API Reference

Understand how WakeLink combines REST endpoints, WebSocket relay sessions, and EWSP end-to-end encryption into one control plane.

ℹ️Info

WakeLink exposes three complementary surfaces: the FastAPI REST API under /api/v1, a relay WebSocket endpoint at /wss, and the EWSP encrypted payload format used inside those sessions.

Base endpoints

Surface	Endpoint	Purpose
REST API	`/api/v1`	Account, agent, device, release, and admin HTTP endpoints.
WebSocket relay	`/wss`	Long-lived relay sessions for firmware agents and interactive clients.
OpenAPI JSON	`/api/openapi.json`	Machine-readable schema generated from FastAPI routes.
Interactive viewers	`/api/docs /api/redoc`	Swagger UI and ReDoc consoles served by the relay.

bash

curl https://wakelink-project.org/api/v1/auth/config
wscat -c wss://wakelink-project.org/wss

Authentication model

WakeLink separates account authentication from device routing and from end-to-end encryption. Human-operated clients use the account-level wl_… token for REST calls, firmware agents use per-device wld_… tokens for relay authentication, and EWSP derives per-session encryption keys from the separate agent_token secret shared only between client and agent.

http

POST /api/v1/auth/login
{ "username": "alice", "password": "Secure1!", "totp_code": "123456" }

→ { "access_token": "eyJ...", "user": { "api_token": "wl_..." } }

POST /api/v1/auth/session
Authorization: Bearer ***

→ { "session_token": "wls_...", "expires_at": "2026-01-04T12:00:00Z" }

💡Tip

Use /auth/token/rotate when a wl_… account token may be compromised. Use /agents/${agent_id}/rotate-token when you need to revoke a single device relay token without affecting the rest of the account.

Core surfaces

REST API

Open REST reference

WebSocket Protocol

Understand client and agent authentication, ping/pong keepalives, device status messages, and relay forwarding rules.

Open WebSocket reference

EWSP Wire Format

Review handshake messages, session identifiers, sequence counters, and encrypted payload framing.

Open EWSP reference

OpenAPI Spec

Inspect the live schema, copy request models, or generate client bindings directly from the deployed relay.

Open OpenAPI viewer

OTA and admin

The same API surface also exposes operational helpers for firmware rollouts and observability. Firmware clients can call GET /releases/check to discover the latest published release, while operators can query health and admin statistics endpoints when running the full stack.

http

GET /api/v1/releases/check?channel=stable&version=1.0.0
Authorization: Bearer ***

GET /api/v1/admin/stats
Authorization: Bearer ***

Next steps

REST API — concrete request and response examples
WebSocket Protocol — implement a custom client or relay monitor
EWSP Wire Format — true end-to-end command interoperability
OpenAPI Spec — inspect the live production schema

OTA Updates REST API