Gate Agent API Reference
All core agent endpoints, request schemas, response objects, webhooks, signed approval tokens, tool rules, and error handling in one place.
The Gate URL shown in examples is a placeholder. Each customer supplies their own STACKSONA_GATE_URL, usually shaped like https://{gate-id}.stacksona.cloud, and their own agent key. Agent keys are Bearer tokens, are created when an agent is registered, and start with sg_.
Base URL and authentication
Every agent API request uses the same base URL and authorization pattern.
| Value | What it means | Example placeholder |
|---|---|---|
STACKSONA_GATE_URL | Your Stacksona Gate endpoint. Hosted Gate domains use your assigned Gate ID. | https://{gate-id}.stacksona.cloud |
STACKSONA_API_KEY | Your agent key. It is sent as a Bearer token and starts with sg_. | sg_your_agent_key |
export STACKSONA_GATE_URL="https://{gate-id}.stacksona.cloud"
export STACKSONA_API_KEY="sg_your_agent_key"Authorization: Bearer sg_your_agent_key
Content-Type: application/jsonAPI keys are shown only once at creation and are hashed before storage. If a key is lost, regenerate it from Admin → Agents → Regenerate key.
Endpoint overview
| Method | Path | Purpose |
|---|---|---|
| POST | /api/agent/tasks/{taskID}/events | Log a task event into the reviewer timeline. Also used for revision events. |
| POST | /api/agent/tasks/{taskID}/requests | Ask Gate whether the agent may proceed with a proposed action. |
| GET | /api/agent/decisions | Poll for a decision by thread_id or task_id. |
| POST | /api/agent/approvals/validate | Validate a one-time signed approval token before executing a gated tool. |
| POST | Your webhook URL | Receive outbound decision notifications from Gate when a reviewer decides. |
First successful call
Start here when building a direct API, HTTP node, webhook, sidecar, or platform recipe. Send the proposed action to Gate before the workflow executes the risky step.
curl -X POST "$STACKSONA_GATE_URL/api/agent/tasks/task-abc-123/requests" \
-H "Authorization: Bearer $STACKSONA_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_name": "Customer Support",
"task_label": "Refund request - Order #8821",
"tool_name": "issue_refund",
"subject": "Issue refund of $500 to customer cus_99",
"preview": "Item never arrived per carrier.",
"risk_level": "high",
"summary": [
"Order placed 14 days ago via web",
"No tracking movement after day 2",
"1 prior refund in past 12 months"
],
"payload": {
"amount": 500,
"currency": "usd",
"order_id": "ord_8821",
"customer_id": "cus_99"
}
}'1. Log an event
Use events to give reviewers context throughout the task lifecycle.
/api/agent/tasks/{taskID}/events| Field | Required | Description |
|---|---|---|
event_type | Yes | Dot-separated event type, such as task.started or step.completed. For revisions, use revision.{taskID}.{threadID}. |
event_summary | Yes | Human-readable summary shown in the reviewer timeline. |
payload | No | Any JSON object with extra context. |
images | No | Array of base64-encoded images. Images auto-attach to the event. |
curl -X POST "$STACKSONA_GATE_URL/api/agent/tasks/task-abc-123/events" \
-H "Authorization: Bearer $STACKSONA_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"event_type": "task.started",
"event_summary": "Customer requested refund for order #8821",
"payload": {
"customer_id": "cus_99",
"order_id": "ord_8821"
},
"images": ["data:image/png;base64,iVBORw0KG..."]
}'201 Created with an empty body.
Revision events
Use revision events when a reviewer asks the agent to change a pending request before approval. The agent sends another event to the same pending review thread with the updated request payload.
Revision events only apply while the target thread is still awaiting a reviewer decision, such as needs_review or escalated. Once a thread is approved or denied, that decision is final for the thread.
{
"event_type": "revision.task-abc-123.THR-XXXXXXXX",
"event_summary": "Agent revised the request after reviewer feedback.",
"payload": {
"revision": {
"revision_id": "rev-002",
"workflow_name": "Customer Support",
"task_label": "Refund request - Order #8821",
"tool_name": "issue_refund",
"subject": "Approve conditional refund for customer cus_99",
"preview": "Refund releases only after the prepaid return label is scanned.",
"risk_level": "high",
"summary": [
"Reviewer requested a conditional refund",
"Agent revised the proposal to wait for return-label scan"
],
"request_payload": {
"amount": 500,
"currency": "usd",
"release_condition": "return_label_scanned"
}
}
}
}The revision payload should include a stable revision_id, the updated request fields, and the revised tool payload that Gate should evaluate through the standard decision rules. Each new revision supersedes the earlier pending revision on that thread.
2. Request a decision
Use this endpoint at the action point. Gate evaluates the request against tool rules and either auto-decides or creates a review thread.
/api/agent/tasks/{taskID}/requests| Field | Required | Description |
|---|---|---|
workflow_name | Yes | Name of the workflow running the task. |
task_label | Yes | Short label shown to reviewers. |
tool_name | Yes | Exact name of the registered tool. |
subject | Yes | One-line description shown as the thread title. |
preview | No | Short text shown in the thread list. |
risk_level | No | low, medium, high, or critical. |
summary | No | Array of context bullet points shown to the reviewer before logs. |
payload | No | Tool parameters. Matched against rules and shown to the reviewer. |
images | No | Array of base64-encoded images. Images auto-attach to the request. |
Response fields
| Field | Description |
|---|---|
status | allow, reject, or pending_review. |
thread_id | Gate thread ID. Present when a review thread was created. |
task_id | Your original task ID. |
message | Human-readable reason or decision message. |
recommended_poll_after_seconds | Suggested interval before polling again. |
If the response is allow, proceed immediately. If it is reject, do not execute. If it is pending_review, poll or wait for a webhook before continuing.
3. Poll for a decision
Use polling for short review loops or as a fallback when webhooks fail.
/api/agent/decisions| Query parameter | Description |
|---|---|
thread_id | Preferred. Returned by the decision request. |
task_id | Alternative to thread_id. |
curl "$STACKSONA_GATE_URL/api/agent/decisions?thread_id=THR-4F2A9C1B" \
-H "Authorization: Bearer $STACKSONA_API_KEY"Polling response
| Field | Type | Description |
|---|---|---|
status | string | approved or rejected for completed reviews. Pending states may continue while the reviewer has not decided. |
thread_id | string | Gate thread ID. |
task_id | string | Your original task ID. |
message | string | Reviewer or system message. |
approval_token | string | Returned only for approved decisions when signed tokens are enabled. |
token_expires_at | RFC3339 string | UTC expiry timestamp for the approval token. |
4. Validate a signed approval token
Use this endpoint when signed approval tokens are enabled for an agent. Do not execute the gated tool until server-side validation succeeds.
/api/agent/approvals/validate| Field | Required | Description |
|---|---|---|
task_id | Yes | The task ID bound to the approved decision. |
signature | Yes | The one-time approval token returned by Gate. |
curl -X POST "$STACKSONA_GATE_URL/api/agent/approvals/validate" \
-H "Authorization: Bearer $STACKSONA_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"task_id": "task-abc-123",
"signature": "APPROVAL_TOKEN"
}'If validation fails, returns invalid, times out, or the token is missing, do not execute the gated tool. Log the failure and request a fresh decision.
Signed approval tokens
When signed approval tokens are enabled in Admin → Agents, every approved decision includes a single-use token. Your agent sends that token back to Gate for validation before executing the gated tool.
| Rule | Meaning |
|---|---|
| Enabled per agent | Only agents with signed tokens enabled receive approval tokens. |
| Approved only | Tokens are returned only for approved outcomes, not rejected outcomes. |
| One-time use | Tokens are tied to the specific approval decision and protected against replay. |
| Server-side validation | Do not validate or consume approval tokens locally. |
Decision flow and statuses
| Status/action | Meaning | Workflow behavior |
|---|---|---|
allow | Auto-allowed by rule. No thread is created. | Proceed immediately. |
review | Human reviewer must decide in the inbox. | Wait for polling or webhook result. |
escalate | Review with elevated priority flag. | Wait for elevated review. |
reject | Auto-rejected by rule. No thread is created. | Do not proceed. |
pending_review | A review thread was created. | Poll or use webhook callback. |
approved | Reviewer approved. | Execute, and validate token first if signed tokens are enabled. |
rejected | Reviewer rejected. | Do not execute. |
Decision action priority is allow < review < escalate < reject. Configure higher-risk rules above broad allow rules so sensitive actions do not pass unintentionally.
Tool rules
Rules auto-decide based on parameters in the request payload. If no rule matches, the tool's default action applies.
| Rule type | Compares | Example |
|---|---|---|
upper_limit | Numeric value exceeds threshold | {"parameter":"amount","value":250,"action":"review"} |
lower_limit | Numeric value is below threshold | {"parameter":"confidence","value":0.8,"action":"allow"} |
between | Value falls between two numbers, inclusive | {"parameter":"amount","min":250,"max":1000,"action":"review"} |
contains | String contains substring, case-insensitive | {"parameter":"reason","value":"fraud","action":"reject"} |
regex | String matches regex pattern | {"parameter":"email","pattern":".*@competitor\\.com$","action":"review"} |
- 1Create or open a tool.
Go to Admin → Tools, then select the tool that maps to the agent action.
- 2Add a rule.
Select the rule type, parameter, threshold or pattern, and action.
- 3Match payload keys exactly.
The rule parameter must match a key in the request payload, such as
amount,email, orreason.
Webhooks
Configure a webhook URL per agent in Admin → Agents → Update transport. Gate posts to that URL when a reviewer decides.
{
"thread_id": "THR-4F2A9C1B",
"task_id": "task-abc-123",
"decision": "approved",
"message": "Approved. Verified with customer history.",
"tenant_id": "<your-tenant-uuid>",
"workflow_name": "Customer Support",
"task_label": "Refund request - Order #8821"
}Gate retries up to 3 times on non-2xx responses. For critical workflows, implement polling as a fallback.
Response object fields
| Field | Type | Description |
|---|---|---|
status | string | allow, reject, pending_review, approved, or rejected. |
thread_id | string | Gate thread ID. Present when a review thread was created. |
task_id | string | Your task ID. |
message | string | Human-readable explanation. |
recommended_poll_after_seconds | integer | Suggested polling interval. |
approval_token | string | One-time token returned only on approved decisions when signed tokens are enabled. |
token_expires_at | RFC3339 string | UTC expiry timestamp for approval_token. |
Errors
| Status | Meaning |
|---|---|
400 | Missing required fields or invalid parameter. |
401 | Missing or invalid API key. |
403 | API or polling disabled, or the agent is paused or revoked. |
404 | Thread or task ID not found for this agent. |
500 | Server-side error. Contact your Gate administrator. |
Most errors are returned as plain text. Token validation errors from POST /api/agent/approvals/validate are returned as JSON, for example {"valid": false, "reason": "invalid"}. Always check the HTTP status code first.