API Overview
ADP exposes three API domains over HTTP: Debug (stored debug entries), Inspector (live application state), and Ingestion (external data intake).
Base URLs
| Domain | Base Path | Purpose |
|---|---|---|
| Debug | /debug/api | Access stored debug entries and SSE stream |
| Inspector | /inspect/api | Query live application state (routes, config, database, files) |
| Ingestion | /debug/api/ingest | Accept debug data from external applications |
Response Format
All responses (except SSE and MCP) are wrapped in a standard envelope:
json
{
"id": "debug-entry-id",
"data": { ... },
"error": null,
"success": true,
"status": 200
}On error, success is false, error contains the error message, and data is null.
Middleware Chain
Every API request passes through:
- IpFilterMiddleware
AppDevPanel\Api\Middleware\IpFilterMiddlewareIp Filter HTTP middleware. -- validates request IP against allowed IPs (default:127.0.0.1,::1) - CorsMiddleware
AppDevPanel\Api\Middleware\CorsMiddlewareCors HTTP middleware. -- adds permissive CORS headers - ResponseDataWrapper
AppDevPanel\Api\Debug\Middleware\ResponseDataWrapperClass ResponseDataWrapper. -- wraps responses in the standard envelope - DebugHeaders
AppDevPanel\Api\Debug\Middleware\DebugHeadersAdds debug headers to response. Information from these headers may be used to request information about the current request as it is done in the debug toolbar. -- addsX-Debug-IdandX-Debug-Linkresponse headers
Inspector endpoints additionally pass through:
- InspectorProxyMiddleware
AppDevPanel\Api\Inspector\Middleware\InspectorProxyMiddlewareInspector Proxy HTTP middleware. -- routes?service=<name>requests to registered external services
Authentication
By default, the API is restricted to localhost via IP filtering. An optional auth_token can be configured for additional security.