HTTP API
Drive Beam Bench from any HTTP client. Same surface the CLI talks to.
The HTTP API is the integration surface for Beam Bench. The desktop app, the CLI, and any external client all talk to the same routes. If you have a use case that needs Beam Bench in a non-CLI environment (web app, integration server, mobile app, your own tooling), use the API directly.
The API is shipped with the desktop app and runs in-process. There is no separate service to install.
Defaults and security
In the current build, the local API server runs by default with these settings:
- Local API: on.
- API Port: 5900.
- Allow network devices to connect: on. The server binds to
0.0.0.0and accepts connections from any device on your network.
This means a fresh install of Beam Bench, on a network you share with others (office, coworking space, conference Wi-Fi, an unsegmented home network with guest devices), exposes an unauthenticated API that can move the machine and fire the laser to anyone on that network.
If you do not want network exposure, change the defaults from Settings → General:
- Open the desktop app.
- Edit → Settings → General.
- Turn Allow network devices to connect off to bind to localhost only.
- Or turn Local API off entirely to stop the server.
Changes take effect immediately; no restart needed.
Base URL
http://<host>:5900/api/v1<host> is localhost (or 127.0.0.1) when Allow network devices to connect is off. When it is on, the server is reachable at the machine's LAN IP from any device on the network.
The port is configurable in Settings → General; 5900 is the default.
Authentication
None. The API has no token, no key, no login.
- With localhost binding, the OS-level access model is the boundary: any process on your machine can talk to the API.
- With network binding (the default), anyone on the same network can talk to the API. Treat that like running an open SMB share. Do not run Beam Bench in network-binding mode on untrusted Wi-Fi.
Request format
All POST/PATCH/PUT bodies are JSON:
Content-Type: application/jsonQuery strings are flat key=value. Path segments are URL-encoded as usual.
Response envelope
Successful responses return the resource body directly, no wrapper:
{
"field": "value",
"...": "..."
}Errors return a uniform envelope:
{
"error": {
"code": "InvalidInput",
"message": "Human-readable summary of what went wrong.",
"details": { "...optional structured context..." }
}
}error.code is one of:
| Code | HTTP | Meaning |
|---|---|---|
NotFound | 404 | The requested resource does not exist. |
InvalidInput | 400 | The request body or parameters were malformed or rejected. |
InvalidState | 412 | The app is not in a state where this operation makes sense (e.g. no project open). |
Busy | 409 | A conflicting operation is already in progress. |
Conflict | 409 | Another writer changed the resource since you last read it. |
StaleRevision | 412 | Your revision token is behind the current one. Re-read and retry. |
MachineIo | 502 | The machine connection failed (disconnect, timeout, transport error). |
Persistence | 500 | Disk write or read failed. |
Internal | 500 | Unexpected server error. Report it as a bug. |
Confirmation-required errors
A small set of operations can move the machine or fire the laser. Those endpoints require an explicit confirmation flag in the request body. If missing, the API returns 428 Precondition Required:
{
"error_code": "CONFIRMATION_REQUIRED",
"missing": ["confirm_motion"],
"message": "This command can move the machine and requires explicit confirmation."
}Re-send the request with the named flag set to true. The flags currently in use are confirm_motion, confirm_laser_on, confirm_raw_gcode, and confirm_air_assist.
Endpoint groups
| Path | What it covers |
|---|---|
/api/v1/app | App-level info: version, uptime, capabilities. |
/api/v1/agent | Agent capability schema, state snapshot, and operating guide. |
/api/v1/projects | Open, save, close. Layers, objects, undo/redo. |
/api/v1/projects/import | Import SVG, DXF, PDF, AI, and raster images into a project. |
/api/v1/export | Render a project to SVG, DXF, PDF, EPS, AI. |
/api/v1/design | Describe the current design, render to PNG, apply transactional edits. |
/api/v1/preview | Generate cut previews and stats. |
/api/v1/jobs | Preflight, run, dry-run, pause, resume, frame, stop. |
/api/v1/machine | Connect, disconnect, status, jog, home. |
/api/v1/camera | Devices, state, capture, overlay (display, transform, render), calibration, alignment. |
/api/v1/console | Send raw G-code. Read recent console log. |
/api/v1/macros | List, save, and run user macros. |
/api/v1/materials | Material library: presets keyed by material and thickness. |
/api/v1/profiles | Machine profiles: create, list, apply. |
/api/v1/assets | Art Library asset access. |
/api/v1/vector | Vector ops: convert, boolean, group, path. |
/api/v1/events | WebSocket stream of state changes and machine events. |
Per-resource reference pages are a work in progress; consult the agent capability schema in the meantime.
Discover the live surface
The fastest way to see what your installed version exposes:
curl -s http://localhost:5900/api/v1/agent/capabilities | jq .This returns the full capability schema, including every endpoint, its parameters, and its response shape. The schema is the authoritative description; this page is a guide to it.
For state introspection:
curl -s http://localhost:5900/api/v1/agent/state | jq .For a written orientation on how to drive the app:
curl -s http://localhost:5900/api/v1/agent/guideVersioning
All routes are under /api/v1. Breaking changes go in /api/v2 when they happen. Additive changes (new endpoints, new optional fields) ship in v1 without a version bump.
Related
- Using the HTTP API guide: a tutorial-style introduction with worked examples.
- How the CLI and app share state: the consistency model behind these endpoints.
- Settings → General: where to enable the API and pick the port.