Skip to content

REST API

Every endpoint is tenant-scoped via the API key (Authorization: Bearer <key>); the tenant is resolved from the key, never from the body. The live, always-current contract is the Swagger UI that palumb-core serves:

GET /api-docs
MethodPathPurpose
POST/v1/eventsFire a trigger: { workflowId, to: { subscriberId } | { topics }, payload? }202
POST/v1/events/:runId/signalDeliver an external event to a waiting step.waitForEvent
MethodPathPurpose
PUT/v1/bridgeRegister/update your Bridge URL; returns a generated signingSecret once
POST/v1/syncDiscover your workflows from the Bridge + arm crons for schedule-triggered ones
POST/v1/digests/:digestId/itemsPush an item into a digest: { workflowId, subscriberId, data, windowSeconds }
MethodPathPurpose
GET/v1/channels/catalogList available channels
GET/v1/channelsList enabled channels (safe view — no secrets)
POST/v1/channelsEnable + configure (idempotent on key)
PATCH/v1/channels/:keyReplace config / toggle enabled
DELETE/v1/channels/:keyRemove
MethodPathPurpose
PUT/v1/subscribers/:externalIdIdentify / upsert a subscriber
DELETE/v1/subscribers/:externalIdDelete a subscriber
PUT/v1/subscribers/:externalId/subscriptions/:topicKeySubscribe
DELETE/v1/subscribers/:externalId/subscriptions/:topicKeyUnsubscribe
PUT/v1/topics/:keyCreate / update a topic
DELETE/v1/topics/:keyDelete a topic
MethodPathPurpose
POST/v1/deliverDeliver a rendered message. Internal: palumb’s engine calls it when your workflow declares a step.send — it is not part of the tenant API.
MethodPathPurpose
GET/health/liveLiveness
GET/health/readyReadiness
GET/health/deepDeep dependency check

Errors follow a naming-to-status convention: not-found → 404, already-exists/constraint → 409, permissions → 403, other domain validation → 422, infrastructure → 500.