Skip to main content
Base URL: https://api.openfunnel.dev Every request authenticates with a single header:
  • X-API-Key: <your_api_key> (the key looks like of_...)
  • Content-Type: application/json
There is no OAuth flow and no dashboard step. You can obtain a key programmatically in two calls. The same X-API-Key authenticates every surface: Product APIs, Agent Primitives, and the OpenFunnel MCP. There are no per-surface keys or scopes — provision one key and reuse it everywhere.

Step 1 — Request a verification code

POST /api/v1/agent/sign-up
Content-Type: application/json

{ "email": "founder@example.com" }
Sends a 6-digit code to the email. New emails create an account; existing emails use this to recover a lost key. Response: 
{ "email": "founder@example.com", "message": "Verification code sent to your email" }

Step 2 — Verify and receive the key

POST /api/v1/agent/verify
Content-Type: application/json

{ "email": "founder@example.com", "otp_code": "123456" }
Response: 
{
  "email": "founder@example.com",
  "api_key": "of_1234567890abcdef...",
  "is_new_user": true
}
Store api_key securely. It is returned only once and is not retrievable later. To recover it, call sign-up again with the same email.

Step 3 — Authenticate every other request

POST /api/v1/signal/get-signal-list
X-API-Key: of_1234567890abcdef...
Content-Type: application/json

{}

Errors

HTTPerror_codeMeaning
400OTP_EXPIREDNo pending code. Call sign-up again.
400OTP_INVALIDWrong code. details.remaining_attempts shows tries left.
429RATE_LIMITEDToo many sign-up attempts. details.retry_after_seconds.
429OTP_MAX_ATTEMPTSCode exhausted (10 tries). Call sign-up again.
500INTERNAL_ERRORTransient. Retry.
Verification codes expire after 24 hours and allow up to 10 attempts.

Notes