HTTP API - Radar

Everything Radar does in the UI is available over HTTP / SSE / WebSocket. The endpoints below are served by the OSS binary on --port (default 9280). Through Cloud, the same endpoints are reachable at https://api.radarhq.io/c/<cluster_id>/api/... with a PAT for auth.

This is a high-level surface tour, not a per-field reference. Run Radar with --debug-events for verbose request logging while exploring.

Conventions

Authentication: see Authentication. For Cloud, send Authorization: Bearer rhp_....
Content type: JSON unless noted. SSE endpoints emit text/event-stream.
All responses include Cache-Control: no-store.
Error shape: { "error": "<message>", "code": "<machine_readable>" }.

Health & metadata

GET  /api/health
GET  /api/version-check       # checks releases.skyhook.io for a newer version
GET  /api/diagnostics
GET  /api/auth/me             # current user (when auth is enabled)
GET  /api/cluster-info
GET  /api/capabilities        # which features are available given current RBAC + flags

Config & settings

GET  /api/config
PUT  /api/config
GET  /api/settings
PUT  /api/settings
GET  /api/settings/audit
PUT  /api/settings/audit

Dashboard

GET /api/dashboard
GET /api/dashboard/crds
GET /api/dashboard/helm
GET /api/resource-counts

Resources & topology

GET    /api/resources/{kind}
GET    /api/resources/{kind}/{namespace}/{name}
PUT    /api/resources/{kind}/{namespace}/{name}
DELETE /api/resources/{kind}/{namespace}/{name}
POST   /api/resources/apply

GET /api/topology
GET /api/namespaces
GET /api/api-resources

Timeline & events

GET /api/events
GET /api/events/stream                  # SSE
GET /api/changes
GET /api/changes/{kind}/{namespace}/{name}/children

Logs

GET /api/pods/{namespace}/{name}/logs/stream                         # SSE
GET /api/workloads/{kind}/{namespace}/{name}/logs/stream             # SSE

Exec, debug, terminal, port-forward

GET    /api/pods/{namespace}/{name}/exec        # WebSocket
POST   /api/pods/{namespace}/{name}/debug
GET    /api/local-terminal                      # WebSocket
GET    /api/pods/{namespace}/{name}/files
GET    /api/pods/{namespace}/{name}/files/download

GET    /api/portforwards
POST   /api/portforwards
DELETE /api/portforwards/{id}
GET    /api/portforwards/available/{type}/{namespace}/{name}

Workload & node operations

POST /api/workloads/{kind}/{namespace}/{name}/restart
POST /api/workloads/{kind}/{namespace}/{name}/scale
POST /api/workloads/{kind}/{namespace}/{name}/rollback
GET  /api/workloads/{kind}/{namespace}/{name}/revisions
GET  /api/workloads/{kind}/{namespace}/{name}/pods

POST   /api/nodes/{name}/cordon
POST   /api/nodes/{name}/uncordon
POST   /api/nodes/{name}/drain
POST   /api/nodes/{name}/debug
DELETE /api/nodes/{name}/debug

Helm

GET    /api/dashboard/helm
GET    /api/helm/releases
POST   /api/helm/releases
POST   /api/helm/releases/install-stream                              # SSE
GET    /api/helm/releases/{namespace}/{name}
GET    /api/helm/releases/{namespace}/{name}/manifest
GET    /api/helm/releases/{namespace}/{name}/values
GET    /api/helm/releases/{namespace}/{name}/diff
GET    /api/helm/releases/{namespace}/{name}/upgrade-info
GET    /api/helm/upgrade-check                                        # batched, all releases
POST   /api/helm/releases/{namespace}/{name}/rollback
POST   /api/helm/releases/{namespace}/{name}/rollback-stream          # SSE
POST   /api/helm/releases/{namespace}/{name}/upgrade
POST   /api/helm/releases/{namespace}/{name}/upgrade-stream           # SSE
POST   /api/helm/releases/{namespace}/{name}/values/preview
PUT    /api/helm/releases/{namespace}/{name}/values
DELETE /api/helm/releases/{namespace}/{name}
GET    /api/helm/repositories
POST   /api/helm/repositories/{name}/update
GET    /api/helm/charts
GET    /api/helm/charts/{repo}/{chart}
GET    /api/helm/charts/{repo}/{chart}/{version}
GET    /api/helm/artifacthub/search
GET    /api/helm/artifacthub/charts/{repo}/{chart}
GET    /api/helm/artifacthub/charts/{repo}/{chart}/{version}

CronJobs

POST /api/cronjobs/{namespace}/{name}/trigger
POST /api/cronjobs/{namespace}/{name}/suspend
POST /api/cronjobs/{namespace}/{name}/resume

GitOps - Argo CD

POST /api/argo/applications/{namespace}/{name}/sync
POST /api/argo/applications/{namespace}/{name}/refresh
POST /api/argo/applications/{namespace}/{name}/terminate
POST /api/argo/applications/{namespace}/{name}/suspend
POST /api/argo/applications/{namespace}/{name}/resume

GitOps - Flux CD

POST /api/flux/{kind}/{namespace}/{name}/reconcile
POST /api/flux/{kind}/{namespace}/{name}/sync-with-source
POST /api/flux/{kind}/{namespace}/{name}/suspend
POST /api/flux/{kind}/{namespace}/{name}/resume

Audit (cluster-level best-practices, not Cloud audit log)

GET /api/audit
GET /api/audit/resource/{kind}/{namespace}/{name}

Traffic & networking

GET  /api/traffic/sources
GET  /api/traffic/flows
GET  /api/traffic/flows/stream                  # SSE
GET  /api/traffic/source
POST /api/traffic/source
POST /api/traffic/connect
GET  /api/traffic/connection
GET  /api/network-policies/evaluate

OpenCost

GET /api/opencost/summary
GET /api/opencost/workloads
GET /api/opencost/trend
GET /api/opencost/nodes

Prometheus

GET  /api/prometheus/status
POST /api/prometheus/connect
GET  /api/prometheus/cluster
GET  /api/prometheus/namespace/{namespace}
GET  /api/prometheus/resources/{kind}/{namespace}/{name}
GET  /api/prometheus/resources/{kind}/{name}      # cluster-scoped resources
GET  /api/prometheus/query                        # raw PromQL pass-through

Image filesystem

GET /api/images/metadata          # OCI manifest + config
GET /api/images/inspect           # filesystem tree
GET /api/images/file              # single file content

Packages

GET /api/packages                 # CNCF packages discovered (powers Fleet > Packages)

Sessions

GET /api/sessions                 # active exec / port-forward / log streams

Cluster API (multi-context, kubeconfig discovery)

GET  /api/contexts
POST /api/contexts/{name}                                            # switch
GET  /api/capi/clusters/{ns}/{name}/kubeconfig
POST /api/capi/clusters/{ns}/{name}/connect                          # promote a CAPI cluster
GET  /api/connection
POST /api/connection/retry

Self-update

POST /api/agent/self-upgrade                     # in-cluster Radar pulls a newer image
GET  /api/github/starred
POST /api/github/star
POST /api/github/dismiss

Desktop app

These are no-ops outside the desktop binary. The web app uses them to open files, save artifacts, and trigger app self-update.

POST /api/desktop/open-url
POST /api/desktop/open-file
POST /api/desktop/open-folder
POST /api/desktop/save-file
POST /api/desktop/update
GET  /api/desktop/update/status
POST /api/desktop/update/apply

Certificates

GET /api/secrets/certificate-expiry

Metrics (kube-state)

GET /api/metrics/pods/{namespace}/{name}
GET /api/metrics/pods/{namespace}/{name}/history
GET /api/metrics/nodes/{name}
GET /api/metrics/nodes/{name}/history
GET /api/metrics/top/pods
GET /api/metrics/top/nodes

AI

GET  /api/ai/resources/{kind}
GET  /api/ai/resources/{kind}/{namespace}/{name}
GET  /mcp                                          # MCP transport endpoint

Auth (when enabled)

GET  /auth/login
GET  /auth/callback
GET  /auth/logout
POST /auth/backchannel-logout

Cloud control plane

These live on api.radarhq.io, not on the in-cluster Radar. Auth is the WorkOS session cookie or a PAT. All endpoints are owner / member / viewer gated as documented per page.

# Orgs & members
GET    /api/orgs/{org_id}
PATCH  /api/orgs/{org_id}
GET    /api/orgs/{org_id}/members
POST   /api/orgs/{org_id}/invitations
GET    /api/orgs/{org_id}/audit

# Clusters
GET    /api/clusters
POST   /api/clusters
PATCH  /api/clusters/{id}
DELETE /api/clusters/{id}
POST   /api/clusters/{id}/rotate-token

# Cross-cluster fleet aggregates (rate-limited 30/min/user)
GET    /api/fleet/problems
GET    /api/fleet/certs
GET    /api/fleet/audit
GET    /api/fleet/packages
GET    /api/fleet/search

# Per-cluster tunnel - any in-cluster Radar route is reachable via /c/<id>/<path>
GET    /c/{cluster_id}/{path...}                  # browser cookie or PAT auth
GET    /c/{cluster_id}/mcp                        # per-cluster MCP transport
GET    /mcp                                       # org-wide MCP aggregator

# Billing
GET    /api/orgs/{org_id}/billing
POST   /api/orgs/{org_id}/billing/checkout
POST   /api/orgs/{org_id}/billing/portal
POST   /api/billing/webhook                        # Stripe → control plane

# PATs
GET    /api/pats
POST   /api/pats
DELETE /api/pats/{id}

# Account
GET    /api/account
GET    /api/preferences
PATCH  /api/preferences

Debug (OSS only)

GET /debug/pprof/*
GET /api/debug/events
GET /api/debug/informers
GET /api/debug/events/diagnose

These are disabled under cloud-mode (the in-cluster Radar strips them so they never traverse the tunnel).

​Conventions

​Health & metadata

​Config & settings

​Dashboard

​Resources & topology

​Timeline & events

​Logs

​Exec, debug, terminal, port-forward

​Workload & node operations

​Helm

​CronJobs

​GitOps - Argo CD

​GitOps - Flux CD

​Audit (cluster-level best-practices, not Cloud audit log)

​Traffic & networking

​OpenCost

​Prometheus

​Image filesystem

​Packages

​Sessions

​Cluster API (multi-context, kubeconfig discovery)

​Self-update

​Desktop app

​Certificates

​Metrics (kube-state)

​AI

​Auth (when enabled)

​Cloud control plane

​Debug (OSS only)

​See also