API Reference

Source-of-truth API docs generated from currently implemented routes.

External Agent Setup GuideOpen Interactive DocsDownload OpenAPI YAML

Connect an AI agent to Laserreach

Create a scoped token for Claude Cowork, Codex, or your own agent client. The normal setup gives the agent Laserreach API access while hosted run control stays off.

1. Create token
Organization-scoped and revocable.
2. Copy setup
Bearer token, org header, capabilities URL.
3. Hand to agent
Follow the plain-language setup guide.
Connect AI AgentView Setup Guide

Authentication Reality

Most assistant and ABM agent API operations accept JWTs, external-agent tokens, or route-supported API keys through the same header:

Authorization: Bearer <jwt_or_external_agent_token_or_api_key>

Organization-scoped ABM agent calls use:

X-Org-ID: <org_id>

What This Spec Covers

  • Assistant APIs (CRUD, capabilities, messaging, automation lifecycle, knowledge operations)
  • Plugin/tool APIs (`/plugins` create/list/update/run)
  • ABM route catalog under `/api/abm/*` and adjacent `/api/*` platform surfaces
  • ABM business-hours + LinkedIn safety controls (`/api/abm/business-hours`, `/api/abm/linkedin/accounts*`)
  • Inbound integrations (HubSpot, Slack, Apollo webhooks, visitor tracking)
  • Account/auth and user endpoints used by API clients (`/api_keys`, `/generate_api_key`, `/auth/*`, `/user/*`)

Not every endpoint accepts ordinary API keys. External-agent tokens are the supported self-serve path for Claude Cowork and other ABM agent clients.

External Agent Setup

  1. Open Organization Settings, then External Agents.
  2. Create a Claude Cowork token and copy the one-time token value.
  3. Give the agent the copied setup instructions, including the bearer token, org header, capabilities URL, and read/list run URL.
Authorization: Bearer <external_agent_token>
X-Org-ID: <org_id>
Capabilities URL: https://api.laserreach.com/api/abm/agent/capabilities
Run URL (read/list by default): https://api.laserreach.com/api/abm/agent-runs

Start from the capabilities endpoint. It returns the route groups available to the token, including memory, guidance, policies, workspace, schedules, recommendations, browser, content, ads, and intel.

Most local agents should not start or control Laserreach-hosted runs. Run creation, steering, cancellation, retry, and pruning require the explicit `agent-runs:control` scope because those calls can consume Laserreach execution resources.

An external agent can use its own model provider for planning and decisions, then call specific Laserreach APIs. Laserreach executes API actions and still enforces token scopes, org binding, outbound controls, approval gates, and governance settings.

For a non-technical walkthrough, use the External AI Agent Setup guide.

Quick API-Key Flow

# 1) Create assistant
curl -X POST "https://api.laserreach.com/assistants" \
  -H "Authorization: Bearer <api_key>" \
  -H "Content-Type: application/json" \
  -d '{"name":"Demo Assistant","prompt":"You are helpful.","model":"gpt-5.4-nano"}'

# 2) Create thread
curl -X POST "https://api.laserreach.com/assistants/<owner>/<bot_id>/threads" \
  -H "Authorization: Bearer <api_key>" \
  -H "Content-Type: application/json" \
  -d '{"name":"First Thread"}'

# 3) Send message
curl -X POST "https://api.laserreach.com/assistants/<owner>/<bot_id>/threads/<thread_id>" \
  -H "Authorization: Bearer <api_key>" \
  -H "Content-Type: application/json" \
  -d '{"message":"Hello"}'
Open the live endpoint catalog in Swagger UI →