Skip to main content

Introduction

The Loom HTTP API provides programmatic access to the Loom platform, enabling you to build custom integrations, automate workflows, and create alternative clients for the AI-powered coding agent.

Base URL

All API requests are made to: 
https://loom.ghuntley.com
For self-hosted deployments, replace with your instance URL.

Authentication

The Loom API supports multiple authentication methods:

Session Cookies

Web clients authenticate using HttpOnly session cookies set after OAuth or magic link login. The cookie name is configurable (default: loom_session).

API Keys

For programmatic access, use API keys with the Authorization header: 
curl -H "Authorization: Bearer loom_sk_..." \
  https://loom.ghuntley.com/api/threads
API keys can be created via the dashboard or API and support scoped permissions.

WebSocket Tokens

For WebSocket connections, obtain a short-lived token from /auth/ws-token (expires in 30 seconds, single-use): 
curl -H "Cookie: loom_session=..." \
  https://loom.ghuntley.com/auth/ws-token
Send the token in the WebSocket first message: 
{"type": "auth", "token": "ws_..."}

Request Format

All POST/PUT requests accept JSON payloads with Content-Type: application/json: 
curl -X POST https://loom.ghuntley.com/api/threads/abc123 \
  -H "Authorization: Bearer loom_sk_..." \
  -H "Content-Type: application/json" \
  -d '{"id": "abc123", "title": "My Thread", ...}'

Response Format

All responses return JSON with appropriate HTTP status codes:

Success Response (200 OK)

{
  "id": "thread_abc123",
  "title": "Example Thread",
  "created_at": "2026-03-03T12:00:00Z"
}

Error Response (4xx/5xx)

{
  "error": "not_found",
  "message": "Thread not found",
  "server_version": "1.0.0",
  "client_version": null
}

Pagination

List endpoints support offset-based pagination:
limit
integer
default:"50"
Maximum number of results to return
offset
integer
default:"0"
Number of results to skip
Example: 
curl "https://loom.ghuntley.com/api/threads?limit=20&offset=40"
Response includes pagination metadata: 
{
  "threads": [...],
  "total": 127,
  "limit": 20,
  "offset": 40
}

Optimistic Concurrency

Thread operations support optimistic locking via the If-Match header: 
curl -X PUT https://loom.ghuntley.com/api/threads/abc123 \
  -H "If-Match: 42" \
  -H "Content-Type: application/json" \
  -d '{"id": "abc123", "version": 42, ...}'
If the version doesn’t match, the API returns 409 Conflict: 
{
  "error": "version_conflict",
  "message": "Expected version 42, but current version is 43"
}

Rate Limiting

LLM proxy endpoints may return 503 Service Unavailable with retry information: 
{
  "error": "rate_limited",
  "message": "LLM rate limited; retry after 30 seconds"
}

Server-Sent Events (SSE)

Streaming endpoints use SSE with event: llm headers: 
curl -N https://loom.ghuntley.com/proxy/anthropic/stream \
  -H "Content-Type: application/json" \
  -d '{"model": "claude-sonnet-4", "messages": [...]}'
Events: 
event: llm
data: {"type":"text_delta","content":"Hello"}

event: llm
data: {"type":"completed","response":{...}}

WebSocket Connections

Real-time communication uses WebSocket endpoints:
  • Terminal attach: wss://loom.ghuntley.com/api/weaver/{id}/attach
  • Session streaming: wss://loom.ghuntley.com/api/ws/sessions/{id}
Authenticate via first message using a WebSocket token from /auth/ws-token.

Status Codes

CodeMeaningDescription
200OKRequest succeeded
201CreatedResource created successfully
204No ContentResource deleted successfully
400Bad RequestInvalid request parameters
401UnauthorizedAuthentication required
403ForbiddenInsufficient permissions
404Not FoundResource does not exist
409ConflictVersion mismatch (optimistic locking)
500Internal Server ErrorServer-side error
503Service UnavailableUpstream service unavailable

SDKs and Libraries

Official SDKs:
  • Rust: loom-common-core (built-in)
  • TypeScript: @loom/client (web/Node.js)
  • VS Code Extension: Uses TypeScript client

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us