---
title: "Api"
description: "The `Api` entity."
section: "Reference"
group: "Types"
order: 11
---

## Definition

```ts
interface Api {
  id: string;
  workspaceId: string;
  handle: string;
  name: string;
  description: string | null;
  auth:
    | { kind: "public"; rateLimitPerMinute?: number | undefined }
    | { kind: "workspace_api_key" }
    | { kind: "oauth"; scope: string }
    | { kind: "event_signature"; secretSource: "secret_ref"; secretId: string };
  cors: {
    allowOrigins: Array<string>;
    allowCredentials?: boolean | undefined;
  } | null;
  rateLimit: { perMinute: number } | null;
  enabled: boolean;
  createdBy: string;
  createdAt: string;
  updatedAt: string;
}
```

## Fields

| Field         | Type                                                                                                                                                                                                                 | Notes                                                                                                                |
| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- |
| `id`          | `string`                                                                                                                                                                                                             | `readonly` `required`                                                                                                |
| `workspaceId` | `string`                                                                                                                                                                                                             | `required` — Workspace that owns this api.                                                                           |
| `handle`      | `string`                                                                                                                                                                                                             | `required` — Per-workspace handle that becomes the URL segment, e.g. 'orders'.                                       |
| `name`        | `string`                                                                                                                                                                                                             | `required` — Human-readable name.                                                                                    |
| `description` | `string \| null`                                                                                                                                                                                                     | `required` — Optional longer-form description of the api's purpose.                                                  |
| `auth`        | `{ kind: "public"; rateLimitPerMinute?: number \| undefined; } \| { kind: "workspace_api_key"; } \| { kind: "oauth"; scope: string; } \| { kind: "event_signature"; secretSource: "secret_ref"; secretId: string; }` | `required` — Default auth policy for endpoints under this api.                                                       |
| `cors`        | `{ allowOrigins: Array<string>; allowCredentials?: boolean \| undefined; } \| null`                                                                                                                                  | `required` — Default CORS policy for endpoints under this api; null means CORS isn't applied.                        |
| `rateLimit`   | `{ perMinute: number; } \| null`                                                                                                                                                                                     | `required` — Optional global rate limit applied across the whole api.                                                |
| `enabled`     | `boolean`                                                                                                                                                                                                            | `required` — Whether the api accepts traffic; false rejects requests.                                                |
| `createdBy`   | `string`                                                                                                                                                                                                             | `required` — User who created the api. Used as the run.userId fallback for public endpoints with no caller identity. |
| `createdAt`   | `string`                                                                                                                                                                                                             | `readonly` `required` — ISO-8601 timestamp of creation.                                                              |
| `updatedAt`   | `string`                                                                                                                                                                                                             | `readonly` `required` — ISO-8601 timestamp of the last update.                                                       |