HTTP REST API for vCon ingestion and operations.
The vCon MCP Server exposes a RESTful HTTP API alongside the MCP transport layer. This API provides endpoints for vCon CRUD operations, designed for programmatic integration with external systems.
HTTP/JSON - Standard REST conventions
API Key Authentication - Secure access with configurable API keys
CORS Support - Configurable cross-origin resource sharing
Plugin Integration - Full lifecycle hooks (beforeCreate, afterCreate, etc.)
Batch Operations - Ingest up to 100 vCons in a single request
Health Checks - Built-in health endpoint for monitoring
REST API Variables
Variable
Default
Description
Base path for REST API endpoints
Authentication Variables
Variable
Default
Description
Comma-separated list of valid API keys
Alternative to VCON_API_KEYS
Set to false to disable authentication
HTTP Transport Variables
The REST API requires HTTP transport mode to be enabled:
Variable
Default
Description
Set to http to enable HTTP server
Example Configuration
All REST API endpoints (except /health) require API key authentication.
Request Headers
Authentication Responses
401 Unauthorized - Missing API Key:
401 Unauthorized - Invalid API Key:
503 Service Unavailable - Auth Not Configured:
Note: The hint field is only included in non-production environments.
Check API and database health status.
Endpoint: GET /api/v1/health
Authentication: Not required
Response (200 OK):
Response (503 Service Unavailable):
Example:
Create/ingest a single vCon.
Endpoint: POST /api/v1/vcons
Authentication: Required
Request Headers:
Request Body:
The request body should be the vCon object directly:
Response (201 Created):
Response (400 Bad Request - Validation Error):
Example:
Batch Create vCons
Ingest multiple vCons in a single request (up to 100).
Endpoint: POST /api/v1/vcons/batch
Authentication: Required
Request Headers:
Request Body:
Array of vCon objects:
Response (201 Created - All Successful):
Response (207 Multi-Status - Partial Success):
Response (400 Bad Request):
Example:
Retrieve a vCon by UUID.
Endpoint: GET /api/v1/vcons/:uuid
Authentication: Required
URL Parameters:
Response (200 OK):
Response (404 Not Found):
Example:
List recent vCons with optional limit.
Endpoint: GET /api/v1/vcons
Authentication: Required
Query Parameters:
Parameter
Type
Default
Description
Number of vCons to return (max: 100)
Response (200 OK):
Example:
Delete a vCon by UUID.
Endpoint: DELETE /api/v1/vcons/:uuid
Authentication: Required
URL Parameters:
Response (200 OK):
Response (404 Not Found):
Example:
All errors follow a consistent format:
HTTP Status Codes
Multi-Status (batch with partial success)
Bad Request (validation error)
Unauthorized (authentication failed)
Internal Server Error (500):
Note: In non-production environments, more detailed error messages are included.
Plugin Integration
The REST API integrates with the vCon MCP Server's plugin system. All vCon operations trigger the appropriate lifecycle hooks:
beforeCreate, afterCreate
beforeSearch, afterSearch
beforeDelete, afterDelete
This ensures consistent behavior between MCP tools and REST API operations, including:
See the Plugin Development Guide for more information.
Request Logging
All requests are logged with the following information:
Response logging includes duration:
CORS Configuration
The REST API supports CORS with configurable options:
Allowed Methods: GET, POST, PUT, DELETE, OPTIONS
Allowed Headers: Content-Type, x-api-key, Authorization
Configure CORS Origin:
JavaScript/Node.js
Use the REST API for:
External system integrations
Batch ingestion pipelines
Use MCP Tools for:
AI assistant integrations
Advanced search (semantic, hybrid)