Web API#
oxo-flow includes a built-in REST API server for remotely building, validating, and monitoring workflows. The server is built with axum and runs on the tokio async runtime.
Starting the Server#
Endpoints#
Health Check#
Returns server status and version.
Response:
List Workflows#
Returns a list of loaded workflows.
Response:
Validate Workflow#
Validates TOML workflow content and returns parse/DAG results.
Request:
{
"toml_content": "[workflow]\nname = \"test\"\n\n[[rules]]\nname = \"s1\"\ninput = []\noutput = [\"out.txt\"]\nshell = \"echo hi > out.txt\""
}
Response (valid):
Response (invalid):
{
"valid": false,
"errors": ["expected `=`, found newline at line 5 column 1"],
"rules_count": null,
"edges_count": null
}
Get Workflow Graph#
Returns the DAG in DOT format for a given workflow.
Request:
Response:
List Environments#
Returns available environment backends.
Response:
Data Types#
WorkflowSummary#
WorkflowDetail#
{
"name": "string",
"version": "string",
"description": "string | null",
"author": "string | null",
"rules_count": 0,
"rules": [
{
"name": "string",
"inputs": ["string"],
"outputs": ["string"],
"environment": "string",
"threads": 0
}
]
}
ValidateRequest#
ValidateResponse#
CORS#
CORS is enabled by default, allowing requests from any origin. This makes the API accessible from web-based frontends and development tools.
Authentication#
The current version does not include authentication. For production deployments, place the server behind a reverse proxy (nginx, Caddy, Traefik) that handles TLS and authentication.
Error Handling#
All endpoints return standard HTTP status codes:
| Status | Meaning |
|---|---|
200 |
Success |
400 |
Bad request (invalid TOML, missing fields) |
404 |
Resource not found |
500 |
Internal server error |
Error responses include a JSON body with an error field:
See Also#
servecommand — CLI reference- System Architecture — how the web layer fits in