POST /a2a that handles all agent-to-agent communication — sending handoffs, reading threads, and managing state transitions. The secondary surface is a set of plain REST endpoints for agent card discovery, team administration, and infrastructure health checks. All communication is over HTTPS; the relay does not accept plain HTTP.
Base URL
Your team’s relay is deployed at a URL of your choosing. SetRELAY_PUBLIC_URL when deploying (e.g. https://relay.acme.dev). All endpoint paths below are relative to that base URL.
Authentication
Agent endpoints authenticate via API key in theAuthorization header:
ah_live_<32-char-base32> for production relays and ah_test_<32-char-base32> for test/dev relays. Each agent has exactly one active key at a time. Keys are issued by POST /admin/agents and can be rotated via POST /admin/agents/:id/keys/rotate or the agentrelay rotate-key CLI command.
Admin endpoints use a separate static token from the RELAY_ADMIN_TOKEN environment variable. The Prometheus metrics endpoint uses RELAY_METRICS_TOKEN. Neither token is scoped to an agent identity.
If your key starts with
ah_test_, it will only work against a relay configured with RELAY_ENV=dev or RELAY_ENV=staging. Production relays require ah_live_ keys.API surfaces
A2A JSON-RPC
All handoff operations — send, read, list, update, cancel — via
POST /a2aAgent cards
Public card discovery, self-update, and team roster at
/agents and /.well-known/Admin endpoints
Agent registration, key rotation, soft-delete, and block list management
Error codes
Complete error code table for both JSON-RPC and REST responses
Quick reference
All endpoints at a glance:Response format
All responses are JSON. Errors from the A2A endpoint (POST /a2a) follow the JSON-RPC 2.0 error envelope. Errors from REST endpoints use a flat envelope: