Skip to main content
The Rootprint API is the HTTP surface behind your self-hosted instance. Start with the external APIs when you need to send logs from a shipper or query logs from another tool. Use the session-based APIs when you need to automate web-app workflows such as index management, user administration, or monitoring. If you are setting up log collection for the first time, start with Send logs. If you already know the endpoint you need, use the generated endpoint reference in the sidebar.

Base URL

All API requests go to your Rootprint instance. Replace the host below with your deployment URL.

Authentication

Rootprint uses these authentication modes, depending on the endpoint.
Use caseAuth methodWhere to get it
Send logs over NDJSON or OTLPIngest API key (bearer, prefix lwit_)Settings → API keys
Read logs from an external toolQuery API key (bearer, prefix rpk_)Settings → Profile or Settings → Service accounts
Check healthNoneGET /api/health is public
Bearer-token endpoints use the standard Authorization header.
Ingest API keys are scoped to one index; that index is fixed by the key and cannot be changed per request. Query API keys are read-only and not index-scoped. A personal API key, also called a personal access token (PAT), authenticates as the user who created it. A service account API key authenticates as the service account.

Endpoint groups

The generated endpoint reference is arranged around the audience for each endpoint.
GroupWhat it contains
Log ingest APINDJSON and OTLP endpoints for log producers
Log explorer APISearch, histograms, field values, and exports. Query API keys work on search, histogram, field-value, and field-discovery endpoints.
Saved viewsCreate, list, update, and delete saved searches scoped to an index
Share linksCreate and resolve public share links for log views
Index management APIIndex metadata, field discovery, preferences, and stats
Index sources APIConfigure the log sources feeding an index, including enable state and checkpoints
API key administrationCreate and delete ingest API keys and service account API keys
Service accountsCreate and delete non-human accounts for shared integrations
Personal API keysSelf-service create, list, and revoke for personal query keys
User and invite APIUsers, roles, password resets, invites, and invite acceptance
Authentication APISetup, sign-in, sessions, sign-out, and password changes
Auth settings APIGoogle and GitHub OAuth credentials, allowed domains, and allowed organizations
System monitoring APIHealth, cluster overview, activity, and metrics

Common content types

Use application/json for most app and admin endpoints. Use application/x-ndjson for the HTTP endpoint.
Use application/x-protobuf for OTLP logs.

Good first requests

GoalEndpointNotes
Health checkGET /api/healthNo authentication required
Send NDJSON logsPOST /api/ingest/ndjsonRequires an ingest API key
Send OTLP logsPOST /v1/logsRequires an ingest API key and protobuf body
List indexesGET /api/indexesAccepts a session cookie or a query API key
Search logsGET /api/indexes/{indexId}/logsAccepts a session cookie or a query API key

Error responses

Most app-level endpoints return JSON errors with a stable error object.
StatusMeaning
400Invalid query string, path parameter, or JSON body
401Missing session or bearer token
403Authenticated, but not allowed
404Unknown route or resource
409Conflict, such as first-admin setup already done
413Payload too large
415Unsupported media type
422Unprocessable entity, such as a share payload over 64KB
429Upstream rate limit
500Internal server error
503Quickwit or another upstream dependency is down
OTLP endpoints follow OTLP-style error responses instead of the app JSON error shape.
Rootprint does not apply an application-level rate limit to ingest endpoints. Apply rate limiting at your reverse proxy or load balancer if your deployment needs it.