REST Endpoints

REST API

Every FlowMason pipeline is accessible as an authenticated REST endpoint. Execute AI pipelines from external systems, build integrations, and expose conversational AI to any HTTP client — no custom Apex resource required.

Base URL: All FlowMason REST endpoints live at /services/apexrest/fm/v1/ on your Salesforce org. They use standard Salesforce OAuth authentication and respect the caller's permission sets.

Execute a pipeline

The core endpoint: POST /services/apexrest/fm/v1/actions/{pipelineId}. Pass your pipeline input in the request body and get the output back synchronously, or fire-and-forget with "async": true.

REST — execute pipeline

// Execute a pipeline via REST:
// POST /services/apexrest/fm/v1/actions/{pipelineId}
// Authorization: Bearer {session_token_or_access_token}
// Content-Type: application/json

// Request body:
{
  "input": {
    "accountId": "001000000000001",
    "prompt": "Write a 3-bullet AE briefing"
  },
  "async": false
}

// Synchronous response (async: false):
{
  "executionId": "a0b000000000001",
  "status": "Completed",
  "output": {
    "content": "• Revenue grew 23% YoY...",
    "model": "anthropic/claude-sonnet-4-6",
    "inputTokens": 412,
    "outputTokens": 187
  },
  "durationMs": 3241,
  "totalCost": 0.000085
}

// Async response (async: true — returns immediately):
{
  "executionId": "a0b000000000002",
  "status": "Pending"
}

Polling async executions

When you request async execution, you get back an executionId immediately. Poll GET /services/apexrest/fm/v1/executions/{executionId} until status reaches a terminal state:

REST — poll async execution

// Poll for async execution result:
// GET /services/apexrest/fm/v1/executions/{executionId}
// Authorization: Bearer {access_token}

// Response:
{
  "executionId": "a0b000000000002",
  "status": "Running",
  "progress": 0.33,
  "durationMs": 1820
}

// Final response when completed:
{
  "executionId": "a0b000000000002",
  "status": "Completed",
  "progress": 1.0,
  "output": { ... },
  "durationMs": 8940,
  "totalCost": 0.00021
}

Status	Terminal?	Meaning
`Pending`	No	Queued, not yet started
`Running`	No	Executing
`Completed`	Yes	All stages finished successfully
`Failed`	Yes	One or more stages errored out
`Cancelled`	Yes	Cancelled by user or TTL sweep

Conversational AI endpoint

The chat endpoint provides a stateless conversational interface. Pass the conversation history in the request body — the endpoint handles context injection from the referenced Salesforce record:

REST — AI chat

// AI Chat endpoint — conversational interface:
// POST /services/apexrest/fm/v1/chat
// Authorization: Bearer {access_token}

// Request:
{
  "message": "What's the renewal status on this account?",
  "context": {
    "recordId": "001000000000001",
    "history": [
      { "role": "user",      "content": "Tell me about this account" },
      { "role": "assistant", "content": "Acme Corp is a 500-seat enterprise customer..." }
    ]
  },
  "provider": "anthropic"
}

// Response:
{
  "reply": "The renewal is due in 47 days. Based on the last three calls...",
  "model": "claude-sonnet-4-6",
  "inputTokens": 1203,
  "outputTokens": 284
}

Admin and analytics endpoints

Admin endpoints give external systems visibility into pipeline health and costs. These require the FlowMason_Provider_Admin or FlowMason_Config_Admin permission sets:

REST — admin and analytics

// Admin endpoints (require FlowMason_Provider_Admin or FlowMason_Config_Admin):

// List all pipelines:
// GET /services/apexrest/fm/v1/admin/pipelines

// Get execution history:
// GET /services/apexrest/fm/v1/admin/executions?limit=50&status=Failed

// Analytics summary (7-day window):
// GET /services/apexrest/fm/v1/analytics/summary

// Response:
{
  "totalRuns": 1423,
  "successRate": 0.987,
  "totalCostUsd": 14.23,
  "avgDurationMs": 3812,
  "topPipelines": [
    { "id": "account-summarize-v1", "runs": 892, "cost": 7.81 },
    { "id": "case-classify-v2",     "runs": 531, "cost": 6.42 }
  ]
}

Endpoint reference

Method	Path	Description	Permission
`POST`	`/fm/v1/actions/{id}`	Execute a pipeline synchronously or asynchronously	`FlowMason_Full_Access`
`GET`	`/fm/v1/executions/{id}`	Poll execution status and retrieve output	Execution owner or Admin
`DELETE`	`/fm/v1/executions/{id}`	Cancel a running or pending execution	Execution owner or Admin
`POST`	`/fm/v1/chat`	Conversational AI with record context	`FlowMason_Full_Access`
`GET`	`/fm/v1/admin/pipelines`	List all available pipelines	`FlowMason_Provider_Admin`
`GET`	`/fm/v1/admin/executions`	Execution history with filters	`FlowMason_Execution_Admin`
`GET`	`/fm/v1/analytics/summary`	Aggregated usage and cost metrics	`FlowMason_Provider_Admin`

Authentication setup

FlowMason REST endpoints use standard Salesforce authentication — no custom auth layer to configure. Two patterns cover most use cases:

Authentication options

// FlowMason REST endpoints use Salesforce's standard authentication.
// Two options:

// Option 1: Connected App (OAuth 2.0) — for external integrations
// 1. Setup → App Manager → New Connected App
// 2. Enable OAuth Settings
// 3. Add scopes: api, refresh_token
// 4. Use the client_credentials or username-password flow to get an access token
// 5. Include it in requests: Authorization: Bearer {access_token}

// Option 2: Session Id — for same-org Apex/LWC calls
// Standard Salesforce session authentication applies automatically
// when calling from within the same org.

// REST endpoints enforce the caller's permission set.
// Users without FlowMason_Full_Access get HTTP 403.

Calling from an external system

Here's a complete example calling the pipeline REST endpoint from a Node.js application:

JavaScript — Node.js integration

// Calling from an external system (Node.js example):
const response = await fetch(
  'https://yourorg.my.salesforce.com/services/apexrest/fm/v1/actions/account-summarize-v1',
  {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer ' + accessToken,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      input: { accountId: '001000000000001' },
      async: false
    })
  }
);
const result = await response.json();
console.log(result.output.content);

Error responses

HTTP Status	Meaning
`200`	Success — execution completed or was queued
`400`	Bad request — missing required fields or invalid pipeline JSON
`401`	Unauthorized — invalid or expired access token
`403`	Forbidden — caller lacks `FlowMason_Full_Access` or required permission
`404`	Pipeline not found — `pipelineId` doesn't match any active pipeline
`429`	Rate limited — LLM provider rate limit hit; retry after backoff
`500`	Internal error — check `Pipeline_Stage_Log__c` for details

Audit and compliance

Every REST execution is tracked in PipelineExecution__c and Pipeline_Audit__c — the same objects used for Apex and Flow executions. There's no separate audit trail for REST. This means your governance reports cover all surfaces from a single query. See Governance & Audit for report patterns.

What's next

Governance & Audit

Query execution history, cost reports, and the audit trail.

Back to Getting Started

Review the full install and configuration checklist.