Skip to main content

Base URL

All API requests are made to: 
https://api.veto.tools
Every endpoint is prefixed with /v1/. For example: 
https://api.veto.tools/v1/agents

Authentication

Include your API key as a Bearer token in the Authorization header on every request: 
Authorization: Bearer veto_<your-key>
API keys are prefixed with veto_. You can create and manage keys via the API Keys endpoints or the Veto dashboard.

Request format

All request bodies must be JSON. Set the Content-Type header accordingly: 
Content-Type: application/json

Rate limits

The API allows 600 requests per minute per API key. Every response includes the following headers:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed per minute
X-RateLimit-RemainingRequests remaining in the current window
When you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait before retrying.

Example request

curl https://api.veto.tools/v1/agents \
  -H "Authorization: Bearer veto_..."

Pagination

List endpoints return a paginated envelope: 
{
  "data": [...],
  "pagination": {
    "limit": 50,
    "offset": 0,
    "count": 10,
    "total": 42
  }
}
FieldDescription
dataArray of results for the current page
pagination.limitMaximum results requested
pagination.offsetNumber of results skipped
pagination.countNumber of results in this page
pagination.totalTotal number of matching results across all pages
Use limit and offset query parameters to paginate through results.

Error responses

Errors follow a consistent shape: 
{
  "error": {
    "code": "AGENT_NOT_FOUND",
    "message": "Agent not found in this workspace"
  }
}
See the Errors page for a full list of error codes.

HTTP status codes

CodeMeaning
200Success
201Resource created
204Success, no content (e.g. after a delete)
400Bad request — validation error
401Unauthorized — missing or invalid API key
403Forbidden — valid key, insufficient scope
404Not found
429Rate limit exceeded
500Internal server error