Developers
Everything the console can do, your own code or agent can do too — through a full REST API and an external MCP server, both scoped by the same API key.
Every resource the console manages — projects, tasks, sessions, webhooks, connectors, approvals, audit logs, billing, and more — is a first-class REST endpoint at api.veirox.com.
Swagger UI
Interactive — try requests in the browser
Redoc
Readable reference, better for browsing
openapi.json
Raw schema — generate your own client
Authentication
Machine credentials (vrx_k_…) are minted per-org from Settings → API & MCP Access. A key's effective permissions are the intersection of its declared scopes, the creator's role, and an optional project allow-list — a key can never reach more than the person who made it.
# every request curl https://api.veirox.com/api/tasks \ -H "Authorization: Bearer vrx_k_..." \ -H "X-Project-ID: <project-uuid>"
Idempotency
State-changing POST/PATCH/DELETE calls on trigger-style routes accept an Idempotency-Key header — safe to retry a task trigger or webhook delivery without double-firing it.
The same platform is exposed as a Model Context Protocol server, so Claude Code, Claude Desktop, Cursor, Codex, or any MCP-aware agent can drive Veirox directly — open an incident, trigger a task, request an approval — with the same audit trail and permission scopes as the in-app agent.
Mount points
| URL | Scope | Tools |
|---|---|---|
| /api/mcp/<project_id> | Project | Curated tools — search, connectors, approvals, integrations |
| /api/mcp/<project_id>/_rest | Project | Every tagged REST endpoint the key can reach, auto-bridged |
| /api/mcp/_org | Org | Org-level curated tools |
| /api/mcp/_org/_rest | Org | Org-scoped REST auto-bridge |
The console's API & MCP Access page generates ready-to-paste config for Claude Desktop, Cursor, VS Code Continue, Codex CLI, and generic Python — pre-filled with your key and a project picker scoped to that key's allow-list.
Every tool call is authenticated the same way as a REST request, is subject to the same scope and project allow-list, and is written to the audit log as an mcp.tool_called event.