favicon-300
Skip to content

Open API Documentation

To meet advanced needs such as plugins and system integration, OmniBox provides an Open API.

AddressSwagger Documentation
Cloud Serviceapi.omnibox.proOmniBox Open API Docs
Local Deployment<your-server>/open/api/<your-server>/open/api/docs

Get API Key

See: How do I create an API Key

When creating an API key, you can add a remark. We recommend recording its purpose, caller, or related assistant so it is easier to manage and clean up later.

API Key Permissions and Scope

When creating an API key, set both the Permission Scope and the specific permissions.

The Permission Scope controls which part of the knowledge base the API key can access. After you select a file or folder, the API key can only access that resource and its child content. If a create request does not specify a save location, the new resource is saved within this scope by default.

The supported permissions are:

PermissionActionsDescription
Resource PermissionsCreate, read, update, deleteManage files, folders, resource content, resource-tag associations, web collection, and file uploads
Chat PermissionsCreateCall AI chat capabilities
Tag PermissionsCreate, readCreate and query tags
Search PermissionsReadSearch resources within the API key scope

If an API key does not have the required permission, the API returns an insufficient-permission error. We recommend selecting only the permissions your integration actually needs.

Use the Open API Skill in external agents

If you want an external agent, automation script, or internal tool to call OmniBox Open API, have the agent read the SKILL.md provided by OmniBox first. This file explains the Open API address, authentication method, permission scope, quota rules, and common calling workflows.

Cloud service URL:

text
https://api.omnibox.pro/v1/SKILL.md

For self-hosted deployments, use your Open API access address, for example:

text
https://<your-domain>/open/api/v1/SKILL.md

Usage limits:

  • Basic namespaces: 10 calls per 24 hours
  • Pro namespaces: 1000 calls per 24 hours

Use Bearer Token authentication when calling the Open API:

http
Authorization: Bearer <api-key>

Security note: do not write API keys into logs, documents, URLs, or chat context. For the full request parameters and response schemas, refer to the Swagger documentation and SKILL.md.