REST API overview & auth
If you’d rather not use MCP or an SDK, you can call Fabric’s Context API directly from any backend. The same governed tools are exposed as REST endpoints, and every request runs the same scope-pinned, policy-checked, audited pipeline.
Base URL
Section titled “Base URL”Your REST base URL comes from GET /v1/connection-info and is shown in the console
(for example https://api.wexa.ai/v1). Use the value for your deployment.
Authentication
Section titled “Authentication”Send a project-scoped API key as a Bearer token, and the workspace ID as a header, on every request:
| Header | Value |
|---|---|
Authorization |
Bearer <YOUR_API_KEY> |
X-Wexa-Workspace |
ws_<your_project> |
Content-Type |
application/json |
Generate an API key in Simple Mode. Keys are project-scoped, SHA-256 hashed at rest, and revocable. OAuth 2.1 access tokens are also accepted as Bearer tokens — see Authentication & scopes.
Endpoints
Section titled “Endpoints”| Method & path | Purpose |
|---|---|
POST /v1/query-context |
Read-only query against the project’s context graph |
POST /v1/save-context |
Write nodes and relationships (Simple mode only) |
POST /v1/ontology |
Define / commit ontology |
POST /v1/docs |
Live ontology, query examples, governance status |
GET /v1/connection-info |
Public MCP / REST / SDK coordinates (no secrets) |
Governance endpoints (/v1/approvals, /v1/audit, /v1/lifecycles/{id},
/v1/policy-decisions) expose the trust surfaces for your calls — see the
Endpoint reference.
Every response carries a lifecycle_id
Section titled “Every response carries a lifecycle_id”Each call returns a lifecycle_id. Use it to inspect the call’s trace, policy decision,
any approval, and the audit entry — the same identifier is carried across all of them.
Errors
Section titled “Errors”Fabric returns structured errors with conventional HTTP status codes:
| Status | Meaning |
|---|---|
401 |
Missing or invalid credential |
403 |
Scope or grant violation (e.g. workspace your key can’t access) |
422 |
Request failed validation (e.g. a write clause in a read query) |
429 |
Rate limit / quota exceeded (per-project and per-org sliding windows) |
- Query context — the main read endpoint.
- Connection info — discover your coordinates programmatically.
