All endpoints require authentication via Authorization: Bearer <token> header.
GET /api/backends
Response:
[
{"id": "opencode", "name": "OpenCode"},
{"id": "claudecode", "name": "Claude Code"},
{"id": "codex", "name": "Codex"},
{"id": "gemini", "name": "Gemini"},
{"id": "grok", "name": "Grok Build"}
]GET /api/backends/:id
Response:
{"id": "opencode", "name": "OpenCode"}GET /api/backends/:id/agents
Response:
[{"id": "build", "name": "build"}, {"id": "plan", "name": "plan"}]GET /api/backends/:id/config
Response:
{
"id": "opencode",
"name": "OpenCode",
"enabled": true,
"settings": {
"base_url": "http://127.0.0.1:4096",
"default_agent": "build",
"permissive": true
}
}For claudecode, settings includes api_key_configured and optional fields
like default_model. Grok settings include an optional cli_path. Codex and
Gemini currently use empty settings unless configured by future backend-specific
fields.
PUT /api/backends/:id/config
Body:
{
"enabled": true,
"settings": {
"base_url": "http://127.0.0.1:4096",
"default_agent": "build",
"permissive": true
}
}Claude Code accepts api_key in settings to store it securely in the secrets
vault. Grok accepts cli_path to override the CLI binary path.
Response:
{
"ok": true,
"message": "Backend configuration updated. Restart Sandboxed.sh to apply runtime changes."
}