API Documentation
Generate videos and static image ads programmatically via REST API, or connect Wavemaker as an MCP tool in Cursor, Claude Desktop, or any MCP-compatible client.
Authentication
All REST endpoints require an API key passed as a Bearer token. Create and manage keys
from your
dashboard API Keys page. The MCP endpoint at /mcp uses OAuth 2.1 instead —
see
MCP Integration.
API Key Format
Keys are prefixed with mcp_ and are at least 32 characters
long. Store them securely — they cannot be retrieved after creation. Only the last
4 characters remain visible in the dashboard (e.g. mcp_...a1b2). API key creation requires a paid plan (Pro or higher) with api_access.
Rate Limits
30 requests per minute per API key on
/api/v1/* and /mcp
(rolling 60-second window). Rate-limited responses include
X-RateLimit-Remaining and
X-RateLimit-Reset (Unix seconds);
429 adds a Retry-After header.
/assets/sign is auth-protected but not rate-limited.
Authorization: Bearer mcp_your_api_key_here
Quick Start
Generate a video in three steps: create a job, poll for status, then retrieve the result.
curl -X POST https://api.wavemakr.com/api/v1/videos \
-H "Authorization: Bearer mcp_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"prompt": "Create a 30-second ad for a coffee shop in Brooklyn",
"aspect_ratio": "16:9",
"duration": 30
}' curl https://api.wavemakr.com/api/v1/videos/wf_abc123def456 \ -H "Authorization: Bearer mcp_your_api_key"
curl https://api.wavemakr.com/api/v1/videos/wf_abc123def456/composition \ -H "Authorization: Bearer mcp_your_api_key"
Or use webhooks to get notified automatically when the video is ready.
Videos
Start a new video generation job. The AI analyzes your prompt, plans scenes, generates visuals, voiceover, and music, then composes a final video. Costs credits based on complexity.
| Parameter | Type | Required | Description |
|---|---|---|---|
| prompt | string | Required | Description of the video to generate. Min 3 characters. May include a URL to scrape brand assets and content from. |
| aspect_ratio | string | Optional | 16:9 (default), 9:16, 1:1, 4:5,
or 2:3 |
| duration | number | Optional | Target duration in seconds (e.g. 30, 60). Drives credit reserve and is injected into the planner's system prompt via a
non-negotiable duration directive so the final composition lands within
±1 s of the target. |
| platform | string | Optional | Target platform hint for the planner (e.g. youtube, instagram, tiktok, tv_ctv). Influences pacing, format, and
production elements. |
| style | string | Optional | Visual style preference passed to the planner (e.g. cinematic, playful animated 2D). |
| webhook_url | string | Optional | HTTPS URL to receive a POST when the job completes, is cancelled, or fails. See Webhooks. Private IPs, credentials in the URL, and non-HTTPS schemes are rejected with 400. |
| webhook_secret | string | Optional | Secret used to sign every webhook delivery for this job via HMAC-SHA256. The
receiver verifies the X-Webhook-Signature: v1,<hex-hmac> header against <X-Webhook-ID>.<X-Webhook-Timestamp>.<raw body>. |
202 Job accepted (Retry-After: 10)
{
"job_id": "wf_abc123def456789",
"status": "running",
"message": "Video generation started. Poll GET /api/v1/videos/{job_id} for status, or stream GET /api/v1/videos/{job_id}/events for real-time progress.",
"webhook_url": "https://your-server.com/webhook"
} job_id is prefixed with wf_ followed by a 32-character hex string. Keep it; you'll need it for all subsequent calls.
400 Invalid JSON, missing/short prompt,
unknown aspect_ratio, or invalid webhook_url
402 Insufficient credits, CREDITS_OWED from a prior settlement upcharge, or NO_BILLING_ORG (the
key's account has no organization yet — sign in to the dashboard once to initialize
it). Response includes code and details.
429 Rate limit or monthly quota exceeded
(Retry-After on rate limit only)
503 Inngest dispatch unavailable (Retry-After: 60)
Check the status and progress of a video generation job. Returns an
ETag header for conditional requests, and
Retry-After while the job is still running (3s when progress_pct > 70,
8s otherwise).
200 Job status
{
"job_id": "wf_abc123def456789",
"status": "running",
"phase": "generate_video_clip",
"progress_pct": 65,
"composition_id": "comp_xyz"
} composition_id, output, and
error are only present when populated.
phase is the name of the most recently-started tool or
phase event (e.g. generate_image, compose_scenes).
| Status | Description |
|---|---|
| running | Accepted or actively generating. Check phase and
progress_pct. |
| complete | Done. composition_id and output are populated. |
| errored | Failed. See error field. May still expose a partial
composition_id if emergency-save fired. |
Stream real-time progress as Server-Sent Events. The stream emits one event per workflow event (with the workflow's event_type
as the SSE event: field) plus periodic : keepalive
comments, and terminates with a final complete,
errored, or timeout event.
Maximum stream duration is 30 minutes; reconnect with ?last_event_id= to resume.
| Event | Description |
|---|---|
| phase | Workflow phase label (e.g. planning, generating media) |
| tool_start | A tool started. detail.sceneId is set for per-scene
work. |
| tool_complete | A tool finished. detail.assetType = image / video / voiceover / music. |
| tool_error | A tool failed. message contains the user-facing
reason. |
| thinking | Orchestrator reasoning chunk (when extended-thinking is on). |
| node_link | Lineage link between a parent tool call and its media child (used by the canvas UI). |
| complete | Final event — job succeeded. data.composition_id is the ID to fetch. |
| errored | Final event — job failed. data.error is the
reason. |
| Parameter | Type | Description |
|---|---|---|
| last_event_id | integer | Resume after this event ID (use the numeric id: from a previous SSE frame). |
SSE text/event-stream
id: 12
event: phase
data: {"id":12,"event_type":"phase","message":"Generating media","created_at":"2026-04-01T12:01:00Z","progress":35}
id: 13
event: tool_start
data: {"id":13,"event_type":"tool_start","tool_name":"generate_image","message":"generate_image","detail":{"sceneId":"scene-3"},"progress":40}
id: 14
event: tool_complete
data: {"id":14,"event_type":"tool_complete","tool_name":"generate_image","detail":{"sceneId":"scene-3","assetType":"image"},"progress":52}
: keepalive
event: complete
data: {"status":"complete","composition_id":"comp_xyz","output":{"compositionId":"comp_xyz"}}
Retrieve the full video composition JSON. :id accepts
either the wf_* job ID returned by
POST /api/v1/videos or a
composition_id (UUID) from a previous status response.
Contains scene definitions, style spec, audio tracks, and R2 asset keys (resolve via
POST /assets/sign).
200 Composition data
{
"composition_id": "comp_xyz",
"composition": {
"id": "comp_xyz",
"title": "...",
"aspectRatio": "16:9",
"totalDurationFrames": 900,
"fps": 30,
"scenes": [...],
"style": {
"colorPalette": {...},
"typography": {...},
"motionLanguage": "cinematic",
"visualMedium": "photorealistic"
},
"audio": {
"voiceover": {...},
"music": {...}
}
}
}
Generate signed public URLs for composition asset keys. Use this to resolve asset
references from the composition JSON into downloadable URLs. Up to 50 keys per request. For each image key, the response also includes _400w.jpg and
_800w.jpg variants when available; for each video key,
the
_web.mp4 and _preview.mp4
variants. Keys that don't exist in storage are silently omitted from the response (no 404).
{
"keys": ["assets/scene-1/image.png", "assets/scene-2/video.mp4"]
} 200
{
"urls": {
"assets/scene-1/image.png": "https://api.wavemakr.com/assets/...",
"assets/scene-1/image_400w.jpg": "https://api.wavemakr.com/assets/...",
"assets/scene-1/image_800w.jpg": "https://api.wavemakr.com/assets/...",
"assets/scene-2/video.mp4": "https://api.wavemakr.com/assets/...",
"assets/scene-2/video_web.mp4": "https://api.wavemakr.com/assets/...",
"assets/scene-2/video_preview.mp4": "https://api.wavemakr.com/assets/..."
}
} Static Image Ads
Generate platform-ready static image ads — or plain AI images. The default
purpose: "ad" plans the headline, CTA, and visual concept from
your brief (or a site URL's scraped brand facts), renders the ad with baked copy, quality-checks
it (auto-fixing failures once), and delivers the exact platform pixel size. purpose: "image" renders your prompt
as-is at the requested size — no ad copy, branding, or ad QC. Adult (NSFW)
prompts are supported for purpose: "image" on entitled accounts
(paid plan + adult content enabled in the profile) — they auto-route to the NSFW engines
and the image_model pin is ignored; the ad purpose is standard-content
only.
One deliverable per call — make one call per ad/image you want, or set
carousel_cards for a narrative carousel. The same run also
works through the workspace tool rails (POST /api/v1/workspaces/:id/tools/generate_static_ad) and the MCP generate_static_ad tool.
Dispatch one static ad generation (or an N-card carousel). Charges a flat
8 credits per ad (carousel: 8 × cards). Async: poll the status URL,
or pass webhook_url for a signed
tool_run.completed push.
| Parameter | Type | Required | Description |
|---|---|---|---|
| prompt | string | Required* | The creative brief. *Required unless site_url is
set. |
| site_url | string | Required* | Brand site URL — scraped for real brand facts (name, colors, logo).
*Required unless prompt is set. |
| purpose | string | Optional | ad (default — planned copy, branding, ad QC)
or image (plain image — the prompt renders
as-is, no ad framing). |
| image_model | string | Optional | Image model pin: gemini-image (Nano Banana, default),
seedream (Seedream 4.0), or xai (Grok Imagine). |
| platform | string | Optional | meta, google,
reddit, linkedin, x, tiktok,
pinterest, or universal (default). Drives per-platform compliance rules and defaults. Ad purpose only. |
| format | string | Optional | Ad format id from GET /api/v1/ad-formats
(e.g. square, story_916, landscape_191). Default: resolved from
aspect_ratio, else square. |
| aspect_ratio | string | Optional | Alternative to format: a ratio like "1:1", "9:16", "1.91:1". |
| style_id | string | Optional | Pin a visual style from GET /api/v1/ad-styles;
omit for AI selection. |
| focus_hint | string | Optional | Extra creative direction (high priority). |
| prompt_mode | string | Optional | styled (default) uses the style-template planner;
free_form skips it. |
| carousel_cards | number | Optional | 2–6: generate a narrative carousel of N same-format cards (hook → problem → solution → proof → benefit → offer) instead of one ad. Priced per card. |
| webhook_url | string | Optional | HTTPS URL for a signed tool_run.completed /
tool_run.failed POST on terminal status. See Webhooks. |
| webhook_secret | string | Optional | Secret for the HMAC-SHA256 X-Webhook-Signature header
(same scheme as video webhooks). |
curl -X POST https://api.wavemakr.com/api/v1/static-ads \
-H "Authorization: Bearer mcp_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"prompt": "Bold launch ad for our espresso subscription",
"site_url": "https://example-coffee.com",
"platform": "meta",
"format": "square"
}' 202 Run accepted
{
"run_id": "wtr_abc123def456",
"credits_charged": 8,
"status": "pending",
"status_url": "/api/v1/static-ads/wtr_abc123def456"
} 400 Invalid JSON or input (neither
prompt nor site_url)
402 Insufficient credits
503 Dispatch infrastructure temporarily unreachable
Poll a static-ad run. While in flight the response is { run_id, status } (pending / running). A failed run returns 502
with status: "error" and an error reason. On completion each delivered variant carries the final image URL, exact pixel
size, ad copy, and its QC report. Single-ad runs also surface the one variant as
variant; carousels return all cards in
variants.
{
"run_id": "wtr_abc123def456",
"status": "complete",
"variant": {
"id": "adv_123",
"url": "https://api.wavemakr.com/assets/...",
"width": 1080,
"height": 1080,
"aspect_ratio": "1:1",
"format": "square",
"platforms": ["meta"],
"headline": "Espresso, Delivered.",
"cta": "Start Your Trial",
"qc": { "status": "passed", "issues": [] }
},
"variants": [ ... ]
}
Free catalog of ad formats and platform packs: each format's exact delivery pixels,
ratio, and the platforms it serves, plus each platform's recommended format pack. Use
a format id (or a platform) in POST /api/v1/static-ads.
Free catalog of ad visual styles (dark authority, testimonial spotlight, minimalist
hero, meme format, ...): id, name, use-case guidance, and platform compatibility. Pass
a style id as style_id to pin the look; omit for AI selection.
Video Upscaling
Super-resolve any external video to a higher resolution with audio preserved, via the
upscale_video tool on the workspace tool-run surface. Point
it at a public HTTPS URL of any duration — the system internally segments,
upscales, concatenates, and remuxes, so you make ONE call regardless of length. Async: poll
the run or set a
webhook_url. Full reference:
standalone-upscale-api-spec.
Create a workspace once (POST /api/v1/workspaces),
then dispatch this tool. Returns a run_id + the dynamically-computed
credits_charged; poll GET /api/v1/tool-runs/:run_id
for result.output.download_url.
{ "wait": false, "input": { … } })
| Parameter | Type | Required | Description |
|---|---|---|---|
| video_url | string | Required | Public HTTPS URL of the source video (any duration; SSRF-validated). Max 2 h / 5 GB. |
| target_short_side | number | Optional | Output short side in px, 240–2160 (default 1080). Aspect ratio preserved. |
| preserve_audio | boolean | Optional | Mux the original audio into the output (default true). |
| quality | string | Optional | standard (default, Real-ESRGAN, cheapest), pro (Topaz, pro-grade, standard content only), or premium (SeedVR2, best for heavily degraded sources). |
| quality | ≤720 | ≤1080 | ≤2160 (4K) | + base |
|---|---|---|---|---|
| standard | 8 | 17 | 70 | +3 |
| pro | 45 | 45 | 140 | +4 |
| premium | 32 | 70 | 220 | +5 |
202 { "run_id": "wtr_…", "status": "pending", "credits_charged": N }
402 Insufficient credits
413 Source too long (>2 h) / too large (>5 GB)
422 Undecodable / undeterminable-duration media
Webhooks
Instead of polling, receive an HTTPS POST to your server when a video generation or render
job completes or fails. Pass webhook_url (and optionally
webhook_secret) when creating the job.
Delivery
POST with JSON body. Your endpoint must respond
2xx within 25 seconds. URL must be HTTPS; private IPs,
localhost, and cloud-metadata addresses are rejected at job-creation time. Up to 3 delivery attempts with exponential backoff starting at 5 seconds.
Verification
When webhook_secret is set, each request carries an
X-Webhook-Signature: v1,<hmac> header. The signed
content is the concatenation
<webhookId>.<timestamp>.<body>
(HMAC-SHA256, hex-encoded). Use X-Webhook-ID for idempotent
processing.
| Event | Trigger |
|---|---|
| video.completed | Generation finished and a composition was saved. status is complete. If the crash-recovery path
emergency-saved a composition, this event still fires (degraded but usable
composition). |
| video.failed | Generation ended without a saved composition. status is errored and error carries a short reason. |
| render.completed | An MCP-initiated MP4 render finished. status is done; output.download_url contains the final URL. Render
webhooks are not signed — render_video does not accept a webhook_secret. |
| render.failed | An MCP-initiated render failed. status is failed; error contains the reason. |
| tool_run.completed | A workspace tool run finished — static image ads (POST /api/v1/static-ads / generate_static_ad), upscale_video, and any POST /api/v1/workspaces/:id/tools/:name call
with a webhook_url. Payload carries run_id, workspace_id, tool, and the tool result. Signed when webhook_secret was supplied. |
| tool_run.failed | A workspace tool run failed. status is error; error contains the reason. Credits auto-refund on
runner crashes. |
Refinement workflows (REST /api/v1/videos superseded by chat,
or the MCP refine_video tool) do not emit
webhooks today — only generation does. Listen via SSE (GET /api/v1/videos/:jobId/events) for refinement progress.
| Header | Description |
|---|---|
| X-Webhook-ID | Unique delivery identifier — use for idempotent processing. |
| X-Webhook-Timestamp | Unix timestamp of delivery (seconds). |
| X-Webhook-Signature | HMAC-SHA256 signature, present only when webhook_secret was supplied. Format: v1,<hex-hmac>. Signed
content: <X-Webhook-ID>.<X-Webhook-Timestamp>.<raw body>. |
| User-Agent | Wavemaker/1.0 |
{
"event": "video.completed",
"job_id": "wf_abc123def456789",
"status": "complete",
"composition_id": "comp_xyz",
"created_at": "2026-04-01T12:03:45Z",
"completed_at": "2026-04-01T12:03:45Z"
} {
"event": "video.failed",
"job_id": "wf_abc123def456789",
"status": "errored",
"composition_id": null,
"error": "Generation failed — no composition could be saved",
"created_at": "2026-04-01T12:01:12Z",
"completed_at": "2026-04-01T12:01:12Z"
} {
"event": "render.completed",
"job_id": "rnd_xyz",
"status": "done",
"composition_id": "comp_xyz",
"output": { "download_url": "https://.../final.mp4" },
"created_at": "2026-04-01T12:05:00Z",
"completed_at": "2026-04-01T12:08:14Z"
} {
"event": "tool_run.completed",
"run_id": "wtr_abc123",
"workspace_id": "ws_xyz",
"tool": "generate_static_ad",
"status": "complete",
"result": { ... },
"completed_at": "2026-04-01T12:06:30Z"
} Usage
Retrieve usage statistics and remaining monthly quota for the calling API key. Quotas
are evaluated server-side on every call to POST /api/v1/videos.
| Parameter | Type | Default | Description |
|---|---|---|---|
| days | integer | 30 | Lookback period in days (1–90). Clamped to max(1, min(days, 90)). |
200
{
"period_days": 30,
"total_requests": 142,
"total_cost_cents": 8500,
"by_action": {
"video_generation": { "count": 42, "cost_cents": 8500 }
},
"quota": {
"quota_cents": null,
"used_cents": 8500,
"remaining_cents": null,
"unlimited": true
}
}
All fields use snake_case. Billing is credit-based and org-scoped (enforced with
402 on POST /api/v1/videos), so the per-key dollar quota is reported as unlimited:
quota.unlimited is true and
quota.quota_cents / quota.remaining_cents
are null.
MCP Integration
Wavemaker implements the Model Context Protocol, so you can use it as a tool in Cursor, Claude Desktop, Windsurf, or any MCP-compatible
client. The MCP endpoint is at https://api.wavemakr.com/mcp and uses
OAuth 2.1 with PKCE — no API key required in your config. The first connection
opens a browser tab where you sign in with your Wavemaker account; subsequent requests use an
access token issued by Wavemaker.
Endpoints
/oauth/authorize — user consent & sign-in
/oauth/token — token issue / refresh
/oauth/register — dynamic client registration
Access tokens live 1 hour; refresh tokens 30 days.
Plain PKCE is rejected (S256 only).
Scopes
video:generate ·
video:read ·
video:render
Scopes are advertised in the OAuth discovery metadata so clients can request them, but the
server does not currently use the granted-scope claim as an access gate
— every authenticated MCP client sees the full tool list. Plan for scope enforcement
in a future release. The same 30-rpm rate limit applies to every MCP call.
wait=true blocks with streamed progress notifications.
depth=site) and
return brand profile, images, content summary, and palette. Charges 5 credits
(refunded on failure).
render.completed webhook.
wait=true.
purpose: "image" for a plain image (prompt renders
as-is) and image_model to pin the renderer. 8 credits each.
generate_static_ad.
style_id
values for generate_static_ad (omit for AI selection).
Beyond this curated list, the MCP server also registers the full workspace tool catalog dynamically — every externally exposed pipeline tool (scraping, subject development,
image/clip generation, review, composition, refinement, upscale_video, and more) as its own MCP tool, executed inside a persistent workspace. Browse it with
GET /api/v1/tools or the describe_tool MCP tool.
Add this to your .cursor/mcp.json (project-local) or
~/.cursor/mcp.json (global). Cursor opens the OAuth browser
flow on first use; no headers or keys go in the config.
{
"mcpServers": {
"wavemaker": {
"url": "https://api.wavemakr.com/mcp"
}
}
}
Add to your claude_desktop_config.json. mcp-remote
handles the OAuth flow and persists tokens locally.
{
"mcpServers": {
"wavemaker": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.wavemakr.com/mcp"]
}
}
}
Other clients (Windsurf, VS Code MCP, Codex) connect the same way — point them at
https://api.wavemakr.com/mcp as a remote streamable-HTTP MCP
server. Direct curl to the MCP endpoint requires a valid OAuth
access token in the Authorization header, which you obtain
via the standard authorization-code + PKCE flow.
Errors
The API uses standard HTTP status codes. Error responses always include a JSON body with
an
error field describing the issue. Some 4xx responses also include
a machine-readable code and a structured
details object.
| Code | Meaning | Description |
|---|---|---|
| 200 | OK | Request succeeded. |
| 202 | Accepted | Job dispatched. Response includes Retry-After. |
| 400 | Bad Request | Invalid JSON, missing/short prompt, unknown aspect_ratio, or invalid webhook_url. |
| 401 | Unauthorized | Missing/invalid Authorization header or API key. |
| 402 | Payment Required | Insufficient credits, CREDITS_OWED from a settlement
upcharge, or NO_BILLING_ORG (key's account has no organization
initialized). Response carries code + details. |
| 404 | Not Found | Job, composition, or resource does not exist (or is not visible to this API key). |
| 429 | Too Many Requests | Per-key rate limit exceeded (retryAfterSeconds + Retry-After header) or monthly quota exceeded (response includes a usage snapshot). |
| 500 | Server Error | Unexpected internal failure. Safe to retry with backoff. |
| 503 | Service Unavailable | Dispatch infrastructure (Inngest) temporarily unreachable. Response includes Retry-After: 60. |
{
"error": "Rate limit exceeded",
"retryAfterSeconds": 27
} {
"error": "Monthly quota exceeded",
"usage": {
"quotaCents": 5000,
"usedCents": 5012,
"remainingCents": 0
}
} {
"error": "Organization has 25 credits owed from a prior settlement upcharge. Clear the balance before starting a new generation.",
"code": "CREDITS_OWED",
"details": { "owed": 25, "since": "2026-03-30T10:11:12Z" }
} Ready to integrate? Create your API key to get started.
Manage API Keys →