API reference
Use the MCP endpoint for agent-facing access. Use the REST routes for the admin UI and setup workflows.
Public MCP
Section titled “Public MCP”POST /mcp
Headers:
Authorization: Bearer <token>Accept: application/json, text/event-streamContent-Type: application/jsonMcp-Protocol-Version: 2025-03-26Methods: tools/list, tools/call. Unsupported methods and HTTP verbs return errors.
OAuth MCP
Section titled “OAuth MCP”Discovery:
GET /.well-known/oauth-protected-resourceGET /.well-known/oauth-authorization-server
OAuth endpoints:
POST /oauth/registerGET /oauth/authorizePOST /oauth/authorizePOST /oauth/tokenPOST /oauth/revoke
Supported scope: mcp:read
Personal access tokens
Section titled “Personal access tokens”Authenticated web API:
GET /api/api-tokens— list active PATs for the signed-in user; returns the MCP URL.POST /api/api-tokens— create a PAT; returns the plaintext token once.DELETE /api/api-tokens/:id— revoke a PAT.
Create token body:
{ "name": "Claude Code" }Create token response:
{ token: { id: string; name: string; prefix: string; createdAt: string; lastUsedAt: string | null; revokedAt: string | null; }; plaintext: string; mcpUrl: string;}Integration provider API
Section titled “Integration provider API”Admin / provider management:
GET /api/mcp-serversPOST /api/mcp-serversPATCH /api/mcp-servers/:idDELETE /api/mcp-servers/:idPOST /api/mcp-servers/connection-testsPOST /api/mcp-servers/:id/connection-testsGET /api/mcp-servers/:id/health
Provider app and account management:
GET /api/mcp-servers/:id/appsPOST /api/mcp-servers/:id/connectionsPOST /api/mcp-servers/:id/connections/intentsGET /api/mcp-servers/:id/connectionsDELETE /api/mcp-servers/:id/connections/:connectionIdPATCH /api/mcp-servers/:id/connections/:connectionId/access
Indexed connector API
Section titled “Indexed connector API”Manage and query indexed connectors. Selected routes (all under /api/connectors):
GET /api/connectors— list connectorsPOST /api/connectors— create a connectorGET /api/connectors/mine— connectors owned by the current userGET /api/connectors/sources— available connector sourcesGET /api/connectors/all-files— indexed files across connectorsGET /api/connectors/file-counts-by-source— file counts grouped by sourceGET /api/connectors/search— search indexed filesGET /api/connectors/progress— sync progressPOST /api/connectors/browse— browse a source before connectingGET /api/connectors/files/:fileId/content— indexed file contentGET /api/connectors/:id— get one connectorGET /api/connectors/:id/files— files for one connectorPOST /api/connectors/:id/syncs— trigger a syncPATCH /api/connectors/:id/scope— change a connector’s scopePOST /api/connectors/:id/rotate-key— rotate a connector’s API keyDELETE /api/connectors/:id— delete a connector
Provider OAuth (connect flows)
Section titled “Provider OAuth (connect flows)”The admin UI connects Google, Microsoft, and Zoho accounts through provider OAuth routes under /api/oauth. These are the account-connect flows, distinct from the OAuth MCP discovery routes above.
GET /api/oauth/google/authorize·GET /api/oauth/google/callback·GET /api/oauth/google/statusGET /api/oauth/microsoft/authorize·GET /api/oauth/microsoft/callback·GET /api/oauth/microsoft/statusGET /api/oauth/zoho/authorize·GET /api/oauth/zoho/callback·GET /api/oauth/zoho/status