Public APIs

Expose REST endpoints for external consumption

Your apps can expose REST APIs that external services call. API key authentication, webhooks, rate limiting, and full request logging. All built in.

Capabilities

REST Endpoints

Full HTTP support: GET, POST, PUT, PATCH, DELETE. Build APIs that do what you need.

API Key Authentication

Generate API keys with scopes and expiration. Control who can access what.

Public Endpoints

Optionally expose unauthenticated endpoints for webhooks or public data.

Webhook Support

Receive events from external services. Stripe payments, GitHub pushes, Slack commands.

Request Logging

Full audit trail of API requests and responses. Debug issues, track usage.

Rate Limiting

Built-in protection against abuse. Configure limits per key or endpoint.

Use Cases

Mobile app backends Third-party integrations Webhook receivers Partner APIs IoT data ingestion Public data feeds

Why It Matters

APIs are first-class citizens. Not an afterthought.
Hosted at api.{workspace}.runwork.ai. No infrastructure to manage.
Schema validation ensures data quality
Full request/response logging for debugging and compliance

How It Works

Public APIs in Runwork let your apps expose REST endpoints that external services can call. Whether you're building a mobile app backend, receiving webhooks from third parties, or providing partner integrations, APIs give you full control over how external systems interact with your workspace.

Creating an API endpoint is part of app development. Define routes, HTTP methods (GET, POST, PUT, DELETE), and handler logic. Your handlers can access workspace entities, call integrations, trigger automations, or invoke AI agents. The Work Assistant can generate API endpoints from descriptions like "create an endpoint that receives Stripe webhooks and updates customer payment status."

Authentication is built in. Generate API keys with specific scopes and expiration dates. Control which keys can access which endpoints. For webhooks that need to be publicly accessible, you can create unauthenticated endpoints with signature verification for services like Stripe or GitHub.

Every request is logged with full request and response details. Track usage patterns, debug issues, and maintain compliance audit trails. Rate limiting protects against abuse—configure limits per API key or per endpoint to prevent any single consumer from overwhelming your services.

Frequently Asked Questions

What are Public APIs in Runwork?

Public APIs are REST endpoints your apps expose for external consumption. They can power mobile app backends, receive webhooks from services like Stripe or GitHub, provide partner integrations, or serve public data feeds. APIs are hosted at your workspace domain with no infrastructure to manage.

How does API authentication work?

Generate API keys through the dashboard with configurable scopes and expiration dates. Keys authenticate requests and determine access levels. For webhook endpoints that need public access, you can create unauthenticated routes with signature verification for security.

Can I receive webhooks from external services?

Yes. Create public endpoints that receive webhook payloads from services like Stripe, GitHub, Slack, or any service that sends HTTP callbacks. Your handler processes the webhook data and can update entities, trigger automations, or perform any other workspace action.

Is there rate limiting for APIs?

Yes. Built-in rate limiting protects your APIs from abuse. Configure limits per API key or per endpoint. When limits are exceeded, requests receive appropriate HTTP responses. This ensures reliable performance even with high-volume consumers.

Related Features

Data & Entities Integrations Apps

See How Teams Use Public APIs

SaaS Teams Agencies CTOs

Ready to try Public APIs?

Start vibe-coding with Runwork today.

Get Started Explore More Features