REST API
Hit Codexroom directly from any service.
The REST API mirrors the MCP tools for direct server-to-server integrations. Service tokens authenticate. The structured error envelope holds across every endpoint.
Authentication
Service tokens with bearer auth.
Service tokens issued per workspace. Bearer auth on every request. Token revocation through the admin UI or the API itself.
Endpoints by resource
Eight resource groups. The shape stays consistent.
Tokens
GET
/api/tokensPOST
/api/tokensPATCH
/api/tokens/:idPOST
/api/tokens/:id/publishSlot types
GET
/api/slot-typesPOST
/api/slot-typesPATCH
/api/slot-types/:idTemplates
GET
/api/templatesPOST
/api/templatesPATCH
/api/templates/:idPOST
/api/templates/:id/publishAssets
GET
/api/assetsPOST
/api/assets/queryPOST
/api/assetsPATCH
/api/assets/:idDecks
POST
/api/decksGET
/api/decks/:idPATCH
/api/decks/:idPOST
/api/decks/:id/validatePOST
/api/decks/:id/render-htmlShares
POST
/api/decks/:id/sharesGET
/api/decks/:id/sharesPATCH
/api/shares/:idPOST
/api/shares/:id/revokePOST
/api/shares/:id/rotate-tokenAnalytics
GET
/api/decks/:id/analyticsGET
/api/shares/:id/sessionsExports
POST
/api/decks/:id/export/pdfPOST
/api/decks/:id/export/pptxThe error envelope
One typed shape across every endpoint.
Every error returns a typed JSON body with code, message, details, and a request_id. The full vocabulary lives in the API spec.
Webhooks
Signed events for shares, decks, and templates.
Subscribe to events on shares, decks, and templates. Events POST to a URL you supply with HMAC-SHA256 signatures.
Rate limits
Published per endpoint.
Published per endpoint. Documented in headers on every response.
See it work