NodeLoom|Docs
HomeDashboard

API Reference

The NodeLoom REST API lets you manage workflows, executions, credentials, teams, and more programmatically. All endpoints follow consistent conventions for authentication, error handling, and pagination.

Base URL

All API requests are made to the following base URL:

text
https://your-nodeloom-instance.com

Replace this with your actual NodeLoom instance URL. For self-hosted deployments, this is the URL where your backend service is running.

Authentication

NodeLoom uses JWT tokens delivered via httpOnly cookies. After logging in through POST /api/auth/login, the server sets a secure cookie that is automatically included in subsequent requests. No manual Authorization header is needed for browser-based clients.

Cookie-based auth

When calling the API from non-browser clients (e.g. cURL, Postman), you must capture the Set-Cookie header from the login response and include it in subsequent requests.

Content Type

All requests that include a body must set the following header:

text
Content-Type: application/json

All responses are returned as JSON unless otherwise specified.

Rate Limiting

API requests are rate-limited based on your subscription tier. Rate limit headers are included in every response:

HeaderDescription
X-RateLimit-LimitMaximum number of requests allowed per window
X-RateLimit-RemainingNumber of requests remaining in the current window
X-RateLimit-ResetUnix timestamp when the rate limit window resets
TierRequests / minute
Free60
Starter300
Pro1,000
Enterprise5,000

429 Too Many Requests

When you exceed the rate limit, the API returns a 429 status code. Back off and retry after the X-RateLimit-Reset time.

Error Response Format

All error responses follow a consistent JSON structure:

Error response
{
  "status": 400,
  "error": "Bad Request",
  "message": "Workflow name is required",
  "timestamp": "2026-02-17T10:30:00.000Z",
  "path": "/api/workflows"
}
HTTP StatusMeaning
400Bad Request -- invalid input or missing required fields
401Unauthorized -- missing or expired authentication
403Forbidden -- insufficient permissions for this action
404Not Found -- resource does not exist
409Conflict -- resource already exists or state conflict
429Too Many Requests -- rate limit exceeded
500Internal Server Error -- unexpected server failure

API Sections

The API is organized into the following sections:

Authentication

Login, logout, and token refresh

Workflows

Create, update, delete, and execute workflows

Executions

List and inspect workflow execution history

Credentials

Manage and test third-party credentials

Agent Chat

Chat sessions and streaming messages with AI agents

Widgets

Dashboard widget management and public chat API

Monitoring

Token usage, anomaly detection, and scheduled reports

Teams

Team management, members, and role assignments

Audit

Audit logs, integrity verification, and SIEM export

Next

Quick Start