Authenticated API
ACP (AI Cost & Performance) endpoints require a valid JWT Bearer token. Accessible via the API gateway.
ACP Integration API
Complete API reference for the Anthropic Claude Platform (ACP) integration, providing agent management, capability control, HITL approval workflows, and comprehensive audit logging.
Overview
The ACP Integration API enables centralized management of AI agents within the Olympus Cloud platform. It provides:
| Feature | Description |
|---|---|
| Agent Registry | Register, configure, and manage AI agent lifecycle |
| Capability Management | Define and organize agent capabilities |
| Tool Permissions | Control which tools agents can access |
| HITL Approvals | Human-in-the-loop approval workflows for sensitive actions |
| Audit Logging | Complete audit trail of agent actions |
| Security Events | Track and respond to security-relevant events |
Base URL
https://api.olympuscloud.ai/v1/acp
Authentication
All endpoints require Bearer token authentication:
Authorization: Bearer YOUR_ACCESS_TOKEN
Error Responses
All endpoints return consistent error responses:
{
"error": {
"code": "AGENT_NOT_FOUND",
"message": "Agent with ID 'agent_xyz' not found",
"request_id": "req_abc123",
"timestamp": "2026-01-19T14:30:00Z"
}
}
Error Codes
| Code | HTTP Status | Description |
|---|---|---|
AGENT_NOT_FOUND | 404 | Agent does not exist |
CAPABILITY_NOT_FOUND | 404 | Capability does not exist |
TOOL_NOT_FOUND | 404 | Tool does not exist |
PERMISSION_DENIED | 403 | Insufficient permissions |
APPROVAL_EXPIRED | 410 | Approval request has expired |
APPROVAL_ALREADY_PROCESSED | 409 | Approval already approved/denied |
INVALID_STATUS_TRANSITION | 400 | Invalid agent status change |
RATE_LIMIT_EXCEEDED | 429 | Too many requests |
VALIDATION_ERROR | 400 | Invalid request body |
Webhooks
Configure webhooks to receive real-time notifications about ACP events.
Webhook Events
| Event | Trigger |
|---|---|
acp.agent.status_changed | Agent status updated |
acp.approval.requested | New approval request |
acp.approval.processed | Approval approved/denied |
acp.approval.expired | Approval timed out |
acp.security.event | Security event triggered |
acp.tool.execution | Agent executed a tool |
Webhook Payload
{
"event": "acp.approval.requested",
"timestamp": "2026-01-19T14:30:00Z",
"data": {
"approval_id": "appr_ghi789",
"agent_id": "agent_abc123",
"action": "bulk_inventory_adjustment",
"risk_level": "high"
},
"signature": "sha256=abc123..."
}
Signature Verification
Verify webhook signatures using HMAC-SHA256:
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}
Rate Limits
| Endpoint Category | Limit |
|---|---|
| Agent management | 100 req/min |
| Approval operations | 200 req/min |
| Audit log queries | 50 req/min |
| Permission evaluation | 500 req/min |
Rate limit headers included in all responses:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1737296460
Best Practices
- Use capability-based permissions - Grant capabilities, not individual tools
- Set appropriate risk levels - High-risk actions should require HITL approval
- Monitor security events - Review and acknowledge events promptly
- Audit regularly - Review audit logs for anomalies
- Scope permissions narrowly - Limit agent access by tenant and location
- Set expiration dates - Time-limit sensitive permissions
Sub-Pages
- Agent Management - Register, list, update, and delete AI agents
- Capability Management - Define and organize agent capabilities
- Tool Permissions - Control tool access and permissions
- HITL Approvals - Human-in-the-loop approval workflows
- Audit Logging - Audit trail and security events
Related Documentation
- ACP Foundation - ACP architecture overview
- ACP Router - Model routing and cost optimization
- Cockpit Operations - HITL approval UI
- AI Safety - Safety guardrails and controls