Skip to content

REST API overview & auth

If you’d rather not use MCP or an SDK, you can call Fabric’s Context API directly from any backend. The same governed tools are exposed as REST endpoints, and every request runs the same scope-pinned, policy-checked, audited pipeline.

Your REST base URL comes from GET /v1/connection-info and is shown in the console (for example https://api.wexa.ai/v1). Use the value for your deployment.

Send a project-scoped API key as a Bearer token, and the workspace ID as a header, on every request:

Header Value
Authorization Bearer <YOUR_API_KEY>
X-Wexa-Workspace ws_<your_project>
Content-Type application/json

Generate an API key in Simple Mode. Keys are project-scoped, SHA-256 hashed at rest, and revocable. OAuth 2.1 access tokens are also accepted as Bearer tokens — see Authentication & scopes.

Method & path Purpose
POST /v1/query-context Read-only query against the project’s context graph
POST /v1/save-context Write nodes and relationships (Simple mode only)
POST /v1/ontology Define / commit ontology
POST /v1/docs Live ontology, query examples, governance status
GET /v1/connection-info Public MCP / REST / SDK coordinates (no secrets)

Governance endpoints (/v1/approvals, /v1/audit, /v1/lifecycles/{id}, /v1/policy-decisions) expose the trust surfaces for your calls — see the Endpoint reference.

Each call returns a lifecycle_id. Use it to inspect the call’s trace, policy decision, any approval, and the audit entry — the same identifier is carried across all of them.

Fabric returns structured errors with conventional HTTP status codes:

Status Meaning
401 Missing or invalid credential
403 Scope or grant violation (e.g. workspace your key can’t access)
422 Request failed validation (e.g. a write clause in a read query)
429 Rate limit / quota exceeded (per-project and per-org sliding windows)