ToolHive API (1.0)

Download OpenAPI specification:Download

This is the ToolHive API server.

system

Get OpenAPI specification

Returns the OpenAPI specification for the API

Responses

Response samples

200

Content type

application/json

{ }

Health check

Check if the API is healthy

Responses

Response samples

204

Content type

application/json

"string"

clients

List all clients

List all registered clients in ToolHive

Responses

Response samples

200

Content type

application/json

[{"name": "string"
}
]

Register a new client

Register a new client with ToolHive

Request Body schema: application/json
required

Client to register

name	string Name is the type of the client to register.

Responses

Request samples

Payload

Content type

application/json

{"name": "string"
}

Response samples

200
400

Content type

application/json

{"name": "string"
}

Unregister a client

Unregister a client from ToolHive

path Parameters

name

required

string

Client name to unregister

Responses

Response samples

400

Content type

application/json

"string"

Register multiple clients

Register multiple clients with ToolHive

Request Body schema: application/json
required

Clients to register

names

Array of strings

Names is the list of client names to operate on.

Responses

Request samples

Payload

Content type

application/json

{"names": ["string"
]
}

Response samples

200
400

Content type

application/json

[{"name": "string"
}
]

Unregister multiple clients

Unregister multiple clients from ToolHive

Request Body schema: application/json
required

Clients to unregister

names

Array of strings

Names is the list of client names to operate on.

Responses

Request samples

Payload

Content type

application/json

{"names": ["string"
]
}

Response samples

400

Content type

application/json

"string"

discovery

List all clients status

List all clients compatible with ToolHive and their status

Responses

Response samples

200

Content type

application/json

{"clients": [{"client_type": "string",
"installed": true,
"registered": true
}
]
}

registry

List registries

Get a list of the current registries

Responses

Response samples

200

Content type

application/json

{"registries": [{"last_updated": "string",
"name": "string",
"server_count": 0,
"version": "string"
}
]
}

Add a registry

Add a new registry

Request Body schema: application/json

object

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

501

Content type

application/json

"string"

Remove a registry

Remove a specific registry

path Parameters

name

required

string

Registry name

Responses

Response samples

204
404

Content type

application/json

"string"

Get a registry

Get details of a specific registry

path Parameters

name

required

string

Registry name

Responses

Response samples

200
404

Content type

application/json

{"last_updated": "string",
"name": "string",
"registry": {"last_updated": "string",
"servers": {"property1": {"args": ["string"
],
"custom_metadata": {"property1": null,
"property2": null
},
"description": "string",
"docker_tags": ["string"
],
"env_vars": [{"default": "string",
"description": "string",
"name": "string",
"required": true,
"secret": true
}
],
"image": "string",
"metadata": {"last_updated": "string",
"pulls": 0,
"stars": 0
},
"name": "string",
"permissions": {"name": "string",
"network": {"outbound": {"allow_host": ["string"
],
"allow_port": [0
],
"insecure_allow_all": true
}
},
"read": ["string"
],
"write": ["string"
]
},
"provenance": {"attestation": {"predicate": null,
"predicate_type": "string"
},
"cert_issuer": "string",
"repository_ref": "string",
"repository_uri": "string",
"runner_environment": "string",
"signer_identity": "string",
"sigstore_url": "string"
},
"repository_url": "string",
"status": "string",
"tags": ["string"
],
"target_port": 0,
"tier": "string",
"tools": ["string"
],
"transport": "string"
},
"property2": {"args": ["string"
],
"custom_metadata": {"property1": null,
"property2": null
},
"description": "string",
"docker_tags": ["string"
],
"env_vars": [{"default": "string",
"description": "string",
"name": "string",
"required": true,
"secret": true
}
],
"image": "string",
"metadata": {"last_updated": "string",
"pulls": 0,
"stars": 0
},
"name": "string",
"permissions": {"name": "string",
"network": {"outbound": {"allow_host": ["string"
],
"allow_port": [0
],
"insecure_allow_all": true
}
},
"read": ["string"
],
"write": ["string"
]
},
"provenance": {"attestation": {"predicate": null,
"predicate_type": "string"
},
"cert_issuer": "string",
"repository_ref": "string",
"repository_uri": "string",
"runner_environment": "string",
"signer_identity": "string",
"sigstore_url": "string"
},
"repository_url": "string",
"status": "string",
"tags": ["string"
],
"target_port": 0,
"tier": "string",
"tools": ["string"
],
"transport": "string"
}
},
"version": "string"
},
"server_count": 0,
"version": "string"
}

List servers in a registry

Get a list of servers in a specific registry

path Parameters

name

required

string

Registry name

Responses

Response samples

200
404

Content type

application/json

{"servers": [{"args": ["string"
],
"custom_metadata": {"property1": null,
"property2": null
},
"description": "string",
"docker_tags": ["string"
],
"env_vars": [{"default": "string",
"description": "string",
"name": "string",
"required": true,
"secret": true
}
],
"image": "string",
"metadata": {"last_updated": "string",
"pulls": 0,
"stars": 0
},
"name": "string",
"permissions": {"name": "string",
"network": {"outbound": {"allow_host": ["string"
],
"allow_port": [0
],
"insecure_allow_all": true
}
},
"read": ["string"
],
"write": ["string"
]
},
"provenance": {"attestation": {"predicate": null,
"predicate_type": "string"
},
"cert_issuer": "string",
"repository_ref": "string",
"repository_uri": "string",
"runner_environment": "string",
"signer_identity": "string",
"sigstore_url": "string"
},
"repository_url": "string",
"status": "string",
"tags": ["string"
],
"target_port": 0,
"tier": "string",
"tools": ["string"
],
"transport": "string"
}
]
}

Get a server from a registry

Get details of a specific server in a registry

path Parameters

name required	string Registry name
serverName required	string ImageMetadata name

Responses

Response samples

200
404

Content type

application/json

{"server": {"args": ["string"
],
"custom_metadata": {"property1": null,
"property2": null
},
"description": "string",
"docker_tags": ["string"
],
"env_vars": [{"default": "string",
"description": "string",
"name": "string",
"required": true,
"secret": true
}
],
"image": "string",
"metadata": {"last_updated": "string",
"pulls": 0,
"stars": 0
},
"name": "string",
"permissions": {"name": "string",
"network": {"outbound": {"allow_host": ["string"
],
"allow_port": [0
],
"insecure_allow_all": true
}
},
"read": ["string"
],
"write": ["string"
]
},
"provenance": {"attestation": {"predicate": null,
"predicate_type": "string"
},
"cert_issuer": "string",
"repository_ref": "string",
"repository_uri": "string",
"runner_environment": "string",
"signer_identity": "string",
"sigstore_url": "string"
},
"repository_url": "string",
"status": "string",
"tags": ["string"
],
"target_port": 0,
"tier": "string",
"tools": ["string"
],
"transport": "string"
}
}

secrets

Setup or reconfigure secrets provider

Setup the secrets provider with the specified type and configuration.

Request Body schema: application/json
required

Setup secrets provider request

password	string Password for encrypted provider (optional, can be set via environment variable) TODO Review environment variable for this
provider_type	string Type of the secrets provider (encrypted, 1password, none)

Responses

Request samples

Payload

Content type

application/json

{"password": "string",
"provider_type": "string"
}

Response samples

201
400
500

Content type

application/json

{"message": "string",
"provider_type": "string"
}

Get secrets provider details

Get details of the default secrets provider

Responses

Response samples

200
404
500

Content type

application/json

{"capabilities": {"can_cleanup": true,
"can_delete": true,
"can_list": true,
"can_read": true,
"can_write": true
},
"name": "string",
"provider_type": "string"
}

List secrets

Get a list of all secret keys from the default provider

Responses

Response samples

200
404
405
500

Content type

application/json

{"keys": [{"description": "string",
"key": "string"
}
]
}

Create a new secret

Create a new secret in the default provider (encrypted provider only)

Request Body schema: application/json
required

Create secret request

key	string Secret key name
value	string Secret value

Responses

Request samples

Payload

Content type

application/json

{"key": "string",
"value": "string"
}

Response samples

Content type

application/json

{"key": "string",
"message": "string"
}

Delete a secret

Delete a secret from the default provider (encrypted provider only)

path Parameters

key

required

string

Secret key

Responses

Response samples

204
404
405
500

Content type

application/json

"string"

Update a secret

Update an existing secret in the default provider (encrypted provider only)

path Parameters

key

required

string

Secret key

Request Body schema: application/json
required

Update secret request

value

string

New secret value

Responses

Request samples

Payload

Content type

application/json

{"value": "string"
}

Response samples

200
400
404
405
500

Content type

application/json

{"key": "string",
"message": "string"
}

version

Get server version

Returns the current version of the server

Responses

Response samples

200

Content type

application/json

{"version": "string"
}

workloads

List all workloads

Get a list of all running workloads

query Parameters

all	boolean List all workloads, including stopped ones

Responses

Response samples

200

Content type

application/json

{"workloads": [{"created_at": "string",
"group": "string",
"labels": {"property1": "string",
"property2": "string"
},
"name": "string",
"package": "string",
"port": 0,
"status": "string",
"status_context": "string",
"tool_type": "string",
"tools": ["string"
],
"transport_type": "string",
"url": "string"
}
]
}

Create a new workload

Create and start a new workload

Request Body schema: application/json
required

Create workload request

authz_config	string Authorization configuration
cmd_arguments	Array of strings Command arguments to pass to the container
env_vars	Array of strings Environment variables to set in the container
host	string Host to bind to
image	string Docker image to use
name	string Name of the workload
network_isolation	boolean Whether network isolation is turned on. This applies the rules in the permission profile.
	object (v1.oidcOptions) OIDC configuration options
	object (permissions.Profile) PermissionProfile is the permission profile to use
proxy_mode	string Proxy mode to use
	Array of objects (secrets.SecretParameter) Secret parameters to inject
target_port	integer Port to expose from the container
tools	Array of strings Tools filter
transport	string Transport configuration
volumes	Array of strings Volume mounts

Responses

Request samples

Payload

Content type

application/json

{"authz_config": "string",
"cmd_arguments": ["string"
],
"env_vars": ["string"
],
"host": "string",
"image": "string",
"name": "string",
"network_isolation": true,
"oidc": {"allow_opaque_tokens": true,
"audience": "string",
"client_id": "string",
"issuer": "string",
"jwks_url": "string"
},
"permission_profile": {"name": "string",
"network": {"outbound": {"allow_host": ["string"
],
"allow_port": [0
],
"insecure_allow_all": true
}
},
"read": ["string"
],
"write": ["string"
]
},
"proxy_mode": "string",
"secrets": [{"name": "string",
"target": "string"
}
],
"target_port": 0,
"tools": ["string"
],
"transport": "string",
"volumes": ["string"
]
}

Response samples

201
400
409

Content type

application/json

{"name": "string",
"port": 0
}

Delete a workload

path Parameters

name

required

string

Workload name

Responses

Response samples

202
400
404

Content type

application/json

"string"

Get workload details

Get details of a specific workload

path Parameters

name

required

string

Workload name

Responses

Response samples

200
404

Content type

application/json

{"created_at": "string",
"group": "string",
"labels": {"property1": "string",
"property2": "string"
},
"name": "string",
"package": "string",
"port": 0,
"status": "string",
"status_context": "string",
"tool_type": "string",
"tools": ["string"
],
"transport_type": "string",
"url": "string"
}

Export workload configuration

Export a workload's run configuration as JSON

path Parameters

name

required

string

Workload name

Responses

Response samples

200
404

Content type

application/json

{"audit_config": {"component": "string",
"event_types": ["string"
],
"exclude_event_types": ["string"
],
"include_request_data": true,
"include_response_data": true,
"log_file": "string",
"max_data_size": 0
},
"audit_config_path": "string",
"authz_config": {"cedar": {"entities_json": "string",
"policies": ["string"
]
},
"type": "string",
"version": "string"
},
"authz_config_path": "string",
"base_name": "string",
"cmd_args": ["string"
],
"container_labels": {"property1": "string",
"property2": "string"
},
"container_name": "string",
"debug": true,
"env_vars": {"property1": "string",
"property2": "string"
},
"group": "string",
"host": "string",
"ignore_config": {"loadGlobal": true,
"printOverlays": true
},
"image": "string",
"isolate_network": true,
"jwks_allow_private_ip": true,
"jwks_auth_token_file": "string",
"k8s_pod_template_patch": "string",
"name": "string",
"oidc_config": {"allowOpaqueTokens": true,
"allowPrivateIP": true,
"audience": "string",
"authTokenFile": "string",
"cacertPath": "string",
"clientID": "string",
"issuer": "string",
"jwksurl": "string"
},
"permission_profile": {"name": "string",
"network": {"outbound": {"allow_host": ["string"
],
"allow_port": [0
],
"insecure_allow_all": true
}
},
"read": ["string"
],
"write": ["string"
]
},
"permission_profile_name_or_path": "string",
"port": 0,
"proxy_mode": "string",
"secrets": ["string"
],
"target_host": "string",
"target_port": 0,
"telemetry_config": {"enablePrometheusMetricsPath": true,
"endpoint": "string",
"environmentVariables": ["string"
],
"headers": {"property1": "string",
"property2": "string"
},
"insecure": true,
"samplingRate": 0,
"serviceName": "string",
"serviceVersion": "string"
},
"thv_ca_bundle": "string",
"tools_filter": ["string"
],
"transport": "string",
"volumes": ["string"
]
}

Restart a workload

Restart a running workload

path Parameters

name

required

string

Workload name

Responses

Response samples

202
400
404

Content type

application/json

"string"

Stop a workload

Stop a running workload

path Parameters

name

required

string

Workload name

Responses

Response samples

202
400
404

Content type

application/json

"string"

Delete workloads in bulk

Delete multiple workloads by name

Request Body schema: application/json
required

Bulk delete request

names

Array of strings

Names of the workloads to operate on

Responses

Request samples

Payload

Content type

application/json

{"names": ["string"
]
}

Response samples

202
400

Content type

application/json

"string"

Restart workloads in bulk

Restart multiple workloads by name

Request Body schema: application/json
required

Bulk restart request

names

Array of strings

Names of the workloads to operate on

Responses

Request samples

Payload

Content type

application/json

{"names": ["string"
]
}

Response samples

202
400

Content type

application/json

"string"

Stop workloads in bulk

Stop multiple workloads by name

Request Body schema: application/json
required

Bulk stop request

names

Array of strings

Names of the workloads to operate on

Responses

Request samples

Payload

Content type

application/json

{"names": ["string"
]
}

Response samples

202
400

Content type

application/json

"string"

logs

Get logs for a specific workload

Retrieve at most 100 lines of logs for a specific workload by name.

path Parameters

name

required

string

Workload name

Responses

Response samples

200
404

Content type

application/json

"string"

ToolHive API (1.0)

system

Get OpenAPI specification

Responses

Response samples

Health check

Responses

Response samples

clients

List all clients

Responses

Response samples

Register a new client

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Unregister a client

path Parameters

Responses

Response samples

Register multiple clients

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Unregister multiple clients

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

discovery

List all clients status

Responses

Response samples

registry

List registries

Responses

Response samples

Add a registry

Request Body schema: application/json

Responses

Request samples

Response samples

Remove a registry

path Parameters

Responses

Response samples

Get a registry

path Parameters

Responses

Response samples

List servers in a registry

path Parameters

Responses

Response samples

Get a server from a registry

path Parameters

Responses

Response samples

secrets

Setup or reconfigure secrets provider

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get secrets provider details

Responses

Response samples

List secrets

Responses

Response samples

Create a new secret

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Delete a secret

path Parameters

Responses

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required