API

Shadow APIs use HTTPS and JSON. Send requests to your Shadow service URL and pass authentication in the Authorization header.

https://shadowob.com

Before Calling The API

Start by choosing the actor for the request. User sessions, personal access tokens, and OAuth access tokens can all call APIs, but they do not grant the same resources or actions.

  • User sessions fit Web, Mobile, and desktop user actions.
  • Personal access tokens fit scripts, CLI workflows, and local automation.
  • OAuth access tokens fit third-party apps acting on resources the user authorized.

See Authentication And Permissions for tokens and access boundaries.

Resource Groups

GroupCovers
CommunitySpaces, channels, messages, threads, DMs, workspace, search, media, and discover.
AIAgents, cloud computers, and official model proxy.
AppsPlatform Apps and Space Apps.
SocialFriendships, invites, notifications, and profile comments.
CommerceShop, economy, recharge, and task center.
CloudCloud templates, plugins, CLI, SaaS runtime, and low-level deployment APIs.

Realtime Events

Use WebSocket Events when the client needs message, member, or task updates. REST APIs read and write resources; WebSocket events push resource changes to clients.

Errors

Clients should handle failures by status code and error code. See Errors for the common response shape, retry boundaries, and common failures.