API
How plugin HTTP endpoints and RPC methods work together.
Storyden plugin integration has two API surfaces:
- HTTP API for installation, lifecycle, metadata, configuration and management
- JSON-RPC over WebSocket for host-plugin runtime communication
If you're looking for the shape of plugin metadata first, read Manifest.
HTTP API responsibilities
The HTTP API handles instance-side management and cannot be interacted with via an Access Key, only via a web-based session:
- Add/list/get/delete plugin installations
- Enable and disable (for supervised plugins)
- Regenerate token (for external plugins)
- Manifest updates (for external plugins)
- Configuration schema and values
- Supervised plugin logs
For endpoint-level details, check out the API documentation.
RPC responsibilities
RPC handles runtime messaging after authentication:
- Host to plugin: events, configuration updates, health checks
- Plugin to host: config fetch, access key fetch
RPC method docs are available here:
Events
All events emitted by Storyden.
Host to Plugin
RPCs Storyden sends to plugins.
Plugin to Host
RPCs plugins can send to Storyden.
How the two layers fit
The common flow looks like this:
- Install plugin via HTTP API
- Plugin connects over RPC using authenticated URL
- Runtime data moves over RPC
- Plugins can talk to the HTTP API to do stuff if they get an access key
Connection model and token behaviour are covered in Security -> RPC authentication model.
Plugins with API access can be powerful, this allows plugins to do things like:
- Create threads and replies
- Manage Library pages
- Moderate content and manage reports
- React to content events automatically
Contract source of truth
- Plugin manifest schema:
/api/plugin.yaml - RPC method schemas:
/api/rpc
The RPC docs in this section are generated directly from those schema files to reduce drift.