Agent API Reference
The Agent API is the primary interface for policy enforcement and AI agent execution. All endpoints use HTTPS with JSON payloads.
Base URL
https://YOUR_AGENT_ENDPOINT
Get your endpoint from CloudFormation stack outputs after deployment.
Authentication
All API requests require authentication using Bearer tokens:
Authorization: Bearer YOUR_API_KEY
Generate API keys via the admin API or AWS Secrets Manager.
Health Endpoints
GET /health
Check Agent service health.
Request:
curl -X GET https://YOUR_AGENT_ENDPOINT/health
Response (200 OK):
{
  "status": "healthy",
  "version": "1.0.0",
  "components": {
    "database": "connected",
    "orchestrator": "reachable"
  },
  "timestamp": "2025-10-23T10:30:00Z",
  "uptime_seconds": 86400
}
Response (503 Service Unavailable):
{
  "status": "unhealthy",
  "components": {
    "database": "disconnected",
    "orchestrator": "reachable"
  },
  "errors": ["Database connection timeout"]
}
Policy Endpoints
POST /api/v1/policies
Create or update a policy.
Request:
curl -X POST https://YOUR_AGENT_ENDPOINT/api/v1/policies \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/yaml" \
  --data-binary @policy.yaml
Request Body (YAML):
apiVersion: axonflow.io/v1
kind: Policy
metadata:
  name: rate-limit-per-user
spec:
  type: rate-limit
  priority: 100
  rules:
    - limit: 100
      window: 60s
      scope: user
Response (201 Created):
{
  "id": "pol_abc123",
  "name": "rate-limit-per-user",
  "version": 1,
  "status": "active",
  "created_at": "2025-10-23T10:30:00Z"
}
GET /api/v1/policies
List all policies.
Request:
curl -X GET https://YOUR_AGENT_ENDPOINT/api/v1/policies \
  -H "Authorization: Bearer YOUR_API_KEY"
Query Parameters:
| Parameter | Type | Description | Default | 
|---|---|---|---|
| type | string | Filter by policy type | all | 
| enabled | boolean | Filter by enabled status | all | 
| limit | integer | Max results | 100 | 
| offset | integer | Pagination offset | 0 | 
Response (200 OK):
{
  "policies": [
    {
      "id": "pol_abc123",
      "name": "rate-limit-per-user",
      "type": "rate-limit",
      "priority": 100,
      "enabled": true,
      "version": 1,
      "created_at": "2025-10-23T10:30:00Z",
      "updated_at": "2025-10-23T10:30:00Z"
    }
  ],
  "total": 1,
  "limit": 100,
  "offset": 0
}
GET /api/v1/policies/{policy_id}
Get specific policy details.
Request:
curl -X GET https://YOUR_AGENT_ENDPOINT/api/v1/policies/pol_abc123 \
  -H "Authorization: Bearer YOUR_API_KEY"
Response (200 OK):
apiVersion: axonflow.io/v1
kind: Policy
metadata:
  name: rate-limit-per-user
  id: pol_abc123
  version: 1
  created_at: 2025-10-23T10:30:00Z
spec:
  type: rate-limit
  priority: 100
  rules:
    - limit: 100
      window: 60s
      scope: user
DELETE /api/v1/policies/{policy_id}
Delete a policy.
Request:
curl -X DELETE https://YOUR_AGENT_ENDPOINT/api/v1/policies/pol_abc123 \
  -H "Authorization: Bearer YOUR_API_KEY"
Response (204 No Content)
POST /api/v1/policies/validate
Validate policy syntax without creating.
Request:
curl -X POST https://YOUR_AGENT_ENDPOINT/api/v1/policies/validate \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/yaml" \
  --data-binary @policy.yaml
Response (200 OK - Valid):
{
  "valid": true,
  "policy_name": "rate-limit-per-user",
  "warnings": []
}
Response (400 Bad Request - Invalid):
{
  "valid": false,
  "errors": [
    "spec.rules[0].limit: must be positive integer",
    "spec.type: unknown policy type"
  ]
}
MCP Connector Endpoints
POST /api/v1/connectors
Create a new MCP connector.
Request:
curl -X POST https://YOUR_AGENT_ENDPOINT/api/v1/connectors \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-redis",
    "type": "redis",
    "config": {
      "host": "redis.internal.company.com",
      "port": 6379,
      "db": 0,
      "password_secret": "axonflow/redis/password",
      "tls": true
    },
    "permissions": {
      "read": ["cache:*", "session:*"],
      "write": ["cache:temp:*"]
    }
  }'
Response (201 Created):
{
  "id": "conn_abc123",
  "name": "production-redis",
  "type": "redis",
  "status": "active",
  "created_at": "2025-10-23T10:30:00Z"
}
GET /api/v1/connectors
List all connectors.
Request:
curl -X GET https://YOUR_AGENT_ENDPOINT/api/v1/connectors \
  -H "Authorization: Bearer YOUR_API_KEY"
Response (200 OK):
{
  "connectors": [
    {
      "id": "conn_abc123",
      "name": "production-redis",
      "type": "redis",
      "status": "active",
      "health": "healthy",
      "created_at": "2025-10-23T10:30:00Z"
    }
  ],
  "total": 1
}
GET /api/v1/connectors/{connector_id}/health
Check connector health.
Request:
curl -X GET https://YOUR_AGENT_ENDPOINT/api/v1/connectors/conn_abc123/health \
  -H "Authorization: Bearer YOUR_API_KEY"
Response (200 OK):
{
  "connector_id": "conn_abc123",
  "status": "healthy",
  "latency_ms": 5.2,
  "last_check": "2025-10-23T10:35:00Z",
  "details": {
    "connection": "ok",
    "authentication": "ok",
    "permissions": "ok"
  }
}
Agent Execution Endpoints
POST /api/v1/agent/execute
Execute an AI agent task with policy enforcement.
Request:
curl -X POST https://YOUR_AGENT_ENDPOINT/api/v1/agent/execute \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-User-ID: user@company.com" \
  -H "Content-Type: application/json" \
  -d '{
    "task": "search_flights",
    "params": {
      "origin": "JFK",
      "destination": "LAX",
      "date": "2025-11-01"
    },
    "connectors": ["amadeus-gds"],
    "timeout": "30s"
  }'
Response (200 OK):
{
  "execution_id": "exec_xyz789",
  "status": "completed",
  "result": {
    "flights": [
      {
        "flight_number": "AA101",
        "departure": "2025-11-01T08:00:00Z",
        "arrival": "2025-11-01T11:30:00Z",
        "price": 299.99
      }
    ]
  },
  "policy_checks": {
    "evaluated": 5,
    "passed": 5,
    "denied": 0
  },
  "execution_time_ms": 234,
  "timestamp": "2025-10-23T10:30:00Z"
}
Response (403 Forbidden - Policy Violation):
{
  "error": "policy_violation",
  "message": "Rate limit exceeded: 100 requests per minute",
  "policy": "rate-limit-per-user",
  "retry_after": 45
}
Metrics Endpoints
GET /api/v1/metrics
Get current metrics.
Request:
curl -X GET https://YOUR_AGENT_ENDPOINT/api/v1/metrics \
  -H "Authorization: Bearer YOUR_API_KEY"
Response (200 OK):
{
  "agent": {
    "policy_latency_p50": 3.2,
    "policy_latency_p95": 8.7,
    "policy_latency_p99": 12.4,
    "requests_per_second": 45.6,
    "error_rate": 0.02
  },
  "policies": {
    "total": 12,
    "active": 10,
    "evaluations_per_second": 45.6,
    "denials_per_minute": 2
  },
  "connectors": {
    "total": 3,
    "healthy": 3,
    "average_latency_ms": 15.3
  }
}
Error Responses
Standard Error Format
All errors use this format:
{
  "error": "error_code",
  "message": "Human-readable error message",
  "details": {
    "field": "Additional error context"
  },
  "request_id": "req_abc123",
  "timestamp": "2025-10-23T10:30:00Z"
}
Error Codes
| Code | HTTP Status | Description | 
|---|---|---|
| invalid_request | 400 | Malformed request | 
| authentication_failed | 401 | Invalid/missing API key | 
| policy_violation | 403 | Request blocked by policy | 
| not_found | 404 | Resource not found | 
| rate_limit_exceeded | 429 | Too many requests | 
| internal_error | 500 | Server error | 
| service_unavailable | 503 | Service temporarily unavailable | 
Rate Limits
API rate limits (separate from policy-enforced limits):
| Tier | Requests/Second | Burst | 
|---|---|---|
| Pilot | 10 | 20 | 
| Growth | 50 | 100 | 
| Enterprise | 200 | 400 | 
Rate Limit Headers:
X-RateLimit-Limit: 50
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1698057600
Pagination
List endpoints support pagination:
Request:
curl -X GET "https://YOUR_AGENT_ENDPOINT/api/v1/policies?limit=10&offset=20" \
  -H "Authorization: Bearer YOUR_API_KEY"
Response Headers:
X-Total-Count: 150
Link: <https://...?limit=10&offset=30>; rel="next"
Versioning
API version specified in URL: /api/v1/...
Current version: v1
SDKs
Official SDKs available:
- Python: pip install axonflow
- Node.js: npm install @axonflow/sdk
- Go: go get github.com/axonflow/sdk-go
Example (Python):
from axonflow import AxonFlow
client = AxonFlow(
    endpoint="https://YOUR_AGENT_ENDPOINT",
    api_key="YOUR_API_KEY"
)
# Execute agent task
result = client.agent.execute(
    task="search_flights",
    params={"origin": "JFK", "destination": "LAX"},
    connectors=["amadeus-gds"]
)