create an API key in WebUI - Settings.
- Include the API key in request headers:
Authorization: Bearer abk_xxx
Also supported:
X-API-Key: abk_xxx
- For chat endpoints,
usernameis required:
POST /api/v1/chat: request body must includeusernameGET /api/v1/chat/sessions: query params must includeusername
The local OpenAPI schema is available at http://localhost:6185/api/v1/openapi.json, and the interactive docs are available at http://localhost:6185/api/v1/docs.
Scope Permissions
When creating an API Key, you can configure scopes. Each scope controls the range of accessible endpoints:
| Scope | Purpose | Accessible Endpoints |
|---|---|---|
bot |
Manage bot/platform configurations | GET /api/v1/bot-types, GET/POST /api/v1/bots, PATCH /api/v1/bots/enabled |
provider |
Manage model providers and provider sources | GET/POST /api/v1/providers, GET/PUT/DELETE /api/v1/provider-sources/by-id |
persona |
Manage personas and persona folders | GET/POST /api/v1/personas, GET/POST /api/v1/persona-folders |
im |
Send proactive IM messages and query bot/platform list | POST /api/v1/im/message, GET /api/v1/im/bots |
config |
Manage config profiles, system config, and shared configuration. This scope also includes bot and provider access. |
GET /api/v1/configs, GET/PUT /api/v1/system-config, GET/POST /api/v1/config-profiles |
chat |
Access chat capabilities and query sessions | POST /api/v1/chat, GET /api/v1/chat/sessions |
plugin |
Manage plugins, plugin config, plugin sources, and marketplace entries | GET /api/v1/plugins, GET/PUT /api/v1/plugins/config, POST /api/v1/plugins/install/url |
mcp |
Manage MCP server configurations and provider sync | GET/POST /api/v1/mcp/servers, PATCH /api/v1/mcp/servers/{server_name}/enabled, POST /api/v1/mcp/providers/modelscope/sync |
skill |
Manage skills, skill archives, skill files, and Shipyard Neo skill workflows | GET/POST /api/v1/skills, PUT /api/v1/skills/{skill_name}/files/{file_path}, POST /api/v1/skills/neo/sync |
If the API Key does not include the required scope for the target endpoint, the request will return 403 Insufficient API key scope.
config is a broad management scope. When an API key is created with config, AstrBot grants the key config, bot, and provider access together. The WebUI mirrors this dependency: selecting config selects bot and provider; deselecting bot or provider removes config.
Developer API keys currently support only the 9 scopes listed above. file, tool, skills, kb, data, and system are not valid developer API key scopes. Use the singular skill scope for /api/v1/skills/* endpoints. Related endpoints may still appear in the /api/v1 reference, but they are not available to developer API keys unless their scope is one of the supported scopes above.
Common Endpoints
Chat
Interact with AstrBot's built-in Agent. Supports plugin calls, tool calls, and other capabilities — consistent with IM-side chat.
POST /api/v1/chat: send chat message (SSE stream, server generates UUID whensession_idis omitted)GET /api/v1/chat/sessions: list sessions for a specificusernamewith paginationGET /api/v1/configs: list available config files
Bots and Providers
GET /api/v1/bots: list bot/platform configurationsPOST /api/v1/bots: create a bot/platform configurationGET /api/v1/providers: list model provider configurationsGET /api/v1/provider-sources: list provider source configurations
Personas, Plugins, MCP, and Skills
GET /api/v1/personas: list personasGET /api/v1/plugins: list pluginsGET /api/v1/mcp/servers: list MCP serversGET /api/v1/skills: list skills
Proactive IM Messages
POST /api/v1/im/message: send a proactive message via UMOGET /api/v1/im/bots: list bot/platform IDs
message Field Format (Important)
The message field in POST /api/v1/chat and POST /api/v1/im/message supports two formats:
- String: plain text message
- Array: message segments (message chain)
1. Plain Text Format
{
"message": "Hello"
}
2. Message Segment Array Format
{
"message": [
{ "type": "plain", "text": "Please see this file" },
{ "type": "file", "attachment_id": "9a2f8c72-e7af-4c0e-b352-111111111111" }
]
}
Supported type values:
| type | Required Fields | Optional Fields | Description |
|---|---|---|---|
plain |
text |
- | Text segment |
reply |
message_id |
selected_text |
Quote-reply a message |
image |
attachment_id |
- | Image attachment segment |
record |
attachment_id |
- | Audio attachment segment |
file |
attachment_id |
- | Generic file segment |
video |
attachment_id |
- | Video attachment segment |
- The
replysegment is currently only supported for/api/v1/chat, not forPOST /api/v1/im/message.
Notes:
attachment_idcomes from an existing attachment record. Developer API keys cannot currently upload attachments viaPOST /api/v1/file.replycannot be the only segment; at least one content segment (e.g.plain/image/file/...) is required.- A request with only
replyor empty content will return an error.
message Usage in Chat API
POST /api/v1/chat additionally requires username, with optional session_id (a UUID is auto-generated if omitted).
{
"username": "alice",
"session_id": "my_session_001",
"message": [
{ "type": "plain", "text": "Please summarize this PDF" },
{ "type": "file", "attachment_id": "9a2f8c72-e7af-4c0e-b352-111111111111" }
],
"enable_streaming": true
}
message Usage in IM Message API
POST /api/v1/im/message requires umo + message.
{
"umo": "webchat:FriendMessage:openapi_probe",
"message": [
{ "type": "plain", "text": "This is a proactive message" },
{ "type": "image", "attachment_id": "9a2f8c72-e7af-4c0e-b352-222222222222" }
]
}
Example
curl -N 'http://localhost:6185/api/v1/chat' \
-H 'Authorization: Bearer abk_xxx' \
-H 'Content-Type: application/json' \
-d '{"message":"Hello","username":"alice"}'
Full API Reference
Use the interactive docs: