Base URL
All endpoints are relative to your Toolshed server’s base URL:your-toolshed-server.com with your actual server host. When running locally the base URL is typically http://localhost:3000/api.
Authentication
Most API endpoints require a bearer token. Obtain a token by runningtoolshed login with the Toolshed CLI, then pass it in the Authorization header on every request:
401 Unauthorized.
Quick example
Endpoint groups
Registry
Register tool sources and discover the full catalog. Supports OpenAPI, MCP, GraphQL, and plugin sources.
Auth
Connect and manage OAuth provider integrations (GitHub, Slack, Linear, Google) on behalf of your users.
Policy
Create roles with tool-path patterns and resolve a user’s effective tool access.
Elicitation
Handle human-in-the-loop approval requests raised by tools mid-execution.
HTTP status codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Resource created |
400 | Bad request — check the error and details fields in the response |
404 | Resource not found |
401 | Unauthorized — missing or invalid bearer token |
502 | Upstream provider error |
Error format
All error responses share a consistent shape:details array is present on validation errors and contains Zod issue objects describing exactly which fields failed and why.