Resources/The Agent API Atlas/Data/Airbyte

Everything an AI agent can do with the Airbyte API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints27

API versionv1

Last updated23 June 2026

Orientation

How the Airbyte API works.

The Airbyte API is how an app or AI agent works with an Airbyte workspace: connecting a source to a destination, triggering a sync, checking a job, or listing the connectors already set up. Access is granted through an access token created from an Application, and that token represents one Airbyte user and carries exactly the permissions that user has across their workspaces and organization. Airbyte serves a single path-based version of its public API and pushes dated changes through release notes, and it can notify a webhook when a sync finishes.

27Endpoints

8Capability groups

13Read

14Write

14Permissions

Authentication

Airbyte uses OAuth 2.0 client credentials. An Application created in the Airbyte UI yields a client_id and client_secret, which are exchanged at the token endpoint for a Bearer access token that lasts 15 minutes. The token is sent as an Authorization header on every call, and an integration must request a fresh one when it expires.

Permissions

There are no granular per-endpoint scopes. An access token represents one Airbyte user and has the same permissions that user has, so its reach is set by that user's role across their organization and workspaces. A call to a workspace the user cannot access returns a 403.

Versioning

The public API is path-based at a single version and is not pinned per request. Notable changes, like the standalone API server moving into the Airbyte server and the deprecation of the older Configuration API, ship through dated release notes and deprecation notices rather than a new version string.

Data model

Airbyte models a pipeline as a source and a destination joined by a connection, and a sync is run as a job against that connection. Streams describe the tables or objects a connection can move. Sources, destinations, and connections each have full create, read, update, and delete methods, while a job is created to start a sync and deleted to cancel it.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Airbyte determines what it can reach. There is a route for making calls and a hosted server that exposes Airbyte tools to agents, and each is governed by the access token behind it and the Airbyte user that token represents.

Ways to connect

REST API

The public REST API takes JSON request bodies, returns JSON, and pages lists with limit and offset. On Airbyte Cloud it lives at https://api.airbyte.com/v1; a self-managed instance serves it under /api/public/v1. A call authenticates with a Bearer access token obtained from the OAuth 2.0 client-credentials token endpoint.

Best forConnecting an app or AI agent to Airbyte.

Governed byThe access token and the Airbyte user it represents.

Docs ↗

MCP server

Airbyte hosts a first-party, remote Model Context Protocol server so an AI agent can manage Airbyte through MCP rather than raw REST calls. It is hosted and managed by Airbyte, so there is nothing to install, and it exposes Airbyte actions to MCP-compatible clients. Airbyte also publishes a separate knowledge MCP server for documentation context.

Best forConnecting an AI agent to Airbyte through MCP.

Governed byThe access token and the Airbyte user it represents.

Docs ↗

Webhook notifications

Airbyte can push a notification to a webhook set on a workspace when a sync succeeds, when a sync fails, or when a source schema changes. The webhook is configured against the workspace rather than subscribed to per event through the API, and the payload carries a pointer to the connection and the records and bytes moved.

Best forReceiving sync and schema notifications at an app or AI agent.

Governed byThe webhook URL set on the workspace.

Docs ↗

Authentication

OAuth 2.0 client credentials

An Application created in the Airbyte UI yields a client_id and client_secret. These are exchanged at the token endpoint, with grant-type client_credentials, for a Bearer access token valid for 15 minutes. The token is sent as an Authorization header and represents the Airbyte user who owns the Application, carrying that user's permissions.

TokenBearer access token (15-minute lifetime)

Best forServer-side and agent calls to the public API.

Docs ↗

Capability map

What an AI agent can do in Airbyte.

The Airbyte API is split into areas an agent can act on, like sources, destinations, connections, and sync jobs. Each area has its own methods, and a write to a connection or a triggered sync moves real data between systems.

Sources

5 endpoints

Methods for working with sources, the systems Airbyte reads data from.

A write here creates or changes a source and its stored configuration.

View endpoints →

Destinations

5 endpoints

Methods for working with destinations, the systems Airbyte writes data to.

A write here creates or changes a destination and its stored configuration.

View endpoints →

Connections

5 endpoints

Methods for working with connections, which join a source to a destination.

A write here changes how and what data moves between two systems.

View endpoints →

Jobs (syncs)

4 endpoints

Methods for triggering and managing sync jobs against a connection.

A write here starts or cancels a sync that moves real data.

View endpoints →

Streams

1 endpoint

Methods for inspecting the streams a source and destination pair can move.

Read-only inspection of available streams and their properties.

View endpoints →

Workspaces

4 endpoints

Methods for working with workspaces, which contain sources, destinations, and connections.

A write here creates or removes a workspace and everything scoped to it.

View endpoints →

Organizations

1 endpoint

Methods for listing the organizations a user belongs to.

Read-only listing of a user's organizations.

View endpoints →

Endpoint reference

Every Airbyte API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Sources Methods for working with sources, the systems Airbyte reads data from.5
POST	`/v1/sources`	Create a source from a name, workspaceId, and a configuration matching a connector definition.	write	`Sources: write`	Current
No per-endpoint scope; needs a token for a user who can write in the target workspace. Acts onsource Permission (capability)`Sources: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/sources`	List the sources in a workspace.	read	`Sources: read`	Current
Read-only; returns sources the user can see. Acts onsource Permission (capability)`Sources: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/sources/{sourceId}`	Retrieve a single source by its ID.	read	`Sources: read`	Current
Read-only. Acts onsource Permission (capability)`Sources: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/sources/{sourceId}`	Update part of a source's configuration.	write	`Sources: write`	Current
A partial update; PUT replaces the source entirely. Acts onsource Permission (capability)`Sources: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/sources/{sourceId}`	Delete a source.	write	`Sources: write`	Current
Removes the source and breaks connections that use it. Acts onsource Permission (capability)`Sources: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Destinations Methods for working with destinations, the systems Airbyte writes data to.5
POST	`/v1/destinations`	Create a destination from a name, workspaceId, and a configuration matching a connector definition.	write	`Destinations: write`	Current
No per-endpoint scope; needs a token for a user who can write in the target workspace. Acts ondestination Permission (capability)`Destinations: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/destinations`	List the destinations in a workspace.	read	`Destinations: read`	Current
Read-only. Acts ondestination Permission (capability)`Destinations: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/destinations/{destinationId}`	Retrieve a single destination by its ID.	read	`Destinations: read`	Current
Read-only. Acts ondestination Permission (capability)`Destinations: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/destinations/{destinationId}`	Update part of a destination's configuration.	write	`Destinations: write`	Current
A partial update; PUT replaces the destination entirely. Acts ondestination Permission (capability)`Destinations: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/destinations/{destinationId}`	Delete a destination.	write	`Destinations: write`	Current
Removes the destination and breaks connections that use it. Acts ondestination Permission (capability)`Destinations: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Connections Methods for working with connections, which join a source to a destination.5
POST	`/v1/connections`	Create a connection joining a source and a destination for syncing.	write	`Connections: write`	Current
Requires a sourceId and a destinationId; defines what data moves and on what schedule. Acts onconnection Permission (capability)`Connections: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/connections`	List the connections in a workspace.	read	`Connections: read`	Current
Read-only. Acts onconnection Permission (capability)`Connections: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/connections/{connectionId}`	Retrieve a single connection by its ID.	read	`Connections: read`	Current
Read-only. Acts onconnection Permission (capability)`Connections: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/connections/{connectionId}`	Update a connection's settings, like its streams, schedule, or status.	write	`Connections: write`	Current
Changes what data moves and how often. Acts onconnection Permission (capability)`Connections: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/connections/{connectionId}`	Delete a connection.	write	`Connections: write`	Current
Stops future syncs between the source and destination. Acts onconnection Permission (capability)`Connections: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Jobs (syncs) Methods for triggering and managing sync jobs against a connection.4
POST	`/v1/jobs`	Start a job for a connection, with a jobType of sync or reset, to move data.	write	`Jobs: write`	Current
Triggers a real sync against the connectionId; returns a jobId to poll. Acts onjob Permission (capability)`Jobs: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/jobs`	List jobs, filterable by connectionId, jobType, status, workspace, and date range.	read	`Jobs: read`	Current
Read-only; paginated with limit and offset. Acts onjob Permission (capability)`Jobs: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/jobs/{jobId}`	Retrieve a job's status and details by its ID.	read	`Jobs: read`	Current
Read-only; the way to poll a triggered sync to completion. Acts onjob Permission (capability)`Jobs: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/jobs/{jobId}`	Cancel a running job.	write	`Jobs: write`	Current
Stops an in-progress sync. Acts onjob Permission (capability)`Jobs: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Streams Methods for inspecting the streams a source and destination pair can move.1
GET	`/v1/streams`	Get the available stream properties for a source and destination pair.	read	`Streams: read`	Current
Read-only; takes a sourceId, an optional destinationId, and an optional ignoreCache flag. Acts onstream Permission (capability)`Streams: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Workspaces Methods for working with workspaces, which contain sources, destinations, and connections.4
POST	`/v1/workspaces`	Create a workspace.	write	`Workspaces: write`	Current
Needs a token for a user who can create workspaces in the organization. Acts onworkspace Permission (capability)`Workspaces: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/workspaces`	List the workspaces the user can access.	read	`Workspaces: read`	Current
Read-only. Acts onworkspace Permission (capability)`Workspaces: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/workspaces/{workspaceId}`	Retrieve a single workspace by its ID.	read	`Workspaces: read`	Current
Read-only. Acts onworkspace Permission (capability)`Workspaces: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/workspaces/{workspaceId}`	Delete a workspace.	write	`Workspaces: write`	Current
Removes the workspace and the sources, destinations, and connections scoped to it. Acts onworkspace Permission (capability)`Workspaces: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Tags Methods for working with tags used to label and organize connections.2
POST	`/v1/tags`	Create a tag from a name, color, and workspaceId, used to label connections.	write	`Tags: write`	Current
Scoped to a workspace. Acts ontag Permission (capability)`Tags: write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/tags`	List all tags.	read	`Tags: read`	Current
Read-only. Acts ontag Permission (capability)`Tags: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Organizations Methods for listing the organizations a user belongs to.1
GET	`/v1/organizations`	List the organizations the user belongs to.	read	`Organizations: read`	Current
Read-only; reflects the user's organization membership. Acts onorganization Permission (capability)`Organizations: read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Airbyte can notify an app when a sync finishes or a source schema changes by pushing a message to a webhook set on a workspace. The webhook is configured against the workspace rather than subscribed to per event, and it carries a pointer to the connection plus the records and bytes moved.

Event	What it signals	Triggered by

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Airbyte pages long lists with a limit and an offset, and the public API does not publish a fixed per-method request ceiling, so an integration should back off when a response signals it is sending requests too quickly.

Request rate

Airbyte's public API does not publish a fixed per-method request limit. An integration should treat the API as rate-limited in practice: send requests at a steady pace, watch for a response that signals it is going too fast, and retry with exponential backoff rather than hammering an endpoint. Triggering a sync starts a background job, so polling the job at a sensible interval, rather than in a tight loop, is the intended pattern.

Pagination

List endpoints page with a limit and an offset query parameter. limit sets the page size and offset skips a number of records, so a client walks a list by increasing offset by the page size until fewer than a full page is returned. The job list also accepts filters such as connectionId, jobType, status, and a date range.

Request size

A list page is bounded by the limit parameter. A Bearer access token is valid for 15 minutes, after which a new one must be requested from the token endpoint.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`Bad request`	The request was malformed or missing a required field, like a connection created without a sourceId and destinationId.	Fix the request body or parameters against the endpoint reference and resend. The request is not retryable as-is.
401	`Unauthorized`	No valid access token was provided, or the token has expired. Tokens last 15 minutes.	Request a fresh Bearer token from the token endpoint with the client credentials, then retry the call.
403	`Forbidden`	The Airbyte user behind the token does not have permission for this resource, for example a workspace they cannot access.	Confirm the user's role grants access to the organization and workspace involved, or use a token for a user that has it.
404	`Not found`	The requested object does not exist, or is not visible to this user, such as a jobId or connectionId that cannot be found.	Verify the resource ID and that it belongs to a workspace the user can see.
422	`Unprocessable entity`	The request was well-formed but failed validation, for example a configuration that does not match the connector definition's schema.	Correct the values against the connector's required configuration and resend.

Versioning & freshness

Version history.

Airbyte serves a single path-based version of its public API and ships dated changes through its release notes and deprecation notices rather than minting a new version string per change.

Version history

What changed, and when

Latest versionv1

v1Current version

Public API (path-based v1)

Airbyte serves a single path-based version of its public API for managing sources, destinations, connections, and jobs. It is not pinned per request; notable changes ship through dated release notes and deprecation notices rather than a new version string.

What changed

Sources, destinations, and connections each support full create, read, update, and delete.
Jobs are created to trigger a sync or reset and deleted to cancel a run.
Access uses OAuth 2.0 client credentials, with a 15-minute Bearer access token.

2024-08-15Requires migration

Portal API keys stopped working

API keys generated from the older portal.airbyte.com stopped working. Programmatic access moved to access tokens created from an Application (client_id and client_secret).

2024-07-19Requires migration

Standalone API server removed

The standalone airbyte-api-server service was retired and its routes were moved into the Airbyte server, changing the self-managed public API path. Calls migrated to the /api/public/v1 path.

2024-05-02Feature update

Standalone API server deprecation announced

Airbyte announced it was deprecating the standalone API server and folding its routes into the Airbyte server, ahead of the July removal.

2024-06-01Feature update

Configuration API deprecation

Airbyte set out to deprecate the older Configuration API, an internal API not intended for managing a deployment, and gathered feedback on the public API to cover the same needs.

Track the release notes and deprecation notices, since changes ship against the same path-based version.

Airbyte release notes ↗

Questions

Airbyte API, answered.

How do I get an Airbyte API access token?+

Create an Application in the Airbyte UI under User settings, Applications, which gives a client_id and client_secret. Send a POST to the token endpoint (https://api.airbyte.com/v1/applications/token on Airbyte Cloud) with those credentials and grant-type client_credentials. The response is a Bearer access token valid for 15 minutes, sent as an Authorization header on each call.

What permissions does an access token have?+

An access token represents one individual Airbyte user and has exactly the same permissions as that user. There are no granular per-endpoint scopes to attach to the token. Its reach is therefore decided by the user's role across their organization and the workspaces they belong to, so a call to a resource the user cannot see returns a 403.

How do I trigger a sync and check its result?+

Send a POST to /v1/jobs with the connectionId and a jobType of sync (or reset) to start a job. The response returns a jobId. Poll GET /v1/jobs/{jobId} for the job status until it completes, and send DELETE /v1/jobs/{jobId} to cancel a running job.

What is the difference between Airbyte Cloud and a self-managed deployment?+

The same API surface is served from different base addresses. Airbyte Cloud is at https://api.airbyte.com/v1, while a self-managed instance serves the public API under /api/public/v1. Methods, request shapes, and authentication are the same; only the host differs.

Does Airbyte send webhooks?+

Airbyte can push a message to a webhook set on a workspace when a sync succeeds, when a sync fails, or when a source schema changes. The webhook is configured against the workspace, not subscribed to per event through the API, and the message includes a pointer to the connection and the records and bytes moved. Notification settings can be viewed and changed through the API.

Was the Configuration API the same as the public API?+

No. The Configuration API was an internal API for communication between Airbyte components, not a supported way to manage a deployment, and it has been deprecated. The public API documented here, at reference.airbyte.com, is the supported interface for programmatic control.

What is Bollard AI?

Control what every AI agent can do in Airbyte.

Bollard AI sits between a team's AI agents and Airbyte. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Airbyte token.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Airbyte access in Bollard Browse all APIs →

Airbyte

Pipeline Agent

View connections ResourceOffReadFull use

Trigger syncs ActionOffReadFull use

Sources ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Airbyte

How the Airbyte API works.

Connection & authentication methods.

REST API

MCP server

Webhook notifications

OAuth 2.0 client credentials

What an AI agent can do in Airbyte.

Sources

Destinations

Connections

Jobs (syncs)

Streams

Workspaces

Tags

Organizations

Every Airbyte API method.

Sources

Destinations

Connections

Jobs (syncs)

Streams

Workspaces

Tags

Organizations

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Airbyte API, answered.

More data API guides for agents

Fivetran

Databricks

Snowflake

dbt

BigQuery

Supabase

Control what every AI agent can do in Airbyte.