openapi: 3.1.0 info: title: S/ASH B2B Session API version: 1.0.0 description: | API for partner backends to create and manage S/ASH coding sessions. Authenticate with a partner API key in Bearer format. servers: - url: https://slash.ai.kr security: - BearerApiKey: [] tags: - name: Sessions description: B2B coding session lifecycle paths: /api/b2b/sessions: post: tags: [Sessions] summary: Create session operationId: createSession requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateSessionRequest' examples: default: value: externalUserId: user-123 envVars: FIRMWARE_TARGET: stm32f4 template: slash-opencode timeoutMs: 3600000 autoStartOpenCode: true metadata: project: pcb-firmware responses: '201': description: Session created content: application/json: schema: $ref: '#/components/schemas/SessionResponse' '400': $ref: '#/components/responses/ValidationError' '401': $ref: '#/components/responses/UnauthorizedError' '409': $ref: '#/components/responses/ConflictError' /api/b2b/sessions/{id}: parameters: - $ref: '#/components/parameters/SessionId' get: tags: [Sessions] summary: Get session status operationId: getSession responses: '200': description: Session status content: application/json: schema: $ref: '#/components/schemas/SessionResponse' '401': $ref: '#/components/responses/UnauthorizedError' '404': $ref: '#/components/responses/NotFoundError' delete: tags: [Sessions] summary: Destroy session operationId: destroySession responses: '200': description: Session destroyed content: application/json: schema: type: object properties: status: type: string example: destroyed required: [status] '401': $ref: '#/components/responses/UnauthorizedError' '404': $ref: '#/components/responses/NotFoundError' /api/b2b/sessions/{id}/pause: parameters: - $ref: '#/components/parameters/SessionId' post: tags: [Sessions] summary: Pause session operationId: pauseSession responses: '200': description: Session paused content: application/json: schema: type: object properties: status: type: string example: paused required: [status] '401': $ref: '#/components/responses/UnauthorizedError' '404': $ref: '#/components/responses/NotFoundError' '409': $ref: '#/components/responses/ConflictError' /api/b2b/sessions/{id}/resume: parameters: - $ref: '#/components/parameters/SessionId' post: tags: [Sessions] summary: Resume session operationId: resumeSession requestBody: required: false content: application/json: schema: type: object properties: autoStartOpenCode: type: boolean default: true example: true responses: '200': description: Session resumed content: application/json: schema: type: object properties: status: type: string example: running sandboxId: type: string example: sbx_abc123 sandboxUrl: type: string example: https://51234-sbx_abc123.e2b.app required: [status, sandboxId, sandboxUrl] '401': $ref: '#/components/responses/UnauthorizedError' '404': $ref: '#/components/responses/NotFoundError' '409': $ref: '#/components/responses/ConflictError' /api/b2b/sessions/{id}/launch-url: parameters: - $ref: '#/components/parameters/SessionId' post: tags: [Sessions] summary: Issue signed launch URL operationId: createLaunchUrl responses: '200': description: Signed launch URL content: application/json: schema: $ref: '#/components/schemas/LaunchUrlResponse' '401': $ref: '#/components/responses/UnauthorizedError' '404': $ref: '#/components/responses/NotFoundError' components: securitySchemes: BearerApiKey: type: http scheme: bearer bearerFormat: API Key (slash_<64 hex>) description: Partner API key in Bearer format. parameters: SessionId: name: id in: path required: true schema: type: string example: '42' schemas: CreateSessionRequest: type: object properties: externalUserId: type: string minLength: 1 example: user-123 envVars: type: object additionalProperties: type: string example: FIRMWARE_TARGET: stm32f4 template: type: string default: slash-opencode example: slash-opencode timeoutMs: type: integer minimum: 60000 maximum: 86400000 default: 3600000 example: 3600000 autoStartOpenCode: type: boolean default: true example: true metadata: type: object additionalProperties: type: string example: project: pcb-firmware required: [externalUserId] SessionResponse: type: object properties: sessionId: type: string example: '42' sandboxId: type: string example: sbx_abc123 status: type: string example: running sandboxUrl: type: string example: https://51234-sbx_abc123.e2b.app createdAt: type: string format: date-time example: '2026-04-07T12:34:56.000Z' required: [sessionId, sandboxId, status, sandboxUrl, createdAt] LaunchUrlResponse: type: object properties: url: type: string example: https://slash.ai.kr/workspace/?s=YmFzZTY0c2FuZGJveA%3D%3D&partner=7&ts=1744032000000&sig=abcdef expiresAt: type: number example: 1744032000000 required: [url, expiresAt] ErrorResponse: type: object properties: error: type: string example: Validation failed details: type: array items: type: object properties: field: type: string example: externalUserId message: type: string example: Required required: [field, message] required: [error] responses: ValidationError: description: Request validation failed content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: error: Validation failed details: - field: externalUserId message: Required UnauthorizedError: description: Missing or invalid API key content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: error: Unauthorized NotFoundError: description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: error: Session not found ConflictError: description: Resource state conflict content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: error: Session is already paused