API Overview
Agenda Panda publishes a small discovery layer so agents and automation systems can find the API surface without manual setup.
Discovery endpoints
Section titled “Discovery endpoints”| Resource | Purpose |
|---|---|
/.well-known/api-catalog | RFC 9727 API catalog in application/linkset+json format |
/api/openapi.json | OpenAPI 3.1 description for the core REST API |
/.well-known/oauth-authorization-server | OAuth authorization-server metadata for the device flow |
/.well-known/oauth-protected-resource | Protected resource metadata for the REST API |
/.well-known/mcp/server-card.json | MCP server card for the hosted MCP endpoint |
/.well-known/agent-skills/index.json | Agent Skills discovery index |
/api/health | Lightweight status endpoint |
Authentication model
Section titled “Authentication model”Agenda Panda issues opaque bearer API keys that start with ap_. For agents and other non-interactive clients, the recommended path is:
- Start the device flow with
POST /api/auth/device/code - Open the returned
verification_uri_complete - Poll
POST /api/auth/device/token - Use the returned
access_tokenasAuthorization: Bearer ap_...
Agenda Panda currently supports one broad scope:
accountThat scope maps to the same account-level access the issuing user has in the product today.
REST and MCP
Section titled “REST and MCP”- The REST API is rooted at
/api - The hosted MCP endpoint is
/mcp - Human-oriented API docs live here under
/docs/api/ - Agents that need setup or CLI workflow guidance should fetch
/SKILL.md
Notes for product teams
Section titled “Notes for product teams”- The discovery endpoints are intended to reduce custom onboarding for coding agents and CI systems.
ai-trainis disabled inrobots.txt, while search indexing and AI input are allowed so assistants can safely read the public docs and product pages.- OAuth metadata advertises the existing device-based API-key flow rather than a JWT/OIDC stack, because that is the auth contract the product actually supports today.