ZOYYA documentation

Current Web API

Current Web API

These are the session-backed routes used by the ZOYYA web app today. They are useful for understanding the product surface, but they are not a stable public /api/v1 contract yet. All endpoints require a session cookie unless noted. Resource access is scoped to the caller's active org, set via POST /api/active-org.

Auth

BetterAuth handles signup / signin / signout under /api/auth/*. See BetterAuth docs for the canonical reference.

Orgs

VerbPathNotes
GET/api/orgsList the caller's memberships
POST/api/orgsCreate a team org { name, slug }
GET/api/orgs/:slug/membersMembers + invites of an org
POST/api/orgs/:slug/membersInvite by email { email, role }
POST/api/active-orgSwitch active org { slug }
POST/api/invites/:token/acceptAccept an invite (sets active-org cookie)

Runs

VerbPathNotes
GET/api/runsList runs in active org
POST/api/runsStart a run { objective }. Rate-limited.
GET/api/runs/:idRun summary; 404 if not in active org
GET/api/runs/:id/stepsPaginated steps
GET/api/runs/:id/streamServer-Sent-Events live trace
POST/api/runs/:id/haltHalt an active run
GET/api/orgs/:slug/queueTasks waiting at the concurrency cap (202-queued)
DELETE/api/orgs/:slug/queue/:idRemove a still-waiting queued task (browser session only)

Billing

VerbPathNotes
GET/api/billing/subscriptionCurrent plan, status, period
POST/api/billing/checkoutCreate payment invoice { planSlug, currency? }
POST/api/billing/webhookNOWPayments IPN. HMAC-verified.
POST/api/billing/mayar-webhookMayar payment webhook. URL-secret guarded.
POST/api/billing/cancelMark cancellation at period end

Status

VerbPathNotes
GET/api/statusPublic. JSON snapshot of every dependency

Stats

VerbPathNotes
GET/api/statsAggregate run/llm/tool stats for the active org