The entire public API: four operations. Generated from /openapi.json.
Everything below is generated from /openapi.json, which you can point a client generator at.
AuthenticationEvery call carries a Latch access token: Authorization: Bearer lat_…. The token identifies the latch, which binds the upstream, the credential, and the policy pipeline. It is the only credential you ever hold.
GET
/proxy/{path}
Forward a request upstream through the policy pipeline
Evaluates the latch's filter pipeline against this request. If every filter allows it, Latch
injects the real credential and forwards the request to the latch's upstream, then returns the
upstream's response to you verbatim (status, headers, and body, including streamed responses).
The path after /proxy/ is passed through to the upstream, so /proxy/v1/chat/completions
reaches <upstream>/v1/chat/completions. Query strings are forwarded. Non-JSON bodies are
forwarded byte-for-byte.
All HTTP methods are accepted, not only the ones enumerated here; the pipeline decides which
the latch actually permits (see the method filter).
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
| path required |
path |
Upstream path, forwarded as-is. |
Responses
| Code | Meaning |
|---|
| 200 |
The upstream's response, returned verbatim. |
| 400 |
Malformed request (for example, the evaluation-depth ceiling was exceeded). |
| 401 |
Missing or invalid access token. |
| 403 |
Denied by policy. The pipeline evaluated and a filter said no; the request never reached the upstream and the credential was never used. deniedBy names the filter. |
| 404 |
No mount on this latch matches the request path. |
| 429 |
Rate limited. Sent when a rate_limit filter trips, or when the per-latch global ceiling does. Retry-After gives the wait in seconds. |
| 502 |
The upstream, or the policy enclave, could not be reached or returned garbage. |
POST
/proxy/{path}
Forward a request upstream through the policy pipeline
Evaluates the latch's filter pipeline against this request. If every filter allows it, Latch
injects the real credential and forwards the request to the latch's upstream, then returns the
upstream's response to you verbatim (status, headers, and body, including streamed responses).
The path after /proxy/ is passed through to the upstream, so /proxy/v1/chat/completions
reaches <upstream>/v1/chat/completions. Query strings are forwarded. Non-JSON bodies are
forwarded byte-for-byte.
All HTTP methods are accepted, not only the ones enumerated here; the pipeline decides which
the latch actually permits (see the method filter).
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
| path required |
path |
Upstream path, forwarded as-is. |
Responses
| Code | Meaning |
|---|
| 200 |
The upstream's response, returned verbatim. |
| 400 |
Malformed request (for example, the evaluation-depth ceiling was exceeded). |
| 401 |
Missing or invalid access token. |
| 403 |
Denied by policy. The pipeline evaluated and a filter said no; the request never reached the upstream and the credential was never used. deniedBy names the filter. |
| 404 |
No mount on this latch matches the request path. |
| 429 |
Rate limited. Sent when a rate_limit filter trips, or when the per-latch global ceiling does. Retry-After gives the wait in seconds. |
| 502 |
The upstream, or the policy enclave, could not be reached or returned garbage. |
PUT
/proxy/{path}
Forward a request upstream through the policy pipeline
Evaluates the latch's filter pipeline against this request. If every filter allows it, Latch
injects the real credential and forwards the request to the latch's upstream, then returns the
upstream's response to you verbatim (status, headers, and body, including streamed responses).
The path after /proxy/ is passed through to the upstream, so /proxy/v1/chat/completions
reaches <upstream>/v1/chat/completions. Query strings are forwarded. Non-JSON bodies are
forwarded byte-for-byte.
All HTTP methods are accepted, not only the ones enumerated here; the pipeline decides which
the latch actually permits (see the method filter).
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
| path required |
path |
Upstream path, forwarded as-is. |
Responses
| Code | Meaning |
|---|
| 200 |
The upstream's response, returned verbatim. |
| 400 |
Malformed request (for example, the evaluation-depth ceiling was exceeded). |
| 401 |
Missing or invalid access token. |
| 403 |
Denied by policy. The pipeline evaluated and a filter said no; the request never reached the upstream and the credential was never used. deniedBy names the filter. |
| 404 |
No mount on this latch matches the request path. |
| 429 |
Rate limited. Sent when a rate_limit filter trips, or when the per-latch global ceiling does. Retry-After gives the wait in seconds. |
| 502 |
The upstream, or the policy enclave, could not be reached or returned garbage. |
PATCH
/proxy/{path}
Forward a request upstream through the policy pipeline
Evaluates the latch's filter pipeline against this request. If every filter allows it, Latch
injects the real credential and forwards the request to the latch's upstream, then returns the
upstream's response to you verbatim (status, headers, and body, including streamed responses).
The path after /proxy/ is passed through to the upstream, so /proxy/v1/chat/completions
reaches <upstream>/v1/chat/completions. Query strings are forwarded. Non-JSON bodies are
forwarded byte-for-byte.
All HTTP methods are accepted, not only the ones enumerated here; the pipeline decides which
the latch actually permits (see the method filter).
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
| path required |
path |
Upstream path, forwarded as-is. |
Responses
| Code | Meaning |
|---|
| 200 |
The upstream's response, returned verbatim. |
| 400 |
Malformed request (for example, the evaluation-depth ceiling was exceeded). |
| 401 |
Missing or invalid access token. |
| 403 |
Denied by policy. The pipeline evaluated and a filter said no; the request never reached the upstream and the credential was never used. deniedBy names the filter. |
| 404 |
No mount on this latch matches the request path. |
| 429 |
Rate limited. Sent when a rate_limit filter trips, or when the per-latch global ceiling does. Retry-After gives the wait in seconds. |
| 502 |
The upstream, or the policy enclave, could not be reached or returned garbage. |
DELETE
/proxy/{path}
Forward a request upstream through the policy pipeline
Evaluates the latch's filter pipeline against this request. If every filter allows it, Latch
injects the real credential and forwards the request to the latch's upstream, then returns the
upstream's response to you verbatim (status, headers, and body, including streamed responses).
The path after /proxy/ is passed through to the upstream, so /proxy/v1/chat/completions
reaches <upstream>/v1/chat/completions. Query strings are forwarded. Non-JSON bodies are
forwarded byte-for-byte.
All HTTP methods are accepted, not only the ones enumerated here; the pipeline decides which
the latch actually permits (see the method filter).
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
| path required |
path |
Upstream path, forwarded as-is. |
Responses
| Code | Meaning |
|---|
| 200 |
The upstream's response, returned verbatim. |
| 400 |
Malformed request (for example, the evaluation-depth ceiling was exceeded). |
| 401 |
Missing or invalid access token. |
| 403 |
Denied by policy. The pipeline evaluated and a filter said no; the request never reached the upstream and the credential was never used. deniedBy names the filter. |
| 404 |
No mount on this latch matches the request path. |
| 429 |
Rate limited. Sent when a rate_limit filter trips, or when the per-latch global ceiling does. Retry-After gives the wait in seconds. |
| 502 |
The upstream, or the policy enclave, could not be reached or returned garbage. |
GET
/proxy/.well-known/latch-capabilities
What is this latch allowed to do?
Returns the latch's effective capabilities: its mounts, their upstreams, and the filters that
will be applied. An agent can call this to discover its own scope instead of probing the
upstream and collecting denials.
Reflects the *effective* pipeline, so inherited filters from a parent latch are included.
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
The latch's capabilities. |
| 401 |
Missing or invalid access token. |
GET
/proxy/.well-known/latch-self/whoami
Who am I, and what do I front?
The calling latch's own id and its mount table: each mount's name and, for proxy mounts, its upstream. The first call an agent should make.
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
Who am I, and what do I front? |
| 401 |
Missing or invalid access token. |
GET
/proxy/.well-known/latch-self/capabilities
What am I allowed to do?
The latch's effective capabilities, including filters inherited from a parent. Same body as /proxy/.well-known/latch-capabilities, which is kept for backward compatibility.
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
What am I allowed to do? |
| 401 |
Missing or invalid access token. |
GET
/proxy/.well-known/latch-self/budget
How much of my daily spend is left?
The latch's spend cap and its live daily spend. Returns { "message": "No cost budget configured" } when the latch has no spend_limit filter and no legacy cost budget.
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
How much of my daily spend is left? |
| 401 |
Missing or invalid access token. |
GET
/proxy/.well-known/latch-self/metering
Per-mount request metrics for this latch
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
Per-mount request metrics for this latch |
| 401 |
Missing or invalid access token. |
GET
/proxy/.well-known/latch-self/audit
My own recent requests
The latch's last 20 audit entries: what it asked for, and what was decided.
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
My own recent requests |
| 401 |
Missing or invalid access token. |
GET
/proxy/.well-known/latch-self/sla
My bilateral agreement, and whether the policy satisfies it
Returns { "status": "none" } when the latch carries no SLA. Otherwise the SLA terms and the validation result against the effective pipeline.
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
My bilateral agreement, and whether the policy satisfies it |
| 401 |
Missing or invalid access token. |
POST
/proxy/.well-known/latch-self/authorize
Ask for a policy decision without executing the request
Runs the pipeline against a hypothetical request and returns the decision, without calling the
upstream and without using the credential. Use it to check a request before committing to it, or
to drive UI that only offers actions the latch actually permits.
The method and path are canonicalized exactly as /proxy canonicalizes them, so a decision here
matches what /proxy would do. (They diverged once; that was an auth bypass, and it is now a
shared code path.)
Parameters
| Name | In | Description |
|---|
| Authorization required |
header |
Bearer lat_... |
Responses
| Code | Meaning |
|---|
| 200 |
The decision. Note this is 200 even when the decision is deny: the endpoint answers the question successfully. A denial only becomes a 403 when you actually call /proxy. |
| 401 |
Missing or invalid access token. |
| 403 |
The latch itself is disabled or expired (as opposed to the request being denied). |