Public REST API

Drive Primer Architect from your own code, CI pipeline, or LIMS using the same REST surface the web UI does. All endpoints accept either a signed-in browser session or an Authorization: Bearer pak_… API key.

Create an API key

Open Settings → API keys from the user menu. Keys look like pak_x9k2hb8aTr1… and start with the literal pak_prefix so they're grep-able if accidentally committed. You see the plaintext once at creation — store it somewhere safe; we only keep the SHA-256 hash.

Base URL

Production: https://primer-architect.teselagen.com/api
Local dev: http://localhost:3000/api

Endpoints

GET /api/runs

List your designs. Supports ?q=<name> and ?archived=true.

GET /api/runs/{id}

Fetch a single run.

POST /api/design/jobs

Enqueue a new design. Returns { jobId } immediately (202). Poll GET /api/design/jobs/{jobId} for status.

POST /api/design/jobs
Authorization: Bearer pak_xxx
Content-Type: application/json

{
  "kind": "panel-for-genes",
  "name": "TP53 panel",
  "inputs": {
    "list_of_genes": "TP53",
    "amplicon_size": 400,
    "n_pools": 2,
    "avoid_variants": true
  },
  "uiInputs": { /* free-form snapshot of the wizard inputs */ }
}

POST /api/off-target

Score primers against the chosen reference. Requires the production k-mer mismatch DB (set OFF_TARGET_DB_URL on the server). In dev or unconfigured deploys this returns 0 hits with a dbDisabled: true flag.

Rate limits

Public endpoints are rate-limited per API key (Upstash Redis backed, M3 rollout). Default: 60 requests / minute. Hit the limit and you'll get a 429 with a Retry-After header.

Revoking a key

From Settings → API keys, hit the trash icon. Revocation is immediate — subsequent requests return 401.