The API should be running on k8s, behind the Toolforge API Gateway (that does already user authentication), and use a service account to interact with k8s.
It should implement OpenAPI and probably swagger (or similar) to explore the API.
Gitlab repo: https://gitlab.wikimedia.org/repos/cloud/toolforge/buildservice-api
API methods
TBD