openapi: 3.0.3 info: title: Devin API (Cognition Labs) description: >- The Devin API lets you create and drive Devin, Cognition's autonomous AI software engineer, programmatically. This document models the legacy v1 surface (api.devin.ai/v1, still live and documented, authenticated with apk_user_*/apk_* keys) in full - sessions, messages, attachments, knowledge, playbooks, and secrets - plus representative endpoints from the current v3 organizations/enterprise surface (api.devin.ai/v3, authenticated with cog_ service-user or personal access tokens) and the v2/v3 consumption (ACU usage) endpoints. The v2/v3 enterprise surface has additional organization, member, and API-key management endpoints not exhaustively modeled here; see the humanURL/APIReference links in apis.yml for the full documented set. All endpoints are transcribed from Cognition's public documentation at https://docs.devin.ai and have not been exercised against production credentials, which require an active paid Devin plan or Enterprise contract. version: '1.0' contact: name: Cognition url: https://cognition.ai license: name: Proprietary url: https://docs.devin.ai/admin/security servers: - url: https://api.devin.ai/v1 description: Legacy v1 API (apk_user_*/apk_* keys) - url: https://api.devin.ai/v3 description: Current v3 organizations/enterprise API (cog_ keys) security: - bearerAuth: [] tags: - name: Sessions description: Create and manage Devin sessions (v1 legacy surface). - name: Messages description: Send and read messages within a running session. - name: Attachments description: Upload and download files for Devin to work with. - name: Knowledge description: Organization knowledge entries and folders. - name: Playbooks description: Reusable team playbooks that seed new sessions. - name: Secrets description: Encrypted credentials Devin can use inside sessions. - name: Organizations (v3) description: Current org-scoped session and user management. - name: Enterprise (v3) description: Cross-organization administration. - name: Consumption description: Agent Compute Unit (ACU) usage and billing metrics. paths: /sessions: post: operationId: createSession tags: - Sessions summary: Create a new Devin session description: >- Creates a new Devin session from a natural-language prompt, optionally seeded with a playbook, snapshot, knowledge, secrets, tags, and a max ACU cap. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateSessionInput' responses: '200': description: The created (or, if idempotent and matched, existing) session. content: application/json: schema: $ref: '#/components/schemas/CreateSessionResponse' '422': $ref: '#/components/responses/ValidationError' get: operationId: listSessions tags: - Sessions summary: List sessions description: Lists sessions for the organization, with optional filters. parameters: - name: limit in: query schema: type: integer default: 100 - name: offset in: query schema: type: integer default: 0 - name: skip in: query schema: type: integer - name: tags in: query description: Filter sessions by tag. schema: type: array items: type: string style: form explode: true - name: user_email in: query description: Filter sessions by the creator's email address. schema: type: string responses: '200': description: A page of sessions. content: application/json: schema: type: object properties: sessions: type: array items: $ref: '#/components/schemas/SessionSummary' '422': $ref: '#/components/responses/ValidationError' /sessions/{session_id}: parameters: - $ref: '#/components/parameters/SessionId' get: operationId: getSession tags: - Sessions summary: Retrieve session details description: Retrieves full status, message history, and structured output for a session. responses: '200': description: The requested session. content: application/json: schema: $ref: '#/components/schemas/SessionDetail' '422': $ref: '#/components/responses/ValidationError' delete: operationId: terminateSession tags: - Sessions summary: Terminate a session description: Terminates a running session. The session must not already be in an exited state. responses: '200': description: Termination confirmation. content: application/json: schema: type: object properties: detail: type: string '422': $ref: '#/components/responses/ValidationError' /sessions/{session_id}/tags: parameters: - $ref: '#/components/parameters/SessionId' put: operationId: updateSessionTags tags: - Sessions summary: Update session tags description: Replaces the tag list on a session (maximum 50 tags). requestBody: required: true content: application/json: schema: type: object required: - tags properties: tags: type: array maxItems: 50 items: type: string responses: '200': description: Confirmation. content: application/json: schema: type: object properties: detail: type: string '422': $ref: '#/components/responses/ValidationError' /sessions/{session_id}/message: parameters: - $ref: '#/components/parameters/SessionId' post: operationId: sendMessage tags: - Messages summary: Send a message to a session description: >- Sends a follow-up message into a running session. The session must be in a running state to receive it; sending a message also wakes a sleeping session. requestBody: required: true content: application/json: schema: type: object required: - message properties: message: type: string responses: '200': description: Message accepted, or a detail note if the session was already suspended. content: application/json: schema: type: object nullable: true properties: detail: type: string '422': $ref: '#/components/responses/ValidationError' /attachments: post: operationId: uploadAttachment tags: - Attachments summary: Upload a file for Devin to work with description: >- Uploads a file and returns its URL. Reference the returned URL in a session prompt as ATTACHMENT:"{file_url}" on its own line. requestBody: required: true content: multipart/form-data: schema: type: object required: - file properties: file: type: string format: binary responses: '200': description: The uploaded file's URL. content: application/json: schema: type: string '422': $ref: '#/components/responses/ValidationError' /attachments/{attachment_id}: parameters: - name: attachment_id in: path required: true schema: type: string get: operationId: downloadAttachment tags: - Attachments summary: Download an attachment file responses: '200': description: The raw attachment file contents. content: application/octet-stream: schema: type: string format: binary '422': $ref: '#/components/responses/ValidationError' /knowledge: get: operationId: listKnowledge tags: - Knowledge summary: List all knowledge entries and folders responses: '200': description: Knowledge entries and folders for the organization. content: application/json: schema: type: object properties: knowledge: type: array items: $ref: '#/components/schemas/KnowledgeEntry' folders: type: array items: $ref: '#/components/schemas/KnowledgeFolder' post: operationId: createKnowledge tags: - Knowledge summary: Create a knowledge entry requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KnowledgeInput' responses: '200': description: The created knowledge entry. content: application/json: schema: $ref: '#/components/schemas/KnowledgeEntry' '422': $ref: '#/components/responses/ValidationError' /knowledge/{knowledge_id}: parameters: - name: knowledge_id in: path required: true schema: type: string put: operationId: updateKnowledge tags: - Knowledge summary: Update a knowledge entry requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/KnowledgeInput' responses: '200': description: The updated knowledge entry. content: application/json: schema: $ref: '#/components/schemas/KnowledgeEntry' '422': $ref: '#/components/responses/ValidationError' delete: operationId: deleteKnowledge tags: - Knowledge summary: Delete a knowledge entry responses: '200': description: Deletion confirmation. content: application/json: schema: type: object properties: detail: type: string '422': $ref: '#/components/responses/ValidationError' /playbooks: get: operationId: listPlaybooks tags: - Playbooks summary: List all team playbooks responses: '200': description: The organization's playbooks. content: application/json: schema: type: array items: $ref: '#/components/schemas/Playbook' post: operationId: createPlaybook tags: - Playbooks summary: Create a playbook requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PlaybookInput' responses: '200': description: The created playbook. content: application/json: schema: $ref: '#/components/schemas/Playbook' '422': $ref: '#/components/responses/ValidationError' /playbooks/{playbook_id}: parameters: - name: playbook_id in: path required: true schema: type: string get: operationId: getPlaybook tags: - Playbooks summary: Get a playbook responses: '200': description: The requested playbook. content: application/json: schema: $ref: '#/components/schemas/Playbook' '422': $ref: '#/components/responses/ValidationError' put: operationId: updatePlaybook tags: - Playbooks summary: Update a playbook requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PlaybookInput' responses: '200': description: The updated playbook. content: application/json: schema: $ref: '#/components/schemas/Playbook' '422': $ref: '#/components/responses/ValidationError' delete: operationId: deletePlaybook tags: - Playbooks summary: Delete a playbook responses: '200': description: Deletion confirmation. content: application/json: schema: type: object properties: detail: type: string '422': $ref: '#/components/responses/ValidationError' /secrets: get: operationId: listSecrets tags: - Secrets summary: List all secrets description: Returns secret metadata only, never secret values. responses: '200': description: The organization's secret metadata. content: application/json: schema: type: array items: $ref: '#/components/schemas/SecretMetadata' post: operationId: createSecret tags: - Secrets summary: Create a secret requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecretInput' responses: '200': description: The created secret's identifier. content: application/json: schema: type: object properties: id: type: string '422': $ref: '#/components/responses/ValidationError' /secrets/{secret_id}: parameters: - name: secret_id in: path required: true schema: type: string delete: operationId: deleteSecret tags: - Secrets summary: Delete a secret responses: '200': description: Deletion confirmation. content: application/json: schema: type: object properties: detail: type: string '422': $ref: '#/components/responses/ValidationError' /organizations/{org_id}/sessions: parameters: - $ref: '#/components/parameters/OrgId' post: operationId: createOrganizationSession tags: - Organizations (v3) summary: Create a session (v3, organization-scoped) description: >- v3 equivalent of POST /sessions, scoped to an organization and served from https://api.devin.ai/v3. Supports create_as_user_id to attribute the session to a specific organization member. servers: - url: https://api.devin.ai/v3 requestBody: required: true content: application/json: schema: allOf: - $ref: '#/components/schemas/CreateSessionInput' - type: object properties: create_as_user_id: type: string description: Attribute the session to this organization user. responses: '200': description: The created session. content: application/json: schema: $ref: '#/components/schemas/CreateSessionResponse' '401': $ref: '#/components/responses/Unauthorized' '422': $ref: '#/components/responses/ValidationError' /organizations/members/users: get: operationId: listOrganizationUsers tags: - Organizations (v3) summary: List organization users (v3) description: Lists users in the organization, for use with create_as_user_id. servers: - url: https://api.devin.ai/v3 responses: '200': description: A list of organization users. content: application/json: schema: type: object properties: users: type: array items: type: object properties: id: type: string email: type: string full_name: type: string '401': $ref: '#/components/responses/Unauthorized' /enterprise/organizations: get: operationId: listEnterpriseOrganizations tags: - Enterprise (v3) summary: List enterprise organizations description: Lists every organization under the enterprise account. servers: - url: https://api.devin.ai/v3 responses: '200': description: A list of organizations. content: application/json: schema: type: object properties: organizations: type: array items: type: object properties: id: type: string name: type: string '401': $ref: '#/components/responses/Unauthorized' /enterprise/audit-logs: get: operationId: listEnterpriseAuditLogs tags: - Enterprise (v3) summary: List enterprise audit logs description: Paginated audit log entries with time-based filtering. servers: - url: https://api.devin.ai/v3 parameters: - name: start_time in: query description: Unix timestamp (seconds) lower bound. schema: type: integer - name: end_time in: query description: Unix timestamp (seconds) upper bound. schema: type: integer - name: cursor in: query schema: type: string responses: '200': description: A page of audit log entries. content: application/json: schema: type: object properties: entries: type: array items: type: object additionalProperties: true next_cursor: type: string nullable: true '401': $ref: '#/components/responses/Unauthorized' /enterprise/consumption/daily: get: operationId: getEnterpriseDailyConsumption tags: - Consumption summary: Get daily ACU consumption for the enterprise servers: - url: https://api.devin.ai/v3 parameters: - name: start_time in: query description: Unix timestamp (seconds) lower bound. schema: type: integer - name: end_time in: query description: Unix timestamp (seconds) upper bound. schema: type: integer responses: '200': description: Daily ACU consumption totals. content: application/json: schema: type: object properties: days: type: array items: type: object properties: date: type: string format: date acu_consumed: type: number '401': $ref: '#/components/responses/Unauthorized' /organizations/{org_id}/consumption/sessions: parameters: - $ref: '#/components/parameters/OrgId' get: operationId: getSessionDailyConsumption tags: - Consumption summary: Get per-session daily ACU consumption servers: - url: https://api.devin.ai/v3 parameters: - name: start_time in: query schema: type: integer - name: end_time in: query schema: type: integer responses: '200': description: Per-session daily ACU consumption. content: application/json: schema: type: object properties: sessions: type: array items: type: object properties: session_id: type: string date: type: string format: date acu_consumed: type: number '401': $ref: '#/components/responses/Unauthorized' components: securitySchemes: bearerAuth: type: http scheme: bearer description: >- v1/v2 keys are prefixed apk_user_* (personal) or apk_* (service). The current v3 API uses service-user or personal access tokens prefixed cog_. Passed as `Authorization: Bearer YOUR_API_KEY`. parameters: SessionId: name: session_id in: path required: true description: The unique identifier of the session. schema: type: string OrgId: name: org_id in: path required: true description: The organization ID, found in Settings > Service Users. schema: type: string responses: Unauthorized: description: Missing or invalid bearer token. content: application/json: schema: $ref: '#/components/schemas/ValidationErrorBody' ValidationError: description: The request payload failed validation. content: application/json: schema: $ref: '#/components/schemas/ValidationErrorBody' schemas: ValidationErrorBody: type: object properties: detail: type: array items: type: object properties: loc: type: array items: type: string msg: type: string type: type: string CreateSessionInput: type: object required: - prompt properties: prompt: type: string description: The task prompt for Devin to work on. title: type: string description: Custom session name; auto-generated if omitted. snapshot_id: type: string playbook_id: type: string knowledge_ids: type: array items: type: string nullable: true description: Null uses all knowledge; empty array uses none. secret_ids: type: array items: type: string nullable: true description: Null uses all secrets; empty array uses none. session_secrets: type: array items: type: object properties: key: type: string value: type: string sensitive: type: boolean structured_output_schema: type: object description: JSON Schema (Draft 7) for validating structured output. Max 64KB. additionalProperties: true tags: type: array maxItems: 50 items: type: string max_acu_limit: type: integer description: Maximum ACU allowance for the session. idempotent: type: boolean default: false unlisted: type: boolean default: false CreateSessionResponse: type: object required: - session_id - url properties: session_id: type: string url: type: string is_new_session: type: boolean SessionStatusEnum: type: string enum: - working - blocked - expired - finished - suspend_requested - suspend_requested_frontend - resume_requested - resume_requested_frontend - resumed SessionSummary: type: object required: - session_id - status - created_at - updated_at properties: session_id: type: string status: type: string status_enum: $ref: '#/components/schemas/SessionStatusEnum' created_at: type: string format: date-time updated_at: type: string format: date-time title: type: string requesting_user_email: type: string playbook_id: type: string snapshot_id: type: string tags: type: array items: type: string pull_request: type: object properties: url: type: string structured_output: type: object additionalProperties: true SessionDetail: allOf: - $ref: '#/components/schemas/SessionSummary' - type: object properties: messages: type: array default: [] items: type: object additionalProperties: true KnowledgeInput: type: object required: - name - body - trigger_description properties: name: type: string body: type: string trigger_description: type: string description: Describes when this knowledge entry should apply. macro: type: string parent_folder_id: type: string pinned_repo: type: string KnowledgeEntry: allOf: - $ref: '#/components/schemas/KnowledgeInput' - type: object properties: id: type: string created_at: type: string format: date-time created_by: type: object properties: full_name: type: string id: type: string nullable: true image_url: type: string nullable: true KnowledgeFolder: type: object properties: id: type: string name: type: string description: type: string created_at: type: string format: date-time PlaybookInput: type: object required: - title - body properties: title: type: string body: type: string macro: type: string access_type: type: string Playbook: allOf: - $ref: '#/components/schemas/PlaybookInput' - type: object properties: playbook_id: type: string status: type: string org_id: type: string created_at: type: string format: date-time nullable: true updated_at: type: string format: date-time nullable: true created_by_user_id: type: string nullable: true created_by_user_name: type: string nullable: true SecretInput: type: object required: - type - key - value properties: type: type: string enum: - cookie - key-value - dictionary - totp key: type: string description: Unique name for the secret within the organization. value: type: string description: The secret value to store. Encrypted at rest. sensitive: type: boolean description: Whether the value is redacted in logs. note: type: string SecretMetadata: type: object properties: id: type: string type: type: string enum: - cookie - key-value - dictionary - totp key: type: string nullable: true created_at: type: string format: date-time nullable: true