-
Notifications
You must be signed in to change notification settings - Fork 2
API Endpoints
MCP JSON-RPC 2.0 handler. Requires authentication (OAuth token or legacy bearer).
Supported methods:
-
initialize— returns server info and capabilities -
tools/list— returns available tools (read-only sessions see fewer tools) -
tools/call— execute a tool by name with arguments
{
"jsonrpc": "2.0",
"id": "1",
"method": "tools/call",
"params": {
"name": "memory_save",
"arguments": {
"type": "note",
"content": "Hello world",
"tags": "test"
}
}
}Server-Sent Events transport. Send Accept: text/event-stream header. Returns an endpoint event with the POST URL, then keeps the connection alive with periodic pings.
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /.well-known/oauth-authorization-server |
Public | Authorization server metadata |
| GET | /.well-known/oauth-protected-resource |
Public | Protected resource metadata |
| POST | /register |
Admin token | Dynamic client registration |
| GET/POST | /authorize |
User login | OAuth authorization endpoint |
| POST | /token |
Client | Token exchange (code or refresh) |
| POST | /auth/signup |
Public | Create user account |
| POST | /auth/login |
Public | Sign in |
| POST | /auth/refresh |
Cookie | Rotate tokens |
| POST | /auth/logout |
Cookie | Revoke session |
| GET | /auth/me |
Bearer/Cookie | Verify session |
| GET | /auth/sessions |
Bearer/Cookie | List sessions |
| POST | /auth/sessions/revoke |
Bearer/Cookie | Revoke sessions |
See OAuth and Authentication for full details.
These endpoints back the web viewer and can be used directly.
List and search memories.
| Parameter | Type | Description |
|---|---|---|
type |
query | Filter by memory type |
search |
query | Full-text search |
limit |
query | Max results (1-500, default 100) |
Auth: Bearer token, auth cookie, or legacy AUTH_SECRET.
Response:
{
"memories": [...],
"stats": [{"type": "note", "count": 42}],
"archived_count": 3
}Get graph nodes and edges for visualization.
Auth: Bearer token, auth cookie, or legacy AUTH_SECRET.
Response:
{
"nodes": [...],
"edges": [...],
"inferred_edges": [...]
}Nodes include dynamic scores. Edges include explicit relationships. Inferred edges are computed from shared tags.
Get all relationships for a specific memory.
Auth: Bearer token, auth cookie, or legacy AUTH_SECRET.
Response: Array of link objects with direction (from or to), relation type, label, and the linked memory with scores.
List available MCP tools with server metadata.
Auth: Bearer token, auth cookie, or legacy AUTH_SECRET.
Response:
{
"server": {"name": "memoryvault", "version": "1.10.0"},
"tool_count": 41,
"tool_names": ["memory_save", ...],
"relation_types": ["related", "supports", ...]
}When accessed from a browser (HTML Accept header), these paths return human-readable guide pages:
| Path | Content |
|---|---|
/ |
Dev Portal — overview, metrics, endpoint table |
/mcp |
MCP endpoint guide — what it does, how to connect |
/register |
Client registration guide |
/authorize |
OAuth authorization guide |
/token |
Token exchange guide |
/auth/* |
Auth endpoint guides |
/api/* |
API endpoint guides |
/view |
Web viewer application |
/view.js |
Viewer JavaScript (same-origin) |
Returns server status when accessed without browser headers.
{
"name": "memoryvault",
"version": "1.10.0",
"status": "ok",
"tools": 41
}Allowed origins: https://claude.ai, https://poke.com, plus the request's own origin if it matches.
All responses include:
Access-Control-Allow-Methods: GET, POST, OPTIONSAccess-Control-Allow-Headers: Content-Type, Authorization, AcceptVary: Origin
HTML responses additionally include security headers (X-Frame-Options, CSP, HSTS, etc.).
Reference
Concepts
Features