BAISE Agent API Docs
docs.pau1.cloud · Private Agent Gateway · Scoped API Keys

APIs, Hooks und Friend-Keys verständlich dokumentiert.

Dieses Wiki ist der menschliche Einstieg in Pauls API-Schicht. Links ist die hierarchische Navigation, rechts stehen Konzept, Auth, Scopes, konkrete Endpoints, JSON-Beispiele und cURL-Kommandos.

Base URL

https://docs.pau1.cloud

Alle öffentlichen Beispiele verwenden diese Domain. Lokal läuft die App auf 127.0.0.1:8096.

Auth

Bearer oder X-API-Key

Freunde bekommen begrenzte Tokens. Admin-Rechte bleiben getrennt.

OpenAPI

Maschinenlesbar

Swagger, ReDoc und OpenAPI JSON sind parallel verfügbar.

Authentication

Jeder private Endpoint erwartet einen API-Key. Es gibt zwei gleichwertige Header-Varianten:

Bearer Token

Authorization: Bearer $TOKEN

X-API-Key

X-API-Key: $TOKEN
Wichtig: Tokens werden serverseitig nur als SHA-256 Hash gespeichert. Raw Tokens werden nur einmal bei Erstellung ausgegeben.

Scopes

Scopes sind bewusst klein. Ein Freund bekommt nicht „die API“, sondern nur einzelne Fähigkeiten.

agent:echo

Integrationstest

Echo-Service zum Prüfen von Auth und JSON.

agent:brief

Briefing

Erstellt kompakte Briefings aus Text.

tools:summarize

Summary Tool

Deterministische Textzusammenfassung.

webhook:test

Webhook Test

Empfängt Testevents und Payloads.

integrations:parlant

Parlant

OpenAPI Connector für Parlant.

integrations:supertonic

Supertonic

Token-sichere OpenAPI Connector Details für Supertonic.

admin:keys

Key Admin

Erstellen, auditieren und widerrufen von Keys.

Friend-Key Modell

So gibst du Freunden gezielt Zugriff, ohne dein Agent-System komplett zu öffnen.

1 · Minimal geben

Nur die Scopes vergeben, die wirklich gebraucht werden. Beispiel: agent:brief + tools:summarize.

2 · Rate Limit setzen

Für Freunde z.B. 30 Requests/Minute. Für Admins höher.

3 · Token sicher teilen

Raw Token wird nur einmal erzeugt. Danach nur noch Fingerprint sichtbar.

4 · Revoken statt diskutieren

Wenn ein Token leakt oder zu breit ist: löschen und neu erstellen.

curl -X POST https://docs.pau1.cloud/v1/admin/keys \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"owner":"friend@example","scopes":["agent:brief","tools:summarize"],"note":"limited friend key","rate_limit_per_minute":30}'

Hooks Roadmap

Aktuell gibt es einen sicheren Test-Hook. Produktions-Hooks sollten später je Integration eigene Scopes und Signaturen bekommen.

webhook:test

Jetzt live

Testempfänger für JSON Events.

webhook:stripe

Später

Stripe Events mit Signaturprüfung.

webhook:meta

Später

Meta/Ads Lead- oder Conversion-Hooks.

webhook:n8n

Später

n8n Workflows triggern.

agent:task

Später

Beschränkte agentische Aufgaben mit Queue und Kostenlimit.

Endpoint Reference

Alle aktuellen Endpoints mit Zweck, Scope, Request/Response und kopierbarem cURL.

GET /health
scope: public

Health Check

Simple uptime check for monitors, Traefik, and humans. Does not require an API key.

AuthNone
Use caseUse this before debugging anything else. If this is not 200, the service or routing is down.
Base URLhttps://docs.pau1.cloud
Response JSON
{
  "ok": true,
  "service": "agent-api-hub",
  "time": "2026-05-23T21:00:00+00:00"
}
cURL
curl https://docs.pau1.cloud/health
Notes
  • Safe to expose publicly.
  • No private data is returned.
GET /v1/me
scope: any valid key

Who am I?

Returns the current API key identity, granted scopes, and rate limit.

AuthAPI key required
Use caseUse this after giving someone a key so they can verify which permissions they received.
Base URLhttps://docs.pau1.cloud
Response JSON
{
  "key_id": "key_abc123",
  "owner": "friend-demo",
  "scopes": [
    "agent:brief",
    "tools:summarize"
  ],
  "limits": {
    "rate_limit_per_minute": 30
  }
}
cURL
curl -H "Authorization: Bearer $TOKEN" https://docs.pau1.cloud/v1/me
Notes
  • Does not reveal the raw token.
  • Works with Authorization Bearer or X-API-Key.
GET /v1/services
scope: any valid key

Visible Services

Lists only the services that the current key is allowed to call.

AuthAPI key required
Use caseUse this in clients or friend dashboards to dynamically show available actions.
Base URLhttps://docs.pau1.cloud
Response JSON
{
  "services": [
    {
      "id": "agent.brief",
      "name": "Agent Brief",
      "required_scope": "agent:brief",
      "method": "POST",
      "path": "/v1/agent/brief"
    }
  ]
}
cURL
curl -H "X-API-Key: $TOKEN" https://docs.pau1.cloud/v1/services
Notes
  • Admin-only endpoints appear only if the key has admin:keys.
  • This is the cleanest discovery endpoint for external users.
POST /v1/agent/echo
scope: agent:echo

Agent Echo

Returns the submitted message and metadata unchanged. Useful for testing auth, JSON shape, and client plumbing.

AuthAPI key required
Use caseUse as the first integration test before using more valuable agentic services.
Base URLhttps://docs.pau1.cloud
Request JSON
{
  "message": "Hello Paul",
  "metadata": {
    "source": "demo-client"
  }
}
Response JSON
{
  "message": "Hello Paul",
  "metadata": {
    "source": "demo-client"
  },
  "echoed_at": "2026-05-23T21:00:00+00:00"
}
cURL
curl -X POST https://docs.pau1.cloud/v1/agent/echo \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"message":"Hello Paul","metadata":{"source":"demo-client"}}'
Notes
  • No external LLM call.
  • Good smoke test for friend keys.
POST /v1/agent/brief
scope: agent:brief

Agent Brief

Creates a deterministic brief from supplied text: compact summary, bullets, and word count.

AuthAPI key required
Use caseUse when a friend/customer wants a small summary/briefing service without giving broad agent access.
Base URLhttps://docs.pau1.cloud
Request JSON
{
  "title": "Meeting notes",
  "text": "Long text goes here...",
  "bullets": 5
}
Response JSON
{
  "title": "Meeting notes",
  "summary": "Compact summary...",
  "bullets": [
    "Key point one",
    "Key point two"
  ],
  "word_count": 420
}
cURL
curl -X POST https://docs.pau1.cloud/v1/agent/brief \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"title":"Meeting notes","text":"FastAPI exposes scoped APIs. Friend keys only get selected services.","bullets":3}'
Notes
  • Current implementation is local/deterministic, not a paid LLM call.
  • Text limit: 30,000 characters. Bullets: 1-10.
POST /v1/tools/summarize
scope: tools:summarize

Extractive Summarizer

Ranks sentences by keyword frequency and returns the strongest sentences as a summary.

AuthAPI key required
Use caseUse for small articles, pasted notes, message cleanup, and cheap deterministic summarization.
Base URLhttps://docs.pau1.cloud
Request JSON
{
  "text": "Sentence one. Sentence two. Sentence three.",
  "sentences": 3
}
Response JSON
{
  "summary": "Sentence one. Sentence three.",
  "selected_sentences": [
    "Sentence one.",
    "Sentence three."
  ],
  "sentence_count": 2
}
cURL
curl -X POST https://docs.pau1.cloud/v1/tools/summarize \
  -H "X-API-Key: $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"text":"APIs need docs. Docs need examples. Examples reduce support.","sentences":2}'
Notes
  • No external network calls.
  • Text limit: 30,000 characters. Sentences: 1-10.
POST /v1/webhook/test
scope: webhook:test

Webhook Test Receiver

Receives a named event with arbitrary JSON payload and returns a timestamped receipt.

AuthAPI key required
Use caseUse this before connecting Stripe, Meta, Telegram, n8n, Postiz, or custom friend automations.
Base URLhttps://docs.pau1.cloud
Request JSON
{
  "event": "demo.created",
  "payload": {
    "user": "friend-demo",
    "value": 123
  }
}
Response JSON
{
  "ok": true,
  "event": "demo.created",
  "payload": {
    "user": "friend-demo",
    "value": 123
  },
  "received_at": "2026-05-23T21:00:00+00:00"
}
cURL
curl -X POST https://docs.pau1.cloud/v1/webhook/test \
  -H "Authorization: Bearer *** \
  -H "Content-Type: application/json" \
  -d '{"event":"demo.created","payload":{"user":"friend-demo","value":123}}'
Notes
  • Currently a receipt/test endpoint, not a queue.
  • Future production hooks should add signature verification.
POST /v1/voice/elevenlabs/initiation
scope: X-ElevenLabs-Webhook-Secret optional

ElevenLabs Conversation Initiation

Returns ElevenLabs conversation-initiation client data for inbound phone calls.

AuthAPI key required
Use caseUse as the ElevenLabs/Twilio inbound personalization webhook so the caller hears the Hermes greeting and tool prompt.
Base URLhttps://docs.pau1.cloud
Request JSON
{
  "caller_id": "+491234",
  "called_number": "+4989123",
  "call_sid": "CA123"
}
Response JSON
{
  "type": "conversation_initiation_client_data",
  "dynamic_variables": {
    "caller_id": "+491234",
    "call_sid": "CA123"
  }
}
cURL
curl -X POST https://docs.pau1.cloud/v1/voice/elevenlabs/initiation -H "X-ElevenLabs-Webhook-Secret: ***" -H "Content-Type: application/json" -d '{"caller_id":"+491234","call_sid":"CA123"}'
Notes
  • Uses HTTPS only.
  • Set ELEVENLABS_WEBHOOK_SECRET to require the header.
POST /v1/voice/hermes-command
scope: voice:hermes

Hermes Phone Command Bridge

Starts a Hermes /v1/runs task from an ElevenLabs server tool and returns run status/output.

AuthAPI key required
Use caseUse as the ElevenLabs server tool runHermesCommand when the caller asks Hermes to do real work.
Base URLhttps://docs.pau1.cloud
Request JSON
{
  "command": "Check the server health",
  "caller_id": "+491234",
  "call_sid": "CA123",
  "wait_seconds": 45
}
Response JSON
{
  "ok": true,
  "status": "completed",
  "run_id": "run_abc",
  "session_id": "elevenlabs:CA123",
  "output": "Done",
  "message": "Hermes finished."
}
cURL
curl -X POST https://docs.pau1.cloud/v1/voice/hermes-command -H "X-API-Key: $TOKEN" -H "Content-Type: application/json" -d '{"command":"Check the server health","wait_seconds":10}'
Notes
  • Requires a scoped API Hub key with voice:hermes.
  • Backed by Hermes API server /v1/runs on localhost.
GET /v1/integrations/elevenlabs-phone
scope: integrations:elevenlabs-phone

ElevenLabs Phone Integration

Returns token-safe setup payloads for wiring ElevenLabs phone calls to Hermes.

AuthAPI key required
Use caseUse before configuring the ElevenLabs dashboard/API to copy the public URLs, prompt, and server-tool schema.
Base URLhttps://docs.pau1.cloud
Response JSON
{
  "service_name": "tom-elevenlabs-phone-hermes",
  "hermes_tool_url": "https://docs.pau1.cloud/v1/voice/hermes-command"
}
cURL
curl -H "X-API-Key: $TOKEN" https://docs.pau1.cloud/v1/integrations/elevenlabs-phone
Notes
  • Token-safe: raw API keys are never returned.
  • Actual phone-number creation still requires a valid ElevenLabs API key and Twilio/Exotel/SIP credentials.
GET /v1/integrations/parlant
scope: integrations:parlant

Parlant OpenAPI Connector

Returns the exact OpenAPI service payload needed to register this API Hub as a Parlant tool service.

AuthAPI key required
Use caseUse when connecting docs.pau1.cloud to a Parlant agent. Parlant supports openapi, mcp, and sdk services; this hub exposes OpenAPI.
Base URLhttps://docs.pau1.cloud
Response JSON
{
  "service_name": "paul-api-hub",
  "parlant_update_service_payload": {
    "kind": "openapi",
    "openapi": {
      "url": "https://docs.pau1.cloud",
      "source": "https://docs.pau1.cloud/openapi.json"
    }
  }
}
cURL
curl -H "Authorization: Bearer *** https://docs.pau1.cloud/v1/integrations/parlant
Notes
  • Register with Parlant via PUT $PARLANT_URL/services/paul-api-hub.
  • Give Parlant a scoped API Hub token for protected tool calls.
GET /v1/integrations/supertonic
scope: integrations:supertonic

Supertonic OpenAPI Connector

Returns token-safe OpenAPI connection details for registering this API Hub with Supertonic.

AuthAPI key required
Use caseUse when connecting docs.pau1.cloud to Supertonic via OpenAPI without exposing raw API tokens.
Base URLhttps://docs.pau1.cloud
Response JSON
{
  "service_name": "paul-api-hub",
  "kind": "openapi",
  "supertonic_integration_payload": {
    "kind": "openapi",
    "openapi": {
      "url": "https://docs.pau1.cloud",
      "source": "https://docs.pau1.cloud/openapi.json"
    },
    "auth": {
      "type": "api_key",
      "headers": {
        "Authorization": "Bearer ***",
        "X-API-Key": "***"
      }
    },
    "voice_policy": {
      "default_voice": "F4",
      "fallback_voices": [],
      "note": "No Edge fallback or substitute voices."
    },
    "runtime": {
      "preferred_server": "local loopback supertonic serve",
      "health_path": "/health",
      "speech_path": "/v1/text-to-speech"
    }
  }
}
cURL
curl -H "Authorization: Bearer ***" https://docs.pau1.cloud/v1/integrations/supertonic
Notes
  • Token-safe: examples use placeholders only.
  • Default voice policy keeps F4 and no Edge/substitute fallback; custom voices require consent/provenance.
GET /v1/admin/keys
scope: admin:keys

List API Keys

Returns metadata for all known keys: owner, scopes, creation time, revocation state, rate limit, and fingerprint.

AuthAPI key required
Use caseUse to audit which friends/customers have access. Never shows raw tokens.
Base URLhttps://docs.pau1.cloud
Response JSON
[
  {
    "id": "key_abc123",
    "owner": "Paul Admin",
    "scopes": [
      "admin:keys",
      "agent:brief"
    ],
    "revoked_at": null,
    "rate_limit_per_minute": 300,
    "fingerprint": "sha256:abcd1234"
  }
]
cURL
curl -H "Authorization: Bearer $ADMIN_TOKEN" https://docs.pau1.cloud/v1/admin/keys
Notes
  • Admin scope required.
  • Friend keys correctly receive 403 here.
POST /v1/admin/keys
scope: admin:keys

Create Scoped API Key

Creates a new scoped key for a friend, customer, service, or integration. Raw token is returned once.

AuthAPI key required
Use caseUse when you want someone to access exactly one or a few services, not the whole agent.
Base URLhttps://docs.pau1.cloud
Request JSON
{
  "owner": "friend@example",
  "scopes": [
    "agent:brief",
    "tools:summarize"
  ],
  "note": "limited friend key",
  "rate_limit_per_minute": 30
}
Response JSON
{
  "token": "bah_live_generated_once",
  "key": {
    "id": "key_abc123",
    "owner": "friend@example",
    "scopes": [
      "agent:brief",
      "tools:summarize"
    ],
    "fingerprint": "sha256:abcd1234"
  }
}
cURL
curl -X POST https://docs.pau1.cloud/v1/admin/keys \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"owner":"friend@example","scopes":["agent:brief","tools:summarize"],"note":"limited friend key","rate_limit_per_minute":30}'
Notes
  • Copy the returned token immediately; it is not shown again.
  • Store friend/customer tokens outside chat unless intentionally sharing.
DELETE /v1/admin/keys/{key_id}
scope: admin:keys

Revoke API Key

Revokes a key by ID. Revoked keys can no longer authenticate.

AuthAPI key required
Use caseUse immediately if a key was shared too broadly, leaked, or a friend/customer should lose access.
Base URLhttps://docs.pau1.cloud
Response JSON
{
  "id": "key_abc123",
  "revoked": true,
  "revoked_at": "2026-05-23T21:00:00+00:00"
}
cURL
curl -X DELETE -H "Authorization: Bearer $ADMIN_TOKEN" https://docs.pau1.cloud/v1/admin/keys/key_abc123
Notes
  • Revocation is safer than editing scopes in place.
  • Create a new narrower key if access should continue.