REST API Endpoints
Auto-generated interactive docs are always available at /docs (Swagger) on a running instance — this page is a grouped reference of what exists and why. All endpoints are relative to your configured app.host:app.port.
Endpoint
Method
Purpose
/query
POST
Main NL→SQL query endpoint. Requires X-Session-ID if query.require_session: true
/tables
GET
List tables in the configured database
/schema/{table_name}
GET
Column definitions for a table
/schema/multiple
POST
Column definitions for several tables at once
/history, /history/stats
GET
Query history and stats
/history/{query_id}
DELETE
Delete a history entry
/history/clear/{session_id}
POST
Clear a session's history
/favorites
GET / POST
List / save favorite queries
/favorites/{query_id}
DELETE
Remove a favorite
/conversation/stats, /conversation/history/{session_id}
GET
Conversation memory inspection
/conversation/clear/{session_id}, /conversation/cleanup
POST
Reset conversation state
/conversation/{session_id}
DELETE
Delete a conversation
/health, /config, /ui-config
GET
Health check, effective config, UI section visibility
/reload-providers
POST
Reload DB/LLM providers without a full restart
Used by the auth widget, and by the MCP server under the hood. See MCP Overview and Security Overview .
Endpoint
Method
Purpose
/auth/login
POST
Per-user login with DB credentials → session ID
/auth/logout, /auth/validate
POST
End / check a session
/auth/session-info, /auth/stats, /auth/user-stats
GET
Session and usage introspection
/auth/config
GET
Auth plugin config (non-secret)
/auth/tables, /auth/schema/{table_name}, /auth/schema/multiple
GET/POST
Scoped schema access
/auth/query
POST
Governed query endpoint — what MCP tools call, with bypass_intent support
/auth/mcp-mask-rules
GET
Active field-masking rules for the caller
/auth/conversation/history, /auth/conversation/clear
GET/POST
Per-session conversation memory
/auth/token/generate | /validate | /revoke
POST
API token lifecycle
/auth/tokens
GET
List the caller's own tokens
/auth/auto-session
POST
Server-credential-backed session for unauthenticated widgets (if auto_session.enabled)
MCP Server
Endpoint
Method
Purpose
/mcp/sse
GET
SSE connection for network MCP clients (requires x-mcp-token)
/mcp/messages/
POST
MCP protocol message channel
Only mounted when mcp.sse.enabled: true. See Network Setup .
Admin (/admin/*, session-cookie gated)
Endpoint
Method
Purpose
/admin/login, /admin/login/json, /admin/logout
GET/POST
Admin authentication
/admin/config
GET/POST
Full effective config
/admin/config/{llm,database,email,scheduler,insights,ops-agent,export}
PUT
Section-scoped config updates
/admin/config/reset, /admin/config/history
POST/GET
Reset to defaults / view change history
/admin/config/snapshot, /admin/config/restore
POST
Backup and restore config
/admin/test, /admin/test/email
POST
Connection tests (DB/LLM, SMTP)
/admin/reload, /admin/info
POST/GET
Reload providers, instance info
/admin/prompts, /admin/prompts/update, /admin/prompts/reset
GET/POST
Runtime prompt editing
/admin/tokens, /admin/token/revoke, /admin/token-policy, /admin/token/set-limit
GET/POST
Platform-wide token management
/admin/mcp-mask-rules
GET/POST/PUT/DELETE
Field masking rules
Dashboards (/api/dashboards)
Endpoint
Method
Purpose
/api/dashboards
GET
List all
/api/dashboards/stats
GET
Count + storage backend
/api/dashboards/{id}
GET / DELETE
Fetch / remove
/api/dashboards/generate
POST
Create from a favorite query
/api/dashboards/{id}/refresh
POST
Re-run and update
See Dashboard .
Scheduled Queries (/api/schedules)
Endpoint
Method
Purpose
/api/schedules
POST / GET
Create / list
/api/schedules/{id}
GET / PUT / DELETE
Fetch, update, remove
/api/schedules/{id}/toggle
POST
Enable/disable
/api/schedules/{id}/run
POST
Run immediately
/api/schedules/{id}/executions, /stats
GET
History and stats
/api/schedules/admin/all, /admin/jobs
GET
Cross-user view (admin)
See Scheduled Queries .
Semantic Layer (/api/semantic)
Endpoint
Method
Purpose
/api/semantic/entities
GET/POST
List / create entities
/api/semantic/entities/{id}
GET/PUT/DELETE
Manage one entity
/api/semantic/entities/{id}/columns, /columns
GET/POST
Column display names
/api/semantic/relationships
GET/POST
JOIN relationships
/api/semantic/metrics
GET/POST
Calculated metrics
/api/semantic/context
GET
Assembled context as sent to the LLM
/api/semantic/discover
POST
Auto-discovery scan
See Semantic Layer .
BigQuery Ops Console (/ops-agent)
Endpoint
Method
Purpose
/ops-agent/operations
GET
List available operations
/ops-agent/projects, /switch-project
GET/POST
Multi-project management
/ops-agent/execute
POST
Run an operation
/ops-agent/health
GET
Health check
/ops-agent/alarms
GET/POST
List / create cost alarms
/ops-agent/alarms/{id}
PUT/DELETE
Update / remove an alarm
/ops-agent/alarms/{id}/test
POST
Run condition check on-demand
/ops-agent/alarms/{id}/history, /history/all
GET
Trigger history
/ops-agent/alarms/jira-config, /jira-issue-types
GET
Jira integration status
See BigQuery Ops Console .
Audit Logs (/api/audit)
Endpoint
Method
Purpose
/api/audit/logs
GET
Filtered log entries
/api/audit/summary, /daily-trend, /top-users
GET
Aggregate views
/api/audit/export/csv
GET
CSV export
See Audit Logs .
Usage Analytics (/api/analytics)
Endpoint
Method
Purpose
/api/analytics/summary, /hourly-stats, /errors
GET
Usage overview
/api/analytics/widget-comparison
GET
Standard vs. auth widget traffic
/api/analytics/performance, /query-complexity
GET
Execution time and complexity distributions
/api/analytics/top-users
GET
Highest-volume users
/api/analytics/health
GET
Health check
See Analytics & Insights .
Demo (/demo)
Endpoint
Method
Purpose
/demo, /demo/fullscreen, /demo/standard, /demo/comparison
GET
Widget embed previews
/demo/health
GET
Health check
July 9, 2026
February 9, 2026