// api

Your vault, programmatically.

Most of the time, your agents reach Retia over MCP. But when you want to read or write the vault from your own code, a token-authenticated API is there.

Most builders should start with MCP

If you're connecting an agent — Claude, Codex, Cursor — MCP is the easiest path and needs no code. The API is for when you want programmatic control from your own application.

MCP setup →

Authentication

Every request carries your token as a Bearer header — the same token your agents use. It identifies your workspace and scopes every call to your data. Nothing is reachable without it.

example request

curl https://api.retia.dev/v1/projects \
-H "Authorization: Bearer <your-token>"

# → your projects, scoped to your workspace

The essentials

The API mirrors what your agents do: read projects, search the vault, and write notes. A small, predictable surface — growing as the product does.

GET

/v1/projects

List your projects and their context.

GET

/v1/projects/:slug

Fetch a project's notes and its current DNA summary.

POST

/v1/search

Ask the librarian — retrieve the notes that match an intent.

POST

/v1/notes

Write a structured note — with type, tags, and sensitivity.

A complete reference, SDKs, and rate-limit details live in the docs — the surface here is the core, and it grows with the product.

Write a note

POST /v1/notes

POST /v1/notes
{
  "project": "my-project",
  "title": "Decided on Postgres over Mongo",
  "type": "decision",
  "sensitivity": "internal"
}
# → 201 · note stored & indexed

The same structured note your agents create over MCP — now from any language that can make an HTTP request.

Scope it like a delegation, not a key under the mat.

Every token you create has a scope — and this is where Retia's whole philosophy shows. The most sensitive layer of your vault isn't locked to keep everyone out. It's locked so that only who you choose gets in. You decide what each token can see and do.

READ

read-only

Fetch projects and search the vault — but never write. Safe for dashboards and reporting.

SCOPED

no-sensitive

Full read/write on everyday notes, but your most sensitive layer stays invisible — even to this token.

TRUSTED

full-delegation

For the agent you trust to act on your behalf — it reads what it needs and gets things done, so you don't have to log in and do it yourself.

That's the point of the sensitive layer: not to hide things from everyone, but to let exactly the agent you authorize work on your behalf — without ever exposing your secrets to us, the operator.

Build on your vault.

Start free Read the docs