Runners & Apps API

Read endpoints listing registered apps and the runners behind them, with each runner's self-reported metadata.

The read-only runners and apps API backs the console's Apps view. It reflects live registrations - apps and runners appear because a runner registered, not because anything was configured by hand. There is no write surface here: runners register themselves through the SDK handshake (see runners).

Method + pathReturns
GET /appsThe workspace's registered apps.
GET /runnersThe workspace's registered runner endpoints, with metadata and liveness.

GET /apps

Lists every app that has registered in the workspace, newest activity aside (ordered by name).

FieldMeaning
nameThe app name.
createdAtWhen the app was first seen (ISO 8601).
curl $DURATON_ENGINE_URL/apps
import { createClient } from "@duraton/sdk/client";

const duraton = createClient({ engineUrl: process.env.DURATON_ENGINE_URL! });
const apps = await duraton.apps.list(); // App[]

GET /runners

Lists the registered runner endpoints. Pass ?app=<name> to scope to one app; omit it for every app in the workspace.

ParamMeaningDefault
appRestrict to one app.all apps

Each runner carries the metadata it reported on register. Optional fields are present only when the runner actually reported them (a runner predating a field, or one that left it unset, simply omits it).

FieldMeaning
runnerIdThe runner's stable id, or its URL when it registered without one.
appThe app this runner hosts.
urlThe invoke endpoint, or a conn:// pseudo-URL for a connect (WebSocket) runner.
frameworkThe serve adapter in use (hono, express, next, fastify, bun, elysia, node), or connect.
runtimeThe JS runtime: node, bun, or deno.
sdkName + versionThe SDK package and version.
regionThe deployment region, when DURATON_REGION is set.
keyFingerprintA one-way SHA-256 prefix of the runner's invoke signing key (never the key).
keyMatchestrue/false when both Duraton and the runner have a signing key, flagging whether they share it; omitted when the comparison is not possible (either side has no key).
lastSeenAtThe last registration/heartbeat time (ISO 8601).
liveWhether the endpoint is currently trusted: a conn:// runner, or a serve runner whose heartbeat is inside the stale TTL. A serve runner past the TTL is listed with live: false, not hidden.

Responses never include a signing key or secret - only the one-way keyFingerprint.

curl "$DURATON_ENGINE_URL/runners?app=shop"
import { createClient } from "@duraton/sdk/client";

const duraton = createClient({ engineUrl: process.env.DURATON_ENGINE_URL! });
const runners = await duraton.runners.list({ app: "shop" }); // Runner[]
[
  {
    "runnerId": "gateway-1",
    "app": "shop",
    "url": "http://10.0.0.4:6773/invoke",
    "framework": "hono",
    "runtime": "node",
    "sdkName": "@duraton/sdk",
    "version": "0.1.0",
    "region": "us-east-1",
    "keyFingerprint": "7f3a1b2c4d5e",
    "keyMatches": true,
    "lastSeenAt": "2026-06-25T10:30:00Z",
    "live": true
  }
]

On this page