Shadow APIs use HTTPS and JSON. Send requests to your Shadow service URL and pass authentication in the Authorization header.
Start by choosing the actor for the request. User sessions, personal access tokens, and OAuth access tokens can all call APIs, but they do not grant the same resources or actions.
See Authentication And Permissions for tokens and access boundaries.
| Group | Covers |
|---|---|
| Community | Spaces, channels, messages, threads, DMs, workspace, search, media, and discover. |
| AI | Agents, cloud computers, and official model proxy. |
| Apps | Platform Apps and Space Apps. |
| Social | Friendships, invites, notifications, and profile comments. |
| Commerce | Shop, economy, recharge, and task center. |
| Cloud | Cloud templates, plugins, CLI, SaaS runtime, and low-level deployment APIs. |
Use WebSocket Events when the client needs message, member, or task updates. REST APIs read and write resources; WebSocket events push resource changes to clients.
Clients should handle failures by status code and error code. See Errors for the common response shape, retry boundaries, and common failures.