search
Ctrlk

REST API

HTTP REST API for vCon ingestion and operations.

hashtag
Overview

The vCon MCP Server exposes a RESTful HTTP API alongside the MCP transport layer. This API provides endpoints for vCon CRUD operations, designed for programmatic integration with external systems.

hashtag
Key Features

  • HTTP/JSON - Standard REST conventions

  • API Key Authentication - Secure access with configurable API keys

  • CORS Support - Configurable cross-origin resource sharing

  • Plugin Integration - Full lifecycle hooks (beforeCreate, afterCreate, etc.)

  • Batch Operations - Ingest up to 100 vCons in a single request

  • Health Checks - Built-in health endpoint for monitoring

hashtag
Configuration

hashtag
REST API Variables

Variable
Default
Description

REST_API_BASE_PATH

/api/v1

Base path for REST API endpoints

REST_API_ENABLED

true

Enable/disable REST API

hashtag
Authentication Variables

Variable
Default
Description

API_KEYS

(none)

Comma-separated list of valid API keys

API_KEY_HEADER

authorization

Header for API key; default expects Authorization: Bearer <token>. Set to x-api-key to use that header instead.

API_AUTH_REQUIRED

true

Set to false to disable authentication

hashtag
HTTP Transport Variables

The REST API requires HTTP transport mode to be enabled:

Variable
Default
Description

MCP_TRANSPORT

stdio

Set to http to enable HTTP server

MCP_HTTP_HOST

127.0.0.1

HTTP host to bind

MCP_HTTP_PORT

3000

HTTP port to listen on

CORS_ORIGIN

*

CORS allowed origins

hashtag
Example Configuration

hashtag
Authentication

All REST API endpoints (except /health) require API key authentication.

hashtag
Request Headers

By default, send your API key in the Authorization header:

You can use a different header by setting API_KEY_HEADER (e.g. x-api-key).

hashtag
Authentication Responses

401 Unauthorized - Missing API Key:

401 Unauthorized - Invalid API Key:

503 Service Unavailable - Auth Not Configured:

Note: The hint field is only included in non-production environments.

hashtag
Endpoints

hashtag
Health Check

Check API and database health status.

Endpoint: GET /api/v1/health

Authentication: Not required

Response (200 OK):

Response (503 Service Unavailable):

Example:

hashtag
Create vCon

Create/ingest a single vCon.

Endpoint: POST /api/v1/vcons

Authentication: Required

Request Headers:

Request Body:

The request body should be the vCon object directly:

Response (201 Created):

Response (400 Bad Request - Validation Error):

Example:

hashtag
Batch Create vCons

Ingest multiple vCons in a single request (up to 100).

Endpoint: POST /api/v1/vcons/batch

Authentication: Required

Request Headers:

Request Body:

Array of vCon objects:

Response (201 Created - All Successful):

Response (207 Multi-Status - Partial Success):

Response (400 Bad Request):

Example:

hashtag
Get vCon

Retrieve a vCon by UUID.

Endpoint: GET /api/v1/vcons/:uuid

Authentication: Required

URL Parameters:

Parameter
Type
Description

uuid

string

vCon UUID (required)

Response (200 OK):

Response (404 Not Found):

Example:

hashtag
List vCons

List recent vCons with optional limit.

Endpoint: GET /api/v1/vcons

Authentication: Required

Query Parameters:

Parameter
Type
Default
Description

limit

number

10

Number of vCons to return (max: 100)

Response (200 OK):

Example:

hashtag
Delete vCon

Delete a vCon by UUID.

Endpoint: DELETE /api/v1/vcons/:uuid

Authentication: Required

URL Parameters:

Parameter
Type
Description

uuid

string

vCon UUID (required)

Response (200 OK):

Response (404 Not Found):

Example:

hashtag
Error Handling

All errors follow a consistent format:

hashtag
HTTP Status Codes

Status
Description

200

Success

201

Created (new vCon)

207

Multi-Status (batch with partial success)

400

Bad Request (validation error)

401

Unauthorized (authentication failed)

404

Not Found

500

Internal Server Error

503

Service Unavailable

hashtag
Error Examples

Internal Server Error (500):

Note: In non-production environments, more detailed error messages are included.

hashtag
Plugin Integration

The REST API integrates with the vCon MCP Server's plugin system. All vCon operations trigger the appropriate lifecycle hooks:

Operation
Hooks Triggered

Create vCon

beforeCreate, afterCreate

Get vCon

beforeRead, afterRead

Update vCon

beforeUpdate, afterUpdate

List/Search vCons

beforeSearch, afterSearch

Delete vCon

beforeDelete, afterDelete

This ensures consistent behavior between MCP tools and REST API operations, including:

  • Privacy filtering

  • Access control

  • Audit logging

  • Data transformation

See the Plugin Development Guide for more information.

hashtag
Request Logging

All requests are logged with the following information:

Response logging includes duration:

hashtag
CORS Configuration

The REST API supports CORS with configurable options:

Allowed Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS

Allowed Headers: Content-Type, Authorization (Bearer), x-api-key (if API_KEY_HEADER=x-api-key)

Configure CORS Origin:

hashtag
Usage Examples

hashtag
JavaScript/Node.js

hashtag
Python

hashtag
cURL Examples

hashtag
Full Endpoint Reference

The REST API now has full parity with MCP tools. All endpoints use /api/v1 as the default base path.

hashtag
vCon CRUD & Sub-resources

Method
Path
Description

POST

/vcons

Create a vCon

POST

/vcons/batch

Batch create (up to 100)

GET

/vcons

List/search vCons (filter with query params)

GET

/vcons/:uuid

Get vCon by UUID (?format=full|summary|metadata)

PATCH

/vcons/:uuid

Update vCon metadata (subject, extensions, critical)

DELETE

/vcons/:uuid

Delete a vCon

POST

/vcons/:uuid/dialog

Add dialog to a vCon

POST

/vcons/:uuid/analysis

Add analysis to a vCon

POST

/vcons/:uuid/attachments

Add attachment to a vCon

hashtag
Tags

Method
Path
Description

GET

/vcons/:uuid/tags

Get all tags (or single via ?key=)

PUT

/vcons/:uuid/tags/:key

Set a tag (body: {"value": "..."})

DELETE

/vcons/:uuid/tags/:key

Remove a tag

DELETE

/vcons/:uuid/tags

Remove all tags

GET

/tags

Discover unique tags across DB

GET

/tags/search

Search vCons by tags (?tags={"key":"value"})

hashtag
Search

Method
Path
Description

GET

/vcons/search/content

Keyword/full-text search (?q=)

GET

/vcons/search/semantic

Semantic/embedding search (?q=)

GET

/vcons/search/hybrid

Combined keyword + semantic search (?q=)

hashtag
Database & Analytics

Method
Path
Description

GET

/database/shape

Database schema shape

GET

/database/stats

Performance statistics

GET

/database/size

Size info and recommendations

GET

/database/health

Health metrics

POST

/database/analyze

Analyze a SQL query plan

GET

/analytics

Full analytics dashboard

GET

/analytics/growth

Growth trends

GET

/analytics/content

Content analytics

GET

/analytics/tags

Tag analytics

GET

/analytics/attachments

Attachment analytics

hashtag
Infrastructure

Method
Path
Description

GET

/health

Health check (no auth)

GET

/version

Version info (no auth)

GET

/schema

vCon JSON Schema (no auth)

GET

/examples/:type

Example vCons (no auth)

hashtag
Comparison: REST API vs MCP Tools

Feature
REST API
MCP Tools

Protocol

HTTP/JSON

MCP (stdio/HTTP)

Auth

API Key (Bearer)

MCP client auth

Best for

External integrations, scripts

AI assistants

Operations

Full CRUD + sub-resources

Full toolkit (30+ tools)

Search

4 modes (list, keyword, semantic, hybrid)

4 search modes

Tags

Full tag management

Full tag management

Analytics

Full analytics suite

Full analytics suite

Batch

Yes (100 max)

No

Streaming

No

Yes (SSE)

Both interfaces share the same VConService business logic layer, plugin hooks, and database queries. Choose based on your integration pattern.

hashtag
Next Steps

PreviousOverviewNextMCP Tools

Last updated