Information
- OpenAPI version:
3.1.0
HTTP/JSON control-plane API for the core-switch SIP platform.
Every protected endpoint requires a JWT passed as
Authorization: Bearer <jwt>. There are two ways to obtain one:
POST /v1/login with
Authorization: Bearer <api-key> returns a full JWT
({"token": "...", "type": "full"}). Service users authenticate this
way; there is no second factor on the API-key path.POST /v1/ns/{nsid}/login or
POST /v1/pt/{ptid}/login with a username-or-email + password body,
scoped to the namespace or partition that owns the user. The response
branches on the user’s TOTP state: a user with no second factor gets a
short-lived bootstrap token (only the TOTP-enrollment endpoints are
open) so they can enroll one; a user with TOTP gets a 2fa-required
challenge, exchanged for a full JWT via the matching .../login/2fa
endpoint.The JWT is automatically re-minted on a 401 response.
All errors follow RFC 7807 Problem Details (application/problem+json).
The type field carries a slug URI; known slugs:
unauthorized, invalid-input, namespace-not-found,
namespace-version-not-found, partition-not-found, peer-not-found,
yaml-parse-failed, config-validation-failed, config-apply-failed,
patch-apply-failed, request-too-large, internal, precondition-failed,
conflict, not-descendant, schema-version-mismatch, not-acceptable,
unsupported-media-type, vm-box-not-found, vm-box-conflict,
line-not-found, line-invalid, line-forbidden, lcr-table-not-found,
lcr-version-not-found, lcr-route-not-found, lcr-invalid,
lcr-unknown-trunks, lcr-upload-not-found, lcr-upload-state-invalid,
lcr-upload-expired, lcr-row-limit-exceeded, lcr-table-in-use,
lcr-not-implemented, user-not-found, credential-not-found,
weak-password.
Config endpoints accept application/yaml or application/json bodies.
GET /v1/ns/{nsid}/config/{version} returns bare YAML by default; send
Accept: application/json+yaml to receive a ConfigVersionEnvelope.
Security scheme type: http
Bearer format: JWT