Overview

Overview of the HeadlessX backend API surface, auth model, operator-first route families, and transport patterns.

by @saifyxpro

HeadlessX API Reference

This section documents the current backend HTTP surface for the HeadlessX API service.

API shape

The backend exposes three transport patterns:

  • standard REST routes under /api/*
  • Server-Sent Events for long-running or progressive workflows
  • a remote MCP endpoint at /mcp

Route families

AreaBase pathPurpose
Health/api/healthpublic health and route summary
System/api/config, /api/dashboard, /api/logs, /api/keys, /api/proxiesconfiguration and operations
Operators/api/operators/statusoperator catalog and availability
Website/api/operators/website/*scraping, map, crawl, content, screenshot, streams
Search/api/operators/google/ai-search/*, /api/operators/tavily/*, /api/operators/exa/*search and research workflows
YouTube/api/operators/youtube/*extract, formats, subtitles, save, download
Jobs/api/jobs/*queue-backed workflows and streaming reconnect
MCP/mcpremote MCP endpoint over HTTP

Authentication

  • GET /api/health is public
  • every other /api/* route requires x-api-key
  • dashboard proxy requests can use DASHBOARD_INTERNAL_API_KEY
  • MCP only accepts normal dashboard-created API keys

SSE conventions

Common event names:

  • start
  • progress
  • result
  • error
  • done

Google AI Search currently ends with end instead of done.

Dependency model

DependencyNeeded for
PostgreSQLAPI keys, logs, settings, proxies, persisted state
Redisqueue-backed jobs and crawl
Workerprocessing queued jobs
HTML_TO_MARKDOWN_SERVICE_URLmarkdown extraction when configured
Google cookie bootstrapGoogle AI Search before the first real search
YT_ENGINE_URLYouTube routes
TAVILY_API_KEYTavily routes
EXA_API_KEYExa routes

Only /api/operators/website/crawl requires Redis in the website operator family. The other website operator endpoints do not depend on Redis. Google AI Search now also requires the shared browser profile to be bootstrapped once through the cookie flow before normal searches are allowed.

Page guide

Related Docs

System and Auth

Understand API keys, auth boundaries, and the backend system routes.

Website Scraping

Review the main scraping, content, screenshot, map, and crawl endpoints.

Next Steps

Jobs

Inspect queue-backed jobs, polling flows, and runtime job management routes.

MCP

See how the remote MCP endpoint maps onto API-key authenticated backend tools.