PyExecutor REST API

Complete API reference for building integrations with PyExecutor. Authentication, endpoints, and examples included.

Authentication

API Key Authentication

Include your API key in the X-API-Key header:

curl -H "X-API-Key: your_api_key_here" \
  https://pyexecutor.example.com/api/workflows/

Error Responses

{
  "error": "Unauthorized",
  "detail": "Invalid or missing API key",
  "status": 401
}

Workflows

GET /api/workflows/

List all workflows in your organization.

curl -H "X-API-Key: key" \
  https://pyexecutor.example.com/api/workflows/

Response:

{
  "count": 5,
  "results": [
    {
      "id": 12,
      "name": "Service Health Monitor",
      "description": "Monitor service health",
      "is_active": true,
      "schedule": "0 */6 * * *",
      "created_at": "2026-02-28T10:30:00Z"
    }
  ]
}
GET /api/workflows/{id}/

Get a specific workflow with all steps.

curl -H "X-API-Key: key" \
  https://pyexecutor.example.com/api/workflows/12/
POST /api/workflows/{id}/execute/

Execute a workflow immediately. Returns a job object.

curl -X POST -H "X-API-Key: key" \
  -H "Content-Type: application/json" \
  -d '{"context": {"custom_var": "value"}}' \
  https://pyexecutor.example.com/api/workflows/12/execute/

Response:

{
  "id": 839,
  "workflow": 12,
  "status": "RUNNING",
  "triggered_by": "API",
  "created_at": "2026-02-28T15:45:00Z"
}
POST /api/workflows/

Create a new workflow.

curl -X POST -H "X-API-Key: key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "New Workflow",
    "description": "My workflow",
    "is_active": true,
    "steps": []
  }' \
  https://pyexecutor.example.com/api/workflows/

Jobs (Executions)

GET /api/jobs/

List all workflow executions (jobs).

curl -H "X-API-Key: key" \
  'https://pyexecutor.example.com/api/jobs/?workflow=12&status=SUCCESS'
GET /api/jobs/{id}/

Get job details, logs, and context.

curl -H "X-API-Key: key" \
  https://pyexecutor.example.com/api/jobs/839/

Response:

{
  "id": 839,
  "workflow": 12,
  "workflow_name": "Service Health Monitor",
  "status": "SUCCESS",
  "triggered_by": "API",
  "execution_context": {
    "health_data": {...},
    "all_clear_msg": "All services healthy"
  },
  "workflow_output": {
    "status": "ok"
  },
  "logs": "[INFO] Job started...",
  "created_at": "2026-02-28T15:45:00Z",
  "completed_at": "2026-02-28T15:46:30Z"
}
POST /api/jobs/{id}/cancel/

Cancel a running job.

curl -X POST -H "X-API-Key: key" \
  https://pyexecutor.example.com/api/jobs/839/cancel/

Webhook Triggers

POST /api/hooks/{workflow_id}/

Trigger a workflow via webhook. All request data is available as context variables.

curl -X POST \
  -H "Content-Type: application/json" \
  -H "X-API-Key: webhook_key" \
  -d '{
    "customer_id": 123,
    "email": "john@example.com",
    "action": "order_processed"
  }' \
  https://pyexecutor.example.com/api/hooks/12/

Available in workflow as:

{{{{ webhook_payload.customer_id }}}}  → 123
{{{{ webhook_payload.email }}}}        → john@example.com
{{{{ webhook_method }}}}               → POST
{{{{ webhook_path }}}}                 → /api/hooks/12/

Response:

{
  "job_id": 840,
  "status": "RUNNING",
  "message": "Workflow triggered successfully"
}

Secrets Management

POST /api/secrets/

Create or update an encrypted secret.

curl -X POST -H "X-API-Key: key" \
  -H "Content-Type: application/json" \
  -d '{
    "key": "DB_PASSWORD",
    "value": "super_secret_password"
  }' \
  https://pyexecutor.example.com/api/secrets/
GET /api/secrets/

List all secrets (values are hidden).

Approval Workflows

Manage human-in-the-loop approval gates for workflow governance.

GET /api/approvals/

List approval requests for your organization. Filter by status.

curl -H "Authorization: Bearer $TOKEN" \
  "https://your-instance/api/approvals/?status=pending"

# Response
{
  "count": 3,
  "results": [
    {
      "id": 30,
      "approval_config": {
        "id": 1,
        "approver_emails": ["ops@company.com", "lead@company.com"],
        "approval_title": "Approval required for Deploy Pipeline",
        "required_approvers": 1,
        "require_comment": false,
        "timeout_days": 1
      },
      "workflow_name": "Deploy Pipeline",
      "job": 2403,
      "status": "pending",
      "approval_token": "eBGYR_er...",
      "created_at": "2026-03-07T10:00:00Z",
      "expires_at": "2026-03-08T10:00:00Z",
      "approvals_count": 0
    }
  ]
}
GET /api/approvals/token/{token}/

Retrieve an approval request by its unique token. No authentication required — used in email links.

POST /api/approvals/token/{token}/approve/

Approve a pending request. Optionally include a comment and approver email.

curl -X POST \
  "https://your-instance/api/approvals/token/eBGYR_er.../approve/" \
  -H "Content-Type: application/json" \
  -d '{"comment": "Looks good, approved.", "approver_email": "ops@company.com"}'
POST /api/approvals/token/{token}/reject/

Reject a pending request with an optional reason.

curl -X POST \
  "https://your-instance/api/approvals/token/eBGYR_er.../reject/" \
  -H "Content-Type: application/json" \
  -d '{"reason": "Not ready for production yet."}'
POST /api/approvals/token/{token}/resend/

Resend the approval notification email to all designated approvers.

Scripts

GET /api/scripts/

List all scripts in the current organization. Supports multi-language: Python, JavaScript, PowerShell, Bash, Go.

curl -H "Authorization: Bearer $TOKEN" \
  https://your-instance/api/scripts/

# Response
[{
  "id": 42,
  "name": "health_check",
  "language": "python",
  "folder": "monitoring",
  "variables": {"inputs": [...], "outputs": [...]},
  "created_at": "2026-03-01T10:00:00Z"
}]
POST /api/scripts/validate-content/

Security-scan a script for dangerous patterns (17 checks including file system access, network calls, subprocess, eval). Returns warnings before saving.

curl -X POST -H "Authorization: Bearer $TOKEN" \
  -d '{"content": "import os; os.system(\"rm -rf /\")", "language": "python"}' \
  https://your-instance/api/scripts/validate-content/

# Response
{"warnings": ["Dangerous pattern detected: os.system()"]}

Packages (Multi-Language)

GET /api/packages/

List installed packages, optionally filtered by language.

POST /api/packages/install/

Install a package. Supports pip (Python), npm (JavaScript), and PowerShell Gallery.

curl -X POST -H "Authorization: Bearer $TOKEN" \
  -d '{"name": "lodash", "language": "javascript"}' \
  https://your-instance/api/packages/install/
GET /api/packages/search/?q={query}&language={lang}

Search package registries (PyPI, npm, PowerShell Gallery) for available packages.

Connectors

GET /api/connectors/

List all connectors. Types: database (PostgreSQL, MySQL), http, ai (Gemini, OpenAI, Azure OpenAI, LM Studio, Ollama), notification (Email, Slack, Teams, Discord, Telegram, PagerDuty, WhatsApp).

POST /api/connectors/{id}/test/

Test a connector's connectivity before using it in workflows.

Template Gallery

GET /api/templates/

List all workflow templates. Filter by category, difficulty, featured, or search.

GET /api/templates/featured/

Get featured templates curated by the platform.

GET /api/templates/trending/

Top 10 templates by clone count.

POST /api/templates/{slug}/clone-and-configure/

Clone a template into a new workflow with custom config values.

curl -X POST -H "Authorization: Bearer $TOKEN" \
  -d '{"config": {"api_key": "sk-xxx", "target_url": "https://api.example.com"}}' \
  https://your-instance/api/templates/ghostwriter/clone-and-configure/

# Response
{"workflow_id": 15, "name": "Ghostwriter (clone)", "status": "created"}

Git Version Control

GET /api/repositories/

List all version-controlled repositories (linked to workflows or scripts).

GET /api/branches/ POST /api/branches/

List or create branches. Types: main, staging, develop, feature, hotfix, release. Supports branch protection.

GET /api/commits/ POST /api/commits/

List or create commits. Each commit stores a SHA256-hashed content snapshot with additions/deletions count.

GET /api/diffs/

View unified diffs with structured JSON changes between two commits.

GET /api/pull-requests/ POST /api/pull-requests/

Manage pull requests with approval workflow. Status: open, approved, rejected, merged, closed.

GET /api/tags/ POST /api/tags/

List or create named tags pointing to specific commits for release versioning.

RBAC & Organizations

GET /api/organizations/ POST /api/organizations/

List or create organizations. Each org is a multi-tenant boundary with its own roles, members, resources, and SMTP settings.

GET /api/organizations/{id}/members/

List organization members with their roles. Add/remove members, change roles.

GET /api/roles/ POST /api/roles/

Manage roles with hierarchical inheritance. System roles: Admin, Editor, Executor, Viewer, Report Analyst. Custom roles supported.

GET /api/permissions/

List all available permission codes across 12 categories (workflow, script, connector, job, secret, etc.).

GET /api/api-keys/ POST /api/api-keys/

Manage API keys with scoped access: read, execute, edit, analytics, full. Supports expiry, rotation, and resource constraints.

GET /api/audit-logs/

Query immutable audit logs. Filter by action, user, resource, status, and date range. Supports compliance export.

Analytics

GET /api/analytics/stats/

Aggregate dashboard: total jobs, success rate, CPU/memory/disk usage, AI token counts.

GET /api/analytics/daily/

Daily job execution counts for trend analysis.

GET /api/analytics/trigger-breakdown/

Jobs by trigger type: manual, webhook, scheduled, API.

GET /api/analytics/top-resources/

Most-used workflows and scripts by execution count.

GET /api/analytics/connector-health/

Connector status, latency, and error rates.

GET /api/analytics/duration/

Job execution duration trends over time.

GET /api/analytics/api-traffic/

API traffic patterns across published endpoints.

GET /api/analytics/security/

Security events: auth failures, denied access, suspicious patterns.

GET /api/analytics/mcp/

MCP tool invocation counts and performance metrics.

Synchronous Execution

POST /api/jobs/run-sync/

Execute a workflow synchronously — the request blocks until the job completes and returns the result directly. Ideal for API integrations that need immediate results.

curl -X POST -H "Authorization: Bearer $TOKEN" \
  -d '{"workflow_id": 5, "context": {"input": "data"}}' \
  https://your-instance/api/jobs/run-sync/

# Response includes the full job result
# Header: X-Sync-Execution: true
POST /api/hooks/{slug}/?sync=true

Trigger a webhook in synchronous mode. Add ?sync=true to block until execution completes and return the workflow output.

System Administration

GET /api/settings/ PUT /api/settings/

Get or update system settings.

POST /api/settings/maintenance-mode/

Toggle maintenance mode. When enabled, running jobs are auto-cancelled and new executions are blocked.

POST /api/settings/backup/

Export system data as a JSON backup file.

POST /api/settings/restore/

Restore the system from a JSON backup.

GET /api/scheduler/health/

Check scheduler health status and next run times.

GET /api/search/?q={query}

Global search across workflows, scripts, connectors, and other resources.

GET /api/swagger/

Interactive Swagger UI for exploring the full API. OpenAPI schema available at /api/schema/.

POST /api/ai/generate/

AI-powered code generation — describe what you need and get script code back.

Error Codes

Code Meaning
400 Bad Request - Invalid parameters
401 Unauthorized - Invalid or missing API key
403 Forbidden - No permission to access resource
404 Not Found - Resource doesn't exist
429 Too Many Requests - Rate limit exceeded
500 Server Error - Internal error occurred