Pramiti Docs

API Reference

REST API overview, authentication, and rate limiting

Pramiti exposes a comprehensive REST API with 121+ endpoints across 59 routers, organized by domain. The API supports three deployment modes with different endpoint sets.

API Entry Points

Entry PointFileEndpointsUse Case
Combinedmain.pyAll routersFull platform deployment
Aegis Onlyaegis_main.pyAegis + platform routersAction validation only
Epistom Onlyepistom_main.pyEpistom + platform routersSemantic intelligence only

Authentication

The API supports multiple authentication modes:

ModeWhenHow
demoLocal developmentX-Demo-User header
productionProduction deploymentJWT tokens via epistom_token cookie or Authorization: Bearer header
disabledTestingEPISTOM_AUTH_DISABLED=true (no auth check)

API keys (ek_* prefix) are supported for programmatic access with per-key rate limit buckets.

Rate Limiting

Rate limiting is applied per-key with the following priority:

  1. Demo user header (demo mode only)
  2. API key hash (SHA-256 prefix)
  3. X-Forwarded-For header
  4. Remote IP address
EPISTOM_RATE_LIMIT=100           # Requests per minute (0 = disabled)
EPISTOM_RATE_LIMIT_REDIS_URL=... # Required for multi-pod deployments

CSRF Protection

CSRF middleware is active when auth_mode != "demo". Frontend clients send X-Epistom-CSRF: 1 on state-mutating methods (POST, PUT, DELETE, PATCH).

Health Endpoints

GET /health           — Liveness probe
GET /readyz           — Readiness probe
GET /api/v1/health-check — Detailed health check

Sections

  • REST API — All endpoints grouped by domain
  • MCP Tools — The 8 MCP tools for agent connectivity

On this page