API Quick Reference

# Get token
TOKEN=$(curl -s -X POST http://localhost:8002/osm/api/login \
  -H "Content-Type: application/json" \
  -d '{"username": "osmedeus", "password": "osmedeus-admin"}' | jq -r '.token')

# Use in requests
curl http://localhost:8002/osm/api/workflows \
  -H "Authorization: Bearer $TOKEN"

# Health check
curl http://localhost:8002/health

# Readiness
curl http://localhost:8002/health/ready

# Server info
curl http://localhost:8002/server-info

# List all workflows
curl http://localhost:8002/osm/api/workflows \
  -H "Authorization: Bearer $TOKEN"

# Filter by tags
curl "http://localhost:8002/osm/api/workflows?tags=reconnaissance" \
  -H "Authorization: Bearer $TOKEN"

# Get workflow details
curl http://localhost:8002/osm/api/workflows/subdomain-enum \
  -H "Authorization: Bearer $TOKEN"

# Get all tags
curl http://localhost:8002/osm/api/workflows/tags \
  -H "Authorization: Bearer $TOKEN"

# Refresh workflow index
curl -X POST http://localhost:8002/osm/api/workflows/refresh \
  -H "Authorization: Bearer $TOKEN"

# Create run
curl -X POST http://localhost:8002/osm/api/runs \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "flow": "general",
    "target": "example.com",
    "params": {"threads": "50"}
  }'

# Create run with module
curl -X POST http://localhost:8002/osm/api/runs \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "module": "subdomain-enum",
    "target": "example.com"
  }'

# List runs
curl "http://localhost:8002/osm/api/runs" \
  -H "Authorization: Bearer $TOKEN"

# Filter runs
curl "http://localhost:8002/osm/api/runs?status=running&workspace=example.com" \
  -H "Authorization: Bearer $TOKEN"

# Get run details
curl http://localhost:8002/osm/api/runs/run-abc123 \
  -H "Authorization: Bearer $TOKEN"

# Get run steps
curl http://localhost:8002/osm/api/runs/run-abc123/steps \
  -H "Authorization: Bearer $TOKEN"

# Get run artifacts
curl http://localhost:8002/osm/api/runs/run-abc123/artifacts \
  -H "Authorization: Bearer $TOKEN"

# Cancel run
curl -X DELETE http://localhost:8002/osm/api/runs/run-abc123 \
  -H "Authorization: Bearer $TOKEN"

# List schedules
curl http://localhost:8002/osm/api/schedules \
  -H "Authorization: Bearer $TOKEN"

# Create schedule
curl -X POST http://localhost:8002/osm/api/schedules \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "daily-scan",
    "workflow_name": "subdomain-enum",
    "trigger_type": "cron",
    "schedule": "0 2 * * *",
    "input_config": {"target": "example.com"},
    "is_enabled": true
  }'

# Get schedule
curl http://localhost:8002/osm/api/schedules/sched-123 \
  -H "Authorization: Bearer $TOKEN"

# Update schedule
curl -X PUT http://localhost:8002/osm/api/schedules/sched-123 \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"schedule": "0 3 * * *"}'

# Enable schedule
curl -X POST http://localhost:8002/osm/api/schedules/sched-123/enable \
  -H "Authorization: Bearer $TOKEN"

# Disable schedule
curl -X POST http://localhost:8002/osm/api/schedules/sched-123/disable \
  -H "Authorization: Bearer $TOKEN"

# Trigger manually
curl -X POST http://localhost:8002/osm/api/schedules/sched-123/trigger \
  -H "Authorization: Bearer $TOKEN"

# Delete schedule
curl -X DELETE http://localhost:8002/osm/api/schedules/sched-123 \
  -H "Authorization: Bearer $TOKEN"

# List workspaces
curl http://localhost:8002/osm/api/workspaces \
  -H "Authorization: Bearer $TOKEN"

# Get workspace state
curl http://localhost:8002/osm/api/workspaces/example.com/state-file \
  -H "Authorization: Bearer $TOKEN"

# List assets
curl "http://localhost:8002/osm/api/assets?workspace=example.com" \
  -H "Authorization: Bearer $TOKEN"

# Filter assets
curl "http://localhost:8002/osm/api/assets?workspace=example.com&status_code=200&limit=50" \
  -H "Authorization: Bearer $TOKEN"

# List vulnerabilities
curl "http://localhost:8002/osm/api/vulnerabilities?workspace=example.com" \
  -H "Authorization: Bearer $TOKEN"

# Filter by severity
curl "http://localhost:8002/osm/api/vulnerabilities?severity=high,critical" \
  -H "Authorization: Bearer $TOKEN"

# Get vulnerability summary
curl http://localhost:8002/osm/api/vulnerabilities/summary \
  -H "Authorization: Bearer $TOKEN"

# Get vulnerability details
curl http://localhost:8002/osm/api/vulnerabilities/vuln-123 \
  -H "Authorization: Bearer $TOKEN"

# Import vulnerabilities
curl -X POST http://localhost:8002/osm/api/vulnerabilities/import \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"workspace": "example.com", "data": [...]}'

# List functions
curl http://localhost:8002/osm/api/functions/list \
  -H "Authorization: Bearer $TOKEN"

# Evaluate function
curl -X POST http://localhost:8002/osm/api/functions/eval \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"script": "fileLength(\"/path/to/file\")"}'

# List snapshots
curl http://localhost:8002/osm/api/snapshots \
  -H "Authorization: Bearer $TOKEN"

# Export workspace
curl -X POST http://localhost:8002/osm/api/snapshots/export \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"workspace": "example.com"}'

# Import from URL
curl -X POST http://localhost:8002/osm/api/snapshots/import \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"source": "https://example.com/backup.zip"}'

# Download snapshot
curl http://localhost:8002/osm/api/snapshots/download/example.com-backup.zip \
  -H "Authorization: Bearer $TOKEN" \
  -o backup.zip

# List event logs
curl "http://localhost:8002/osm/api/event-logs?workspace=example.com" \
  -H "Authorization: Bearer $TOKEN"

# Filter by topic
curl "http://localhost:8002/osm/api/event-logs?topic=run.completed" \
  -H "Authorization: Bearer $TOKEN"

# Get settings
curl http://localhost:8002/osm/api/settings/yaml \
  -H "Authorization: Bearer $TOKEN"

# Update settings
curl -X PUT http://localhost:8002/osm/api/settings/yaml \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/yaml" \
  -d 'server:
    host: "0.0.0.0"
    port: 8002'

# Get system stats
curl http://localhost:8002/osm/api/stats \
  -H "Authorization: Bearer $TOKEN"

# Get registry info
curl http://localhost:8002/osm/api/registry-info \
  -H "Authorization: Bearer $TOKEN"

# Install binary
curl -X POST http://localhost:8002/osm/api/install \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"type": "binary", "name": "nuclei"}'

# Chat completion
curl -X POST http://localhost:8002/osm/api/llm/v1/chat/completions \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "messages": [
      {"role": "user", "content": "Analyze this target: example.com"}
    ],
    "model": "gpt-4"
  }'

# Embeddings
curl -X POST http://localhost:8002/osm/api/llm/v1/embeddings \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "input": ["text to embed"],
    "model": "text-embedding-ada-002"
  }'

# List workers
curl http://localhost:8002/osm/api/workers \
  -H "Authorization: Bearer $TOKEN"

# Get worker details
curl http://localhost:8002/osm/api/workers/worker-123 \
  -H "Authorization: Bearer $TOKEN"

# List tasks
curl http://localhost:8002/osm/api/tasks \
  -H "Authorization: Bearer $TOKEN"

# Get task details
curl http://localhost:8002/osm/api/tasks/task-123 \
  -H "Authorization: Bearer $TOKEN"

# Submit task
curl -X POST http://localhost:8002/osm/api/tasks \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow": "subdomain-enum",
    "target": "example.com"
  }'

# Upload target file
curl -X POST http://localhost:8002/osm/api/upload-file \
  -H "Authorization: Bearer $TOKEN" \
  -F "[email protected]"

# Upload workflow
curl -X POST http://localhost:8002/osm/api/workflow-upload \
  -H "Authorization: Bearer $TOKEN" \
  -F "[email protected]"