Skip to content

API reference

Use the MCP endpoint for agent-facing access. Use the REST routes for the admin UI and setup workflows.

POST /mcp

Headers:

Authorization: Bearer <token>
Accept: application/json, text/event-stream
Content-Type: application/json
Mcp-Protocol-Version: 2025-03-26

Methods: tools/list, tools/call. Unsupported methods and HTTP verbs return errors.

Discovery:

  • GET /.well-known/oauth-protected-resource
  • GET /.well-known/oauth-authorization-server

OAuth endpoints:

  • POST /oauth/register
  • GET /oauth/authorize
  • POST /oauth/authorize
  • POST /oauth/token
  • POST /oauth/revoke

Supported scope: mcp:read

Authenticated web API:

  • GET /api/api-tokens — list active PATs for the signed-in user; returns the MCP URL.
  • POST /api/api-tokens — create a PAT; returns the plaintext token once.
  • DELETE /api/api-tokens/:id — revoke a PAT.

Create token body:

{ "name": "Claude Code" }

Create token response:

{
token: {
id: string;
name: string;
prefix: string;
createdAt: string;
lastUsedAt: string | null;
revokedAt: string | null;
};
plaintext: string;
mcpUrl: string;
}

Admin / provider management:

  • GET /api/mcp-servers
  • POST /api/mcp-servers
  • PATCH /api/mcp-servers/:id
  • DELETE /api/mcp-servers/:id
  • POST /api/mcp-servers/connection-tests
  • POST /api/mcp-servers/:id/connection-tests
  • GET /api/mcp-servers/:id/health

Provider app and account management:

  • GET /api/mcp-servers/:id/apps
  • POST /api/mcp-servers/:id/connections
  • POST /api/mcp-servers/:id/connections/intents
  • GET /api/mcp-servers/:id/connections
  • DELETE /api/mcp-servers/:id/connections/:connectionId
  • PATCH /api/mcp-servers/:id/connections/:connectionId/access

Manage and query indexed connectors. Selected routes (all under /api/connectors):

  • GET /api/connectors — list connectors
  • POST /api/connectors — create a connector
  • GET /api/connectors/mine — connectors owned by the current user
  • GET /api/connectors/sources — available connector sources
  • GET /api/connectors/all-files — indexed files across connectors
  • GET /api/connectors/file-counts-by-source — file counts grouped by source
  • GET /api/connectors/search — search indexed files
  • GET /api/connectors/progress — sync progress
  • POST /api/connectors/browse — browse a source before connecting
  • GET /api/connectors/files/:fileId/content — indexed file content
  • GET /api/connectors/:id — get one connector
  • GET /api/connectors/:id/files — files for one connector
  • POST /api/connectors/:id/syncs — trigger a sync
  • PATCH /api/connectors/:id/scope — change a connector’s scope
  • POST /api/connectors/:id/rotate-key — rotate a connector’s API key
  • DELETE /api/connectors/:id — delete a connector

The admin UI connects Google, Microsoft, and Zoho accounts through provider OAuth routes under /api/oauth. These are the account-connect flows, distinct from the OAuth MCP discovery routes above.

  • GET /api/oauth/google/authorize · GET /api/oauth/google/callback · GET /api/oauth/google/status
  • GET /api/oauth/microsoft/authorize · GET /api/oauth/microsoft/callback · GET /api/oauth/microsoft/status
  • GET /api/oauth/zoho/authorize · GET /api/oauth/zoho/callback · GET /api/oauth/zoho/status