Developers

Build on Veirox.

Everything the console can do, your own code or agent can do too — through a full REST API and an external MCP server, both scoped by the same API key.

REST API

Every resource the console manages — projects, tasks, sessions, webhooks, connectors, approvals, audit logs, billing, and more — is a first-class REST endpoint at api.veirox.com.

Authentication

Machine credentials (vrx_k_…) are minted per-org from Settings → API & MCP Access. A key's effective permissions are the intersection of its declared scopes, the creator's role, and an optional project allow-list — a key can never reach more than the person who made it.

# every request
curl https://api.veirox.com/api/tasks \
  -H "Authorization: Bearer vrx_k_..." \
  -H "X-Project-ID: <project-uuid>"

Idempotency

State-changing POST/PATCH/DELETE calls on trigger-style routes accept an Idempotency-Key header — safe to retry a task trigger or webhook delivery without double-firing it.

External MCP server

The same platform is exposed as a Model Context Protocol server, so Claude Code, Claude Desktop, Cursor, Codex, or any MCP-aware agent can drive Veirox directly — open an incident, trigger a task, request an approval — with the same audit trail and permission scopes as the in-app agent.

Mount points

URLScopeTools
/api/mcp/<project_id>ProjectCurated tools — search, connectors, approvals, integrations
/api/mcp/<project_id>/_restProjectEvery tagged REST endpoint the key can reach, auto-bridged
/api/mcp/_orgOrgOrg-level curated tools
/api/mcp/_org/_restOrgOrg-scoped REST auto-bridge

The console's API & MCP Access page generates ready-to-paste config for Claude Desktop, Cursor, VS Code Continue, Codex CLI, and generic Python — pre-filled with your key and a project picker scoped to that key's allow-list.

Every tool call is authenticated the same way as a REST request, is subject to the same scope and project allow-list, and is written to the audit log as an mcp.tool_called event.