Catalog REST endpoints
Generated31 endpoints under `/v1`.
Auto-generated from the MarBoba OpenAPI spec, published at
api.marboba.com/v1/openapi.json.
GET /apis
List APIs in the catalog
Responses
- 200 — All APIs in the calling token’s org. Body: object
- 401 — . Body: (no body)
- 403 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_apis
POST /apis
Create an API
Request body
Request body (application/json): ApiInput
Responses
- 201 — Created. Body: object
- 400 — . Body: (no body)
- 401 — . Body: (no body)
- 403 — . Body: (no body)
Auth: BearerPAT
Operation ID: post_apis
DELETE /apis/{apiId}
Delete an API
Requires a Personal Access Token with admin scope. Org-scoped API Keys cannot delete.
Responses
- 204 — Deleted. Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: delete_apis-apiid
GET /apis/{apiId}
Get an API by id
Responses
- 200 — The requested API. Body: object
- 401 — . Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_apis-apiid
PATCH /apis/{apiId}
Update an API
Request body
Request body (application/json): ApiInput
Responses
- 200 — Updated. Body: object
- 400 — . Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: patch_apis-apiid
GET /apis/{apiId}/spec
Fetch the resolved OpenAPI spec for an API entity
Server-side fetch of the API’s specUrl. GitHub-hosted private specs are authenticated using the org’s VCS connection token; public URLs are fetched anonymously.
Responses
- 200 — Raw spec text + format hint + size. Body: object
- 400 — . Body: (no body)
- 404 — . Body: (no body)
- 502 — Upstream spec source returned a non-OK response. Body: Error
Auth: BearerPAT
Operation ID: get_apis-apiid-spec
GET /dependencies
List dependency edges
Responses
- 200 — All edges in the calling token’s org, newest first. Body: object
- 401 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_dependencies
POST /dependencies
Create a dependency edge
Records that from depends on to. Both endpoints must exist; self-loops and duplicate edges (same triple) are rejected.
Request body
Request body (application/json): DependencyEdgeInput
Responses
- 201 — Created. Body: object
- 400 — . Body: (no body)
- 401 — . Body: (no body)
- 409 — An edge with the same fromKind+fromId+toKind+toId+type already exists.. Body: Error
Auth: BearerPAT
Operation ID: post_dependencies
DELETE /dependencies/{edgeId}
Delete a dependency edge
Edges are immutable; to change one, delete and re-create. Requires admin scope (PAT only).
Responses
- 204 — Deleted. Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: delete_dependencies-edgeid
GET /domains
List domains
Responses
- 200 — All domains in the calling token’s org. Body: object
Auth: BearerPAT
Operation ID: get_domains
POST /domains
Create a domain
Request body
Request body (application/json): DomainInput
Responses
- 201 — Created. Body: object
- 400 — . Body: (no body)
- 401 — . Body: (no body)
Auth: BearerPAT
Operation ID: post_domains
DELETE /domains/{domainId}
Delete a domain
Requires a Personal Access Token with admin scope.
Responses
- 204 — Deleted. Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: delete_domains-domainid
GET /domains/{domainId}
Get a domain by id
Responses
- 200 — The requested domain. Body: object
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_domains-domainid
PATCH /domains/{domainId}
Update a domain
Request body
Request body (application/json): DomainInput
Responses
- 200 — Updated. Body: object
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: patch_domains-domainid
GET /resources
List resources in the catalog
Responses
- 200 — All resources in the calling token’s org. Body: object
- 401 — . Body: (no body)
- 403 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_resources
POST /resources
Create a resource
Request body
Request body (application/json): ResourceInput
Responses
- 201 — Created. Body: object
- 400 — . Body: (no body)
- 401 — . Body: (no body)
- 403 — . Body: (no body)
Auth: BearerPAT
Operation ID: post_resources
DELETE /resources/{resourceId}
Delete a resource
Requires a Personal Access Token with admin scope. Org-scoped API Keys cannot delete.
Responses
- 204 — Deleted. Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: delete_resources-resourceid
GET /resources/{resourceId}
Get a resource by id
Responses
- 200 — The requested resource. Body: object
- 401 — . Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_resources-resourceid
PATCH /resources/{resourceId}
Update a resource
Request body
Request body (application/json): ResourceInput
Responses
- 200 — Updated. Body: object
- 400 — . Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: patch_resources-resourceid
GET /scorecards
List scorecards
Responses
- 200 — All scorecards in the calling token’s org. Body: object
- 401 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_scorecards
POST /scorecards
Create a scorecard
Request body
Request body (application/json): ScorecardInput
Responses
- 201 — Created. Body: object
- 400 — . Body: (no body)
- 401 — . Body: (no body)
Auth: BearerPAT
Operation ID: post_scorecards
DELETE /scorecards/{scorecardId}
Delete a scorecard
Cascade-deletes the cached scores for this scorecard. Requires admin scope (PAT only).
Responses
- 204 — Deleted. Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: delete_scorecards-scorecardid
GET /scorecards/{scorecardId}
Get a scorecard
Responses
- 200 — The requested scorecard. Body: object
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_scorecards-scorecardid
PATCH /scorecards/{scorecardId}
Update a scorecard
Request body
Request body (application/json): ScorecardInput
Responses
- 200 — Updated. Body: object
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: patch_scorecards-scorecardid
GET /systems
List systems
Responses
- 200 — All systems in the calling token’s org. Body: object
- 401 — . Body: (no body)
- 403 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_systems
POST /systems
Create a system
Request body
Request body (application/json): SystemInput
Responses
- 201 — Created. Body: object
- 400 — . Body: (no body)
- 401 — . Body: (no body)
- 403 — . Body: (no body)
Auth: BearerPAT
Operation ID: post_systems
DELETE /systems/{systemId}
Delete a system
Requires a Personal Access Token with admin scope. Org-scoped API Keys cannot delete.
Responses
- 204 — Deleted. Body: (no body)
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: delete_systems-systemid
GET /systems/{systemId}
Get a system by id
Responses
- 200 — The requested system. Body: object
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_systems-systemid
PATCH /systems/{systemId}
Update a system
Request body
Request body (application/json): SystemInput
Responses
- 200 — Updated. Body: object
- 403 — . Body: (no body)
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: patch_systems-systemid
GET /users
List users (org members)
Read-only. Returns every employee in the calling token’s org plus the list of team ids each one belongs to.
Responses
- 200 — All users in the calling token’s org. Body: object
- 401 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_users
GET /users/{uid}
Get a user by uid
Responses
- 200 — The requested user. Body: object
- 404 — . Body: (no body)
Auth: BearerPAT
Operation ID: get_users-uid