`GET /api/apps/{id}/backend` -- list the App's declared backend functions (name / operation / argument metadata; never the SQL). Authenticated by EITHER a per-deployment App token (`Bearer scwa_…`) OR a logged-in session (the operator viewing the App-Tab).
const url = 'https://example.com/api/apps/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/backend';const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/api/apps/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/backend \ --header 'Authorization: Bearer <token>'Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”App id
Responses
Section titled “Responses”Declared backend functions.
One declared backend function as exposed to the calling frontend: its name,
SQL class (query / execute) and descriptive argument metadata – but
never the SQL itself, which stays server-side.
object
The call key ({function_name} path segment).
query or execute.
Descriptive positional-argument metadata (labels + optional kind hint).
ADR 0053 – descriptive metadata for one positional argument of a backend function, used by the calling frontend to label inputs. Carries no SQL.
object
Optional input hint: text | number | boolean.
Argument label shown in the UI.
Examplegenerated
[ { "name": "example", "operation": "example", "params": [ { "kind": "example", "name": "example" } ] }]Missing/invalid App token or session.
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}App token does not authorize this app.
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}App not visible in this workspace.
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}