Skip to content

API

The Dungbeetle cloud server exposes a small HTTP API under /api/v1 for ingesting runs, managing hosted baselines, and reading analytics. In normal use you don't call it directly — dungbeetle push / push-baselines do — but it's documented here for integrations and tooling. For the concepts behind it, see Cloud server; to run your own, see Self-hosting. Coding agents can drive run triage and baseline approval over the MCP server, which is a thin client over this API.

Base URL: your server origin, e.g. https://dungbeetle.example.com. All examples use http://localhost:4317 (the default).

Authentication

Every /api/v1 route uses HTTP Basic auth: the repository's client_id is the username and client_secret is the password. The credential pair resolves to a single repository, and everything a request can read or write is scoped to that repository. Mint a pair by creating a repository in the web UI (see Cloud server).

sh
curl -u "$DUNGBEETLE_CLIENT_ID:$DUNGBEETLE_CLIENT_SECRET" \
  http://localhost:4317/api/v1/baselines
  • Missing/malformed Authorization header → 401 with WWW-Authenticate: Basic.
  • Invalid credentials → 401.
  • Repeated failures from the same client/IP are throttled → 429 with a Retry-After header. Successful requests never count toward the limit.

The /api/v1 routes all require client credentials; /health and /healthz are the unauthenticated probes. (The web UI under / and /ui has its own session-cookie auth — see Cloud server.)

Conventions

  • Requests and responses are JSON (Content-Type: application/json).
  • Ingest endpoints (POST) are bounded by DUNGBEETLE_MAX_BODY_BYTES (default 25 MiB); larger bodies get 413.
  • Errors return { "error": "<message>" } with the relevant 4xx status.

Endpoints

MethodPathAuthPurposePage
GET/healthnoneLiveness checkHealth
GET/healthznoneReadiness + version/uptimeHealth
POST/api/v1/runsclient credsIngest a run reportRuns
GET/api/v1/runs/:idclient credsFetch a stored run + reportRuns
GET/api/v1/runs/:id/screenshots/:artifactIdclient credsFetch an offloaded screenshot (PNG) by idScreenshots
POST/api/v1/screenshots/probeclient credsWhich screenshot digests the repo still needsScreenshots
PUT/api/v1/screenshots/:digestclient credsUpload a screenshot artifact (content-addressed)Screenshots
POST/api/v1/runs/:id/reviewclient credsApprove/reject a run (optionally promote)Runs
GET/api/v1/repositoryclient credsIdentify the authenticated repositoryRepository
GET/api/v1/analyticsclient credsTrend + per-target flakinessRepository
GET/api/v1/usageclient credsCurrent-period usage vs plan limitsRepository
POST/api/v1/baselinesclient credsUpload a baseline versionBaselines
GET/api/v1/baselinesclient credsList targets + latest versionBaselines
GET/api/v1/baselines/:targetclient credsVersion history for a targetBaselines
GET/api/v1/baselines/:target/latestclient credsLatest version + snapshotBaselines
GET/api/v1/baselines/:target/versions/:versionclient credsA specific versionBaselines

The status codes and plan limits apply across all endpoints.

Health probes

GET /health

Unauthenticated liveness probe.

http
200 OK
{ "status": "ok", "apiVersion": 1 }

GET /healthz

Unauthenticated readiness probe with build/runtime info for post-deploy verification. version reflects DUNGBEETLE_VERSION (or the package version); uptime is in seconds.

http
200 OK
{ "status": "ok", "version": "1.2.3", "uptime": 42 }

Source-available: CLI under FSL-1.1-ALv2, cloud server under BUSL-1.1. See Licensing.