POST /executeexecutes the workflow and returns JSON by default.POST /validatevalidates workflow source and returns validation diagnostics.POST /formatformats workflow source and returns canonical output.
POST /execute switches to Server-Sent Events when the request includes Accept: text/event-stream.
Request body
| Field | Type | Description |
|---|---|---|
input | object | Public workflow input. Must match the workflow input block. |
secrets | object | Sensitive runtime values. Must match the workflow secrets block. |
options.cache_key | string | Optional client-controlled cache key. When present and caching is enabled, matching agent outputs can be reused for later requests with the same key. |
options.use_cache | boolean | Optional cache toggle. Defaults to true, but cache is only used when options.cache_key is present. |
workflow_source_base64 | string | Base64-encoded .wire source. |
/execute response
Successful responses return the workflow output block as JSON.
/execute streaming response
When Accept: text/event-stream is set, /execute responds with text/event-stream. A typical stream contains lifecycle events, agent events, tool/MCP events, and a final completion event.
workflow_completed as the terminal success event and workflow_failed as the terminal failure event.
Streaming responses include an x-superwire-run-id response header. If the client connection drops unintentionally, reconnect with GET /execute/{run_id}/events and pass the last received SSE event id with the Last-Event-ID header.
To intentionally stop backend work for a running stream, call:
Security notes
- Do not log raw request bodies in production because
secretscontains provider and MCP credentials. - Prefer short-lived API keys or internal credentials when possible.
- Keep
.wiresource free of hardcoded secrets.