Skip to content

Seam Local API

seam api binds to 127.0.0.1:8401 by default and rejects non-loopback binds unless --allow-remote-api is set. API-created intercept listeners also reject non-loopback binds unless --allow-remote-intercept is set.

Set SEAM_API_TOKEN or pass --api-token to require Authorization: Bearer <token> or X-Seam-API-Token: <token> on every API endpoint. If no token is configured, Seam logs a warning and preserves local backwards compatibility.

Endpoints:

  • POST /intercept/start
  • POST /intercept/stop
  • GET /messages
  • GET /transcript
  • POST /rules/apply
  • POST /deliver

Minimal /deliver request:

{
  "route_id": "direct",
  "method": "POST",
  "path": "/message:send",
  "body_json": {"intent": "touch tripwire"}
}

Response includes transcript_refs so Assay can attach proof records to a finding.

See the Assay Seam contract for the route payload Assay sends and how returned transcript refs are stored in findings.