> ## Documentation Index
> Fetch the complete documentation index at: https://docs.safefetch.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# List Actions



## OpenAPI

````yaml GET /v1/actions
openapi: 3.1.0
info:
  title: SafeFetch API
  version: 0.1.0
  description: >
    SafeFetch HTTP API for managing actions.


    SafeFetch is a safety layer for AI actions that makes reliable HTTP requests
    to any URL you specify

    — API endpoints, internal services, third-party APIs — with retries, HMAC
    signatures,

    and stored results.


    Notes:

    - All response/request fields are snake_case.

    - IDs are prefixed strings (for example: act_xxx, acct_xxx), not UUIDs.

    - `/v1/*` routes require `Authorization: Bearer <api_key>`.

    - `X-Request-Id` is returned on every response.
servers:
  - url: /
security: []
tags:
  - name: System
  - name: Auth
  - name: Actions
paths:
  /v1/actions:
    get:
      tags:
        - Actions
      summary: List actions
      operationId: listActions
      parameters:
        - $ref: '#/components/parameters/XRequestId'
        - name: status
          in: query
          required: false
          schema:
            $ref: '#/components/schemas/ActionStatus'
        - name: limit
          in: query
          required: false
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 20
        - name: offset
          in: query
          required: false
          schema:
            type: integer
            minimum: 0
            default: 0
      responses:
        '200':
          description: Paginated actions
          headers:
            X-Request-Id:
              $ref: '#/components/headers/XRequestId'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ActionsListResponse'
        '400':
          $ref: '#/components/responses/InvalidQuery'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '405':
          $ref: '#/components/responses/MethodNotAllowed'
        '429':
          $ref: '#/components/responses/RateLimited'
      security:
        - BearerAuth: []
components:
  parameters:
    XRequestId:
      name: X-Request-Id
      in: header
      required: false
      description: Optional client request ID. Echoed back on response.
      schema:
        type: string
  schemas:
    ActionStatus:
      type: string
      enum:
        - pending
        - active
        - awaiting_approval
        - completed
        - failed
        - cancelled
    ActionsListResponse:
      type: object
      required:
        - data
        - total
        - limit
        - offset
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/Action'
        total:
          type: integer
          minimum: 0
        limit:
          type: integer
          minimum: 1
          maximum: 100
        offset:
          type: integer
          minimum: 0
    Action:
      type: object
      required:
        - id
        - status
        - url
        - method
        - attempts
        - retries
        - created_at
        - approve
      properties:
        id:
          $ref: '#/components/schemas/ActionId'
        status:
          $ref: '#/components/schemas/ActionStatus'
        url:
          type: string
          format: uri
        method:
          $ref: '#/components/schemas/HttpMethod'
        body:
          oneOf:
            - type: object
              additionalProperties: true
            - type: 'null'
        headers:
          oneOf:
            - type: object
              additionalProperties:
                type: string
            - type: 'null'
        dedupe:
          type: string
          nullable: true
        attempts:
          type: integer
          minimum: 0
        retries:
          type: integer
          minimum: 1
          maximum: 100
        created_at:
          type: string
          format: date-time
        started_at:
          type: string
          format: date-time
          nullable: true
        finished_at:
          type: string
          format: date-time
          nullable: true
        next_retry_at:
          type: string
          format: date-time
          nullable: true
        last_error:
          type: string
          nullable: true
        response_code:
          type: integer
          nullable: true
        response_body:
          nullable: true
        duration_ms:
          type: integer
          nullable: true
        approve:
          type: boolean
        approved_at:
          type: string
          format: date-time
          nullable: true
        approved_by:
          type: string
          nullable: true
        callback:
          type: string
          format: uri
          nullable: true
        idempotency_key:
          type: string
          nullable: true
        retries_remaining:
          type: integer
          minimum: 0
        next_retry_in_seconds:
          type: integer
          minimum: 0
        actions:
          type: array
          items:
            type: string
            enum:
              - approve
              - cancel
              - retry
          description: Allowed operations for the current status.
        error:
          type: object
          nullable: true
          description: Structured error detail present when `status` is `failed`.
          required:
            - source
            - message
            - response_code
            - response_body
          properties:
            source:
              type: string
              enum:
                - target
                - dispatch
              description: >
                `target` — the target API returned a non-2xx response.
                `dispatch` — network error, DNS failure, or timeout.
            message:
              type: string
              description: Human-readable error message (same as `last_error`).
            response_code:
              type: integer
              nullable: true
              description: HTTP status code from the target (null for dispatch errors).
            response_body:
              nullable: true
              description: Response body from the target (null for dispatch errors).
        receipt_url:
          type: string
          format: uri-reference
          description: >
            Shareable URL for this action's receipt page (e.g. `/r/rcpt_...`).
            No authentication required — secured by the unguessable receipt
            token.
          nullable: true
        deduplicated:
          type: boolean
    ErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
              enum:
                - missing_body
                - validation_error
                - missing_field
                - invalid_request
                - invalid_query
                - invalid_content_type
                - invalid_url
                - invalid_sync
                - unauthorized
                - rate_limited
                - payload_too_large
                - method_not_allowed
                - not_found
                - not_cancellable
                - not_approvable
                - not_retryable
                - email_taken
                - invalid_credentials
            message:
              type: string
            request_id:
              type: string
              pattern: ^req_[A-Za-z0-9_-]+$
            details:
              oneOf:
                - type: array
                  items:
                    $ref: '#/components/schemas/ValidationIssue'
                - type: object
                - type: string
    ActionId:
      type: string
      pattern: ^act_[A-Za-z0-9_-]+$
      example: act_M4qT8YH7xW2pL9nB
    HttpMethod:
      type: string
      enum:
        - GET
        - POST
        - PUT
        - PATCH
        - DELETE
    ValidationIssue:
      type: object
      required:
        - field
        - message
        - code
      properties:
        field:
          type: string
        message:
          type: string
        code:
          type: string
          const: invalid
  headers:
    XRequestId:
      description: Request identifier, echoed from request or generated server-side.
      schema:
        type: string
        pattern: ^req_[A-Za-z0-9_-]+$
  responses:
    InvalidQuery:
      description: Invalid query parameters.
      headers:
        X-Request-Id:
          $ref: '#/components/headers/XRequestId'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: Missing or invalid bearer token.
      headers:
        X-Request-Id:
          $ref: '#/components/headers/XRequestId'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    MethodNotAllowed:
      description: Method not allowed.
      headers:
        X-Request-Id:
          $ref: '#/components/headers/XRequestId'
        Allow:
          schema:
            type: string
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    RateLimited:
      description: Too many requests for current account.
      headers:
        X-Request-Id:
          $ref: '#/components/headers/XRequestId'
        Retry-After:
          schema:
            type: string
            const: '1'
          description: Seconds until the rate-limit window resets.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: API Key

````