Skip to main content
The HTTP channel exposes Curia as a REST API with real-time streaming via server-sent events (SSE). It’s built on Fastify and provides both synchronous request/response and asynchronous event streaming.

Endpoints

EndpointMethodDescription
/api/messagesPOSTSend a message to Curia
/api/messages/streamGETSubscribe to real-time events via SSE
/api/healthGETHealth check (no auth required)
/api/agents/statusGETAgent status information
For full endpoint documentation including request/response formats, see the HTTP API reference.

Authentication

All API endpoints (except /api/health) require a Bearer token in the Authorization header: 
Authorization: Bearer <your-API_TOKEN>
The token is the api_token value from the vault (generated by pnpm run setup). The web app uses session-based authentication with the web_app_bootstrap_secret instead.

Trust level

PropertyValue
Trust levelMedium
ReasoningBearer token authentication — stronger than email but weaker than local access or phone-verified Signal
Messages from the HTTP channel pass through the full dispatch pipeline including trust scoring. The medium trust level means HTTP requests start with a moderate trust baseline, modified by contact confidence and injection risk.

Streaming

The SSE endpoint (/api/messages/stream) delivers real-time events as they occur:
  • Agent responses
  • Skill invocations and results
  • System events
This enables building real-time interfaces on top of Curia without polling.

When to use the HTTP channel

  • Building integrations — connect external tools or services to Curia
  • Custom frontends — build a web UI or mobile app that talks to Curia
  • Automation — trigger Curia actions from scripts, cron jobs, or other systems
  • Webhooks — forward events from external services into Curia for processing

HTTP API reference

Complete endpoint documentation with request/response formats.

How channels work

Channel routing, trust levels, and the dispatch pipeline.