API Reference
TapPass exposes a REST API built on FastAPI. Interactive docs available in dev mode at /api-docs (Swagger) and /api-redoc (ReDoc).
Endpoints
Section titled “Endpoints”| Section | Prefix | Description |
|---|---|---|
| Chat Completions | /v1/chat/completions | OpenAI-compatible LLM proxy |
| Sessions | /sessions | Session management |
| Agents | /agents | Agent registration and lifecycle |
| Pipelines | /pipelines | Pipeline CRUD and assignment |
| Audit Trail | /audit | Query and verify audit events |
| Health | /health | Health check and diagnostics |
Authentication
Section titled “Authentication”Four methods, tried in order:
- SPIFFE X509-SVID (mTLS): AI agent identity
- SPIFFE JWT-SVID (Bearer). AI agent identity
- Session JWT (Bearer). human identity from SSO
- Admin API key (Bearer). bootstrap key
Middleware stack
Section titled “Middleware stack”| Order | Middleware | Purpose |
|---|---|---|
| 1 | Version prefix | Strips /v1/ prefix |
| 2 | Auth | 4-method auth chain |
| 3 | Rate limit | Per-IP rate limiting |
| 4 | Request size | Rejects bodies > 5 MB |
| 5 | Security headers | CSP, HSTS, X-Frame-Options |
| 6 | Request ID | X-Request-ID propagation |
| 7 | CORS | Cross-origin resource sharing |