Endpoint Reference
All endpoints served by the Foundry emulator, organized by category.
OAuth 2.0
| Method | Path | Auth | Description |
|---|
| GET | /multipass/api/oauth2/authorize | None | Authorization page; renders user selection UI |
| POST | /multipass/api/oauth2/authorize/callback | None | Processes user selection; redirects with authorization code |
| POST | /multipass/api/oauth2/token | None | Token exchange for all grant types |
Token Endpoint Grant Types
The token endpoint (POST /multipass/api/oauth2/token) handles three grant types based on the grant_type body parameter:
| Grant Type | Required Parameters | Description |
|---|
authorization_code | code, client_id | Exchanges an authorization code for tokens |
refresh_token | refresh_token, client_id | Refreshes an access token using a refresh token |
client_credentials | client_id, client_secret | Issues a token for a service principal |
Admin API
| Method | Path | Auth | Required Scope | Description |
|---|
| GET | /api/v2/admin/users/getCurrent | Bearer | api:admin-read | Returns the current authenticated user |
| GET | /api/v2/admin/enrollments/getCurrent | Bearer | api:admin-read | Returns the current enrollment |
| GET | /multipass/api/me | Bearer | None | Returns the CLI-compatible principal shape |
Connectivity API
| Method | Path | Auth | Required Scope | Description |
|---|
| POST | /api/v2/connectivity/connections | Bearer | api:connectivity-connection-write | Create a REST connection |
| GET | /api/v2/connectivity/connections/:connectionRid | Bearer | api:connectivity-connection-read | Fetch a connection |
| GET | /api/v2/connectivity/connections/:connectionRid/getConfiguration | Bearer | api:connectivity-connection-read | Fetch configuration with secret names only |
| POST | /api/v2/connectivity/connections/:connectionRid/updateSecrets | Bearer | api:connectivity-connection-write | Update secrets and return 204 |
Ontology API
| Method | Path | Auth | Required Scope | Description |
|---|
| GET | /api/v2/ontologies | Bearer | api:ontologies-read | List ontologies |
| POST | /api/v2/ontologies/:ontology/queries/:queryApiName/execute | Bearer | api:ontologies-read | Execute a seeded ontology query |
Compute Module Runtime Routes
These routes are used by the compute module runtime process. All paths are prefixed with /_emulate/foundry/compute-modules/runtimes.
| Method | Path | Auth | Description |
|---|
| POST | /_emulate/foundry/compute-modules/runtimes | None | Create or reset a runtime session |
| GET | /_emulate/foundry/compute-modules/runtimes/:runtimeId/job | Module-Auth-Token | Poll for the next queued job |
| POST | /_emulate/foundry/compute-modules/runtimes/:runtimeId/schemas | Module-Auth-Token | Post function schemas |
| POST | /_emulate/foundry/compute-modules/runtimes/:runtimeId/results/:jobId | Module-Auth-Token | Post a job result |
| GET | /_emulate/foundry/compute-modules/runtimes/:runtimeId/jobs/:jobId | None | Inspect runtime, job, and schema state |
Compute Module Contour Routes
These routes are used by your application to submit and monitor jobs. All paths are prefixed with /contour-backend-multiplexer/api/module-group-multiplexer.
| Method | Path | Auth | Description |
|---|
| POST | .../compute-modules/jobs/execute | Bearer | Synchronous job execution (blocks until result) |
| POST | .../deployed-apps/jobs | Bearer | Asynchronous job submission |
| GET | .../jobs/:jobId/status | Bearer | Poll job status |
| PUT | .../jobs/result/v2 | Bearer | Retrieve result of a completed async job |
Authentication Types
| Type | Header | Used By |
|---|
| Bearer | Authorization: Bearer | Admin, connectivity, ontology, and contour routes |
| Module-Auth-Token | Module-Auth-Token: | Runtime routes (polling, schemas, results) |
| None | No authentication required | OAuth endpoints, runtime creation, job inspection |
Content Types
| Endpoint | Request Content-Type | Response Content-Type |
|---|
| Token endpoint | application/x-www-form-urlencoded | application/json |
| Authorization page | N/A | text/html |
| Admin getCurrent | N/A | application/json |
| Admin getCurrent enrollment | N/A | application/json |
| Multipass me | N/A | application/json |
| Connectivity create | application/json | application/json |
| Connectivity getConfiguration | N/A | application/json |
| Connectivity updateSecrets | application/json | 204 No Content |
| Ontology list | N/A | application/json |
| Ontology query execute | application/json | application/json |
| Runtime creation | application/json | application/json |
| Schema posting | application/json | application/json |
| Result posting | application/octet-stream | application/json |
| Contour sync execute | application/json | application/octet-stream |
| Contour async submit | application/json | application/json |
| Contour job status | N/A | application/json |
| Contour result fetch | application/json | application/octet-stream |
Common Error Shapes
OAuth errors (token endpoint):
{
"error": "error_code",
"error_description": "Human-readable message."
}
Permission errors (admin, connectivity, and ontology APIs):
{
"errorCode": "PERMISSION_DENIED",
"errorName": "...",
"errorDescription": "...",
"errorInstanceId": "...",
"parameters": {}
}
Not found / invalid argument errors (admin, connectivity, and ontology APIs):
{
"errorCode": "NOT_FOUND",
"errorName": "...",
"errorDescription": "...",
"errorInstanceId": "...",
"parameters": {}
}
Compute module errors (runtime and contour routes):
{
"error": "error_code",
"error_description": "Human-readable message."
}
