Skip to main content
The Veto API lets you manage agents, policies, and API keys, and run authorization checks at runtime. All endpoints are available at: 
https://api.veto.tools

Authentication

Every request must include your API key in the Authorization header: 
Authorization: Bearer <your-api-key>
You can create and manage API keys from the API Keys endpoints. Keys are prefixed with veto_.
API keys are scoped. A key with the read scope can call authorization and read endpoints only. A key with the admin scope has full access. Requests with insufficient scope return 403 INSUFFICIENT_SCOPE. See API Keys for details.

Request format

Send Content-Type: application/json on all POST and PATCH requests. All request bodies must be valid JSON. 
Content-Type: application/json

Response format

All responses return JSON. Successful responses return the resource or collection directly. Error responses always follow this shape: 
{
  "error": {
    "code": "ERROR_CODE",
    "message": "Human-readable message"
  }
}
See Errors for the full list of error codes and HTTP status codes.

Versioning

All endpoints are versioned under /v1/. The current version is v1.

Rate limiting

If you exceed the rate limit, the API returns 429 with a Retry-After header indicating how many seconds to wait before retrying. 
HTTP/1.1 429 Too Many Requests
Retry-After: 30

Endpoints

MethodPathDescription
POST/v1/authorizeCheck if an agent can call a tool
POST/v1/agentsCreate an agent
GET/v1/agentsList agents
GET/v1/agents/:idGet an agent
PATCH/v1/agents/:idUpdate an agent
DELETE/v1/agents/:idDelete an agent
POST/v1/policiesCreate a policy
GET/v1/policiesList policies
GET/v1/policies/:idGet a policy
PATCH/v1/policies/:idUpdate a policy
DELETE/v1/policies/:idDelete a policy
GET/v1/audit-logsQuery audit logs
POST/v1/api-keysCreate an API key
GET/v1/api-keysList API keys
DELETE/v1/api-keys/:idDelete an API key