Skip to main content
POST
/
monit
/
tools
/
catalog
List target tool catalog
curl --request POST \
  --url 'https://api.flashcat.cloud/monit/tools/catalog?app_key=' \
  --header 'Content-Type: application/json' \
  --data '
{
  "account_id": 10001,
  "target_locator": "web-01",
  "include_output_shape": true
}
'
{
  "request_id": "01HK8XQE3Z7JM2NTFQ5YJ8P9R4",
  "data": {
    "target": {
      "kind": "host",
      "locator": "web-01"
    },
    "tools": [
      {
        "name": "os.overview",
        "target_kind": "host",
        "description": "Returns a bounded overview of host health (CPU, memory, disk, network, top processes).",
        "input_schema": {
          "type": "object",
          "additionalProperties": false,
          "properties": {}
        },
        "output_shape": {
          "type": "object",
          "required": [
            "data",
            "summary",
            "truncated"
          ],
          "properties": {
            "data": {
              "type": "object"
            },
            "summary": {
              "type": "string"
            },
            "truncated": {
              "type": "object"
            }
          }
        }
      }
    ],
    "error": null
  }
}

Restrictions

AspectValue
Rate limits600 requests/minute; 10 requests/second per account
PermissionsAny valid app_key (read-only; not gated by a specific permission class)

Usage

  • Use target_locator to identify the target; target_kind is optional and is auto-inferred when omitted. Built-in target kinds are host and mysql.
  • If multiple kinds match the same locator, the response is HTTP 200 with data.error.code = "ambiguous_target_kind" and a target_kinds list — retry with an explicit target_kind.
  • The catalog is a candidate capability view, not an execution guarantee. The target Agent may go offline between catalog and invoke, or local Agent policy may block individual tools at invoke time.
  • Set include_output_shape: true to additionally receive each tool’s output_shape. Default is false to keep the response small for LLM consumption.
  • Business errors (target_unavailable, unknown_toolset_hash, ambiguous_target_kind) come back as HTTP 200 with a non-null data.error. Only protocol / auth / internal errors use the standard error envelope.

Authorizations

app_key
string
query
required

App key issued from the Flashduty console under Account → APP Keys. Required on every public API call. Keep it secret — it grants the same access as the owning account.

Body

application/json
target_locator
string
required

Target identifier (host name, MySQL address, …). Max 256 bytes; no whitespace, control characters, or |.

account_id
integer<int64>

Optional consistency check. Must equal the authenticated account when supplied.

target_kind
string

Optional target kind. When omitted webapi auto-infers across currently known kinds. Built-in kinds: host, mysql. Required on retry when the previous call returned ambiguous_target_kind.

include_output_shape
boolean
default:false

When true, each tool entry includes its output_shape JSON Schema. Defaults to false to keep responses small for LLM consumption.

Response

Success

Success response envelope. On every 2xx response, request_id identifies the call (also mirrored in the Flashcat-Request-Id header) and data holds the endpoint-specific payload. Failure responses use a different shape — see ErrorResponse.

request_id
string
required

Unique ID for this request. Mirrored in the Flashcat-Request-Id response header. Include it when reporting issues.

Example:

"01HK8XQE3Z7JM2NTFQ5YJ8P9R4"

data
object
required

Endpoint-specific payload. See each operation's 200 response schema.