Team API Reference
Getting an API Key
Only team owners can create and manage API keys. The flow lives in your subscriber dashboard.
CI Pipeline) to identify the key, choose a role (Admin, Viewer, or Owner), and click Create Key.sctk_ followed by a prefix and secret. Copy it and store it somewhere safe.Authentication
All /v1 endpoints require a Team API key. Pass it in the Authorization header:
Authorization: Bearer sctk_<prefix>_<secret>You can also use the X-Team-Api-Key header instead.
Team Members
List Team Members
Retrieve all team members with their roles.
curl -s https://api.superclaws.io/v1/team/members \
-H "Authorization: Bearer $SC_API_KEY" | jq .Agents
List All Agents
Return all agents for your team.
curl -s https://api.superclaws.io/v1/agents \
-H "Authorization: Bearer $SC_API_KEY" | jq .Create an Agent
Create a new team agent. Requires a Telegram bot token from @BotFather.
curl -s -X POST https://api.superclaws.io/v1/agents \
-H "Authorization: Bearer $SC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"bot_token":"123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11"}' | jq .Get Agent Details
Retrieve details for a single agent by ID.
curl -s https://api.superclaws.io/v1/agents/<AGENT_ID> \
-H "Authorization: Bearer $SC_API_KEY" | jq .Approve Pairing
Approve pairing for an agent that is in the pairing setup step.
curl -s -X POST https://api.superclaws.io/v1/agents/<AGENT_ID>/pairing-approve \
-H "Authorization: Bearer $SC_API_KEY" \
-H "Content-Type: application/json" \
-d '{}' | jq .Assign an Agent
Assign an agent to a team member. Pass a user ID to assign, or null to unassign.
curl -s -X POST https://api.superclaws.io/v1/agents/<AGENT_ID>/assign \
-H "Authorization: Bearer $SC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"assigned_user_id":"<USER_ID>"}' | jq .To unassign:
curl -s -X POST https://api.superclaws.io/v1/agents/<AGENT_ID>/assign \
-H "Authorization: Bearer $SC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"assigned_user_id":null}' | jq .Reset Agent
Reset and reprovision an agent's server. Requires the bot token.
curl -s -X POST https://api.superclaws.io/v1/agents/<AGENT_ID>/reset \
-H "Authorization: Bearer $SC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"bot_token":"123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11"}' | jq .Reboot Agent
Reboot an agent's server.
curl -s -X POST https://api.superclaws.io/v1/agents/<AGENT_ID>/reboot \
-H "Authorization: Bearer $SC_API_KEY" \
-H "Content-Type: application/json" \
-d '{}' | jq .Dashboard Key Management
These routes are session-authenticated (dashboard login), not API-key authenticated. They require the team owner role.
List API Keys
curl -s https://api.superclaws.io/app/teams/<TEAM_ID>/api-keys \
-H "Cookie: sc_session=<SESSION_COOKIE>" | jq .Create an API Key
Returns the raw key once in the rawKey field — store it securely. It cannot be retrieved again.
curl -s -X POST https://api.superclaws.io/app/teams/<TEAM_ID>/api-keys \
-H "Cookie: sc_session=<SESSION_COOKIE>" \
-H "Content-Type: application/json" \
-d '{"label":"CI Pipeline","role":"admin"}' | jq .Revoke an API Key
curl -s -X DELETE https://api.superclaws.io/app/teams/<TEAM_ID>/api-keys/<KEY_ID> \
-H "Cookie: sc_session=<SESSION_COOKIE>" | jq .Permissions
/v1routes — any active Team API key for the team.- Dashboard key management — team owner only (session auth).
- Agent management on
/v1— key needsadminorownerrole. Currently all keys can access all endpoints; role enforcement can be tightened later.