Skip to content

API Reference

The platform provides a REST API for all operations. Full endpoint documentation is generated from the OpenAPI specification.

For browsing the documented API spec:

  • Swagger UI -- Interactive endpoint explorer with request/response schemas
  • ReDoc -- Alternative API reference in a clean reading format

For the live spec from your running deployment:

  • /api/docs -- Available on your platform host; always matches the version you're running

The static views above are pinned to the openapi.json shipped with this docs site. The live view reflects whatever code is actually deployed on your platform.

Authentication

All API endpoints require authentication. The API accepts two types of Bearer tokens:

Option 1: Authentik API Token (simplest)

Use the Authentik API token directly as a Bearer token. The platform validates it against Authentik and resolves the bound user's identity and group memberships automatically.

  1. Obtain an API token from a Jaxon platform administrator. See Creating a Service Account and API Token for step-by-step instructions.

  2. Include both headers on every API request:

    curl -k https://<host>/api/v1/projects \
  -H "Authorization: Bearer <api-token>" \
  -H "X-Jaxon-Active-Group: <group-name>"

    For development environments with the default service account:

    curl -k https://<host>/api/v1/projects \
  -H "Authorization: Bearer jaxon-dev-api-key" \
  -H "X-Jaxon-Active-Group: Jaxon Users"

API tokens do not expire unless configured to do so in Authentik.

Option 2: OAuth 2.0 JWT Access Token

For integrations that already have an OAuth 2.0 flow (e.g., the Jaxon UI uses PKCE), JWT access tokens obtained from the Authentik OIDC provider are also accepted:

curl -k https://<host>/api/v1/projects \
  -H "Authorization: Bearer <jwt-access-token>" \
  -H "X-Jaxon-Active-Group: <group-name>"

JWT access tokens expire after 1 hour.

Required Headers

Header Required Description
Authorization Yes Bearer token (Authentik API token or JWT access token)
X-Jaxon-Active-Group Yes The Authentik group to use as the active context for the request. The authenticated user must be a member of this group.