Skip to main content
The Ithaca REST API is the HTTP surface for the web UI, integrations, and direct scripting. The MCP server calls the same underlying services — the REST API is not a separate codebase.

Base URL

All endpoints are rooted at /api. In production the API is served from https://app.doomberg.me/api. In local development it is served from http://localhost:8000/api.
https://app.doomberg.me/api

Authentication

Two authentication modes are supported. See Auth overview for the full model.
ModeHeaderUsed by
API keyAuthorization: Bearer dmbg_<env>_<keyid>_<secret>Agents, MCP server, scripts.
Session JWTAuthorization: Bearer <clerk-jwt>Web UI (Clerk OAuth).
Dev headerX-Tenant-Id: <tenant_id>Local development only. Bypasses auth.
The X-Tenant-Id dev header is only accepted when the server is running in development mode. In production it is ignored. Never rely on it for real traffic.

Tenant isolation

Every authenticated request resolves to a tenant_id. Every query is scoped by it. There is no unscoped read path. See Tenant isolation.

Response format

All successful responses are JSON with a 200 or 201 status. List endpoints return an object with a plural key:
{ "sessions": [ ... ] }
Single-resource endpoints return the resource directly:
{ "id": "sess_123", "...": "..." }

Error format

Errors are JSON with a consistent shape:
{
  "error": {
    "code": "not_found",
    "message": "run run_abc not found",
    "details": { "run_id": "run_abc" }
  }
}
HTTP statuscodeMeaning
400bad_requestMalformed body or query.
401unauthorizedMissing or invalid credentials.
403forbiddenAuthenticated but lacks scope.
404not_foundResource does not exist (or belongs to another tenant).
409conflictState transition not allowed.
422validation_errorSchema validation failed. Field-level details included.
429rate_limitedToo many requests.
500internal_errorUnexpected server error.

Endpoint catalog

Auth

MethodPathDescription
GET/api/overview/meCurrent principal.
POST/api/overview/keysMint an API key (session JWT only).
GET/api/overview/keysList API keys.
DELETE/api/overview/keys/{key_id}Revoke an API key.
Auth endpoints

Sessions

MethodPathDescription
GET/api/sessionsList sessions.
POST/api/sessionsCreate a session.
POST/api/sessions/seed-demoSeed a demo session for first-time UX.
Session endpoints

Runs

MethodPathDescription
GET/api/runsList runs (optional ?kind=).
GET/api/runs/{id}Full run + shaped trace.
GET/api/runs/{id}/bookPaper positions.
POST/api/runsCreate a backtest run.
POST/api/runs/{id}/cancelCancel a run.
POST/api/runs/{id}/promotePromote to paper (human-only).
Run endpoints

Events & SSE

MethodPathDescription
POST/api/runs/{id}/events-ticketMint a one-time SSE ticket.
GET/api/runs/{id}/eventsSSE stream (replay + live tail).
Events & SSE

Strategies

MethodPathDescription
GET/api/strategiesList strategies.
POST/api/strategiesPropose a strategy (strategy:author).
Strategy endpoints

Approvals

MethodPathDescription
GET/api/approvalsList approvals (optional ?run_id=, ?state=).
POST/api/approvals/{id}/decideApprove or deny (human-only).
Approval endpoints

Providers

MethodPathDescription
GET/api/providersList connections + snapshots.
POST/api/providersCreate or upsert a connection.
GET/api/dataset-snapshotsList dataset snapshots.
Provider endpoints

Triggers

MethodPathDescription
GET/api/triggersList triggers.
GET/api/trigger-firingsList trigger firings.
POST/api/triggersCreate a trigger.
POST/api/triggers/{id}/stateChange trigger state.
POST/api/triggers/dry-runDry-run a trigger.
Trigger endpoints