API Reference
SanctumAI exposes an HTTP admin API on localhost when the daemon is running. This API is used by the web dashboard and can be used for automation.
Base URL
http://localhost:7700/api/v1The API is localhost-only by default. It does not listen on external interfaces.
Authentication
All requests require a Bearer token:
curl -H "Authorization: Bearer <token>" http://localhost:7700/api/v1/credentialsThe token is generated during sanctum daemon start and printed to stdout. It’s also stored in ~/.sanctum/daemon.token.
Endpoints
| Method | Path | Description |
|---|---|---|
| Credentials | ||
GET | /credentials | List credentials |
GET | /credentials/:path | Get credential |
POST | /credentials | Store credential |
DELETE | /credentials/:path | Delete credential |
| Agents | ||
GET | /agents | List agents |
POST | /agents | Register agent |
DELETE | /agents/:name | Remove agent |
| Policies | ||
GET | /policies | List policies |
POST | /policies | Create policy |
DELETE | /policies/:name | Delete policy |
POST | /policies/simulate | Simulate policy |
| Audit | ||
GET | /audit | Query audit log |
GET | /audit/verify | Verify chain integrity |
| Auth | ||
POST | /auth/challenge | Request auth challenge |
POST | /auth/verify | Verify challenge response |
Response Format
All responses are JSON:
{
"data": { ... },
"meta": {
"request_id": "550e8400-e29b-41d4-a716-446655440000",
"timestamp": "2026-02-14T22:30:00Z"
}
}Errors return:
{
"error": {
"code": "ACCESS_DENIED",
"message": "Policy does not grant access to this resource"
}
}