Skip to main content

What is an endpoint file?

An endpoint file is a .md file that serves as both documentation and an executable HTTP request. The CLI, web preview, CI, and AI agents all read the same file there is no separate schema, generated client, or runtime artifact.

Browser UI

The web preview renders the file, lets you run it, and provides runtime-only params, headers, and body overrides.

Coding agents

Agent skills use this structure to create specs safely and validate them before reporting back.

Terminal and CI

rqb exec and rqb validate read the same markdown file for automation.

File location and naming

Endpoint files live under api-docs/apis/<resource>/. The recommended filename format is <method-lower>-<slug>.md.
HTTP method + pathFilename
GET /users/:idget-user-by-id.md
POST /orderspost-orders.md
DELETE /subscriptions/:iddelete-subscription-by-id.md
PATCH /orders/:orderId/items/:itemIdpatch-order-by-order-id-item-by-item-id.md

Frontmatter reference

Every endpoint file must begin with YAML frontmatter delimited by ---. 
---
resource: users
protocol: http
method: GET
path: /users/:id
tags: [users, read]
version: 1
env: [dev, staging, prod]
auth: bearer
timeout: 5000
retry:
 attempts: 0
 backoff: fixed
---
FieldRequiredTypeDescriptionDefault
resourceyesstringResource group and folder name
protocolyesenumhttp, ws, or sse. Only http executes in the current release
methodyesenumGET POST PUT PATCH DELETE HEAD OPTIONS
pathyesstringPath with :param for path params
tagsnostring[]Searchable labels shown in web preview and reports[]
versionyesintegerSpec version (must be 1)
envnostring[]Environments where this endpoint is valid. Empty = all[]
authnoenumnone / bearer / basic / customproject default
timeoutnointeger (ms)Per-request timeout in milliseconds5000
retry.attemptsnointegerRetry count after failure0
retry.backoffnoenumfixed or exponentialfixed
response.matchnoenumshape, strict, or schema comparison modeshape
response.ignorenostring[]Strict-mode paths to ignore, such as body.id[]
Unknown frontmatter keys produce a warning and are ignored. This forward-compatible behavior means future Reqbook versions can introduce new fields without breaking existing spec files.

The Request block

## Request must contain exactly one http fenced code block. The first line is the request line; subsequent lines are headers; a blank line separates headers from the optional body.

Request line forms

GET {{baseUrl}}/users/:id
GET /users/:id
POST https://api.example.com/users
Relative URLs are resolved against the selected environment’s baseUrl from api-docs/_shared/env.md. Absolute URLs are used as-is.

Full request with headers and body

POST {{baseUrl}}/users
Authorization: Bearer {{authToken}}
Content-Type: application/json
Accept: application/json

{
 "email": "{{email}}",
 "name": "{{name}}"
}

The Expected response block

## Expected response must contain exactly one http fenced code block. Reqbook diffs the actual response against this block after every execution.

Comparison behavior

PartComparison
StatusStrict equality
HeadersSubset match listed headers must be present; extra response headers are allowed
BodyJSON shape when both sides are valid JSON; exact string match otherwise
Set response.match: strict when the JSON/string body must match exactly: 
response:
  match: strict
  ignore: [body.id, headers.x-request-id]
Set response.match: schema when the actual JSON body should validate against a schema: 
## Schema

```json
{
  "type": "object",
  "required": ["id", "email"],
  "properties": {
    "id": { "type": "string" },
    "email": { "type": "string" }
  }
}
```

Example

HTTP/1.1 201 Created
Content-Type: application/json

{
 "id": "usr_123",
 "email": "[email protected]"
}

Error responses (optional)

Use ## Error responses to document representative error contracts such as validation failures, missing auth, not found, or conflict cases. 
## Error responses

```http
HTTP/1.1 404 Not Found
Content-Type: application/json

{
 "error": "not_found",
 "message": "User not found"
}
```
the current Reqbook release executes only the single ## Expected response block. Error responses are reference examples for humans, the web preview source view, and AI agents.

The Assertions block (optional)

## Assertions contains structured rules that Reqbook evaluates after each execution. Results appear in rqb_exec output as assertion_results. 
## Assertions
- status: 201
- body.id: exists
- body.email: equals "[email protected]"
- body.role: in [admin, user]
- headers.content-type: contains application/json
- body.slug: matches ^[a-z-]+$
Supported operators:
OperatorExampleDescription
existsbody.id: existsField is present and non-null
equalsstatus: 201 or body.name: equals "Ada"Exact match
containsheaders.content-type: contains jsonSubstring match
inbody.role: in [admin, user]Value is one of a list
matchesbody.slug: matches ^[a-z-]+$Regex match
Paths follow the format status, body.<field>.<nested>, or headers.<name>.

The Tests block (optional)

## Tests contains an agent-task fenced code block with freeform validation instructions for AI agents. Use this for edge cases that can’t be expressed as structured assertions. 
## Tests

```agent-task
- Verify duplicate email returns 409.
- Verify the response time is under 200ms under normal load.
```
Reqbook does not execute agent-task code. The block is read by AI agents as instructions.

Notes section (optional)

## Notes is free-form markdown for team context: rate limits, edge cases, links to related endpoints, and migration notes. The Reqbook parser ignores this section entirely.

Complete example

---
resource: users
protocol: http
method: GET
path: /users/:id
tags: [users, read]
version: 1
env: [dev, staging]
auth: bearer
timeout: 5000
retry:
 attempts: 0
 backoff: fixed
---

# Get user by id

Fetch a single user record by stable user identifier.

## Request

```http
GET {{baseUrl}}/users/:id
Authorization: Bearer {{authToken}}
Accept: application/json
```

## Expected response

```http
HTTP/1.1 200 OK
Content-Type: application/json

{
 "id": "usr_123",
 "name": "Ada Lovelace",
 "email": "[email protected]"
}
```

## Tests

```agent-task
- Verify the response status is 200.
- Verify response.body.id equals the requested id.
- Verify response.body.email is a valid email address.
- Verify Authorization header is masked in all output.
```

## Notes

Use this endpoint after login to fetch the current user's profile.

Running an endpoint

Use the UI while developing and the CLI when you need automation. 
rqb serve
Open the endpoint, fill runtime-only params or headers, click Run, and inspect the response panel. The markdown file changes only when you enter edit mode and save.