Skip to main content
Every operation in gavAI is reachable over HTTPS at https://api.gavai.app/v1. The CLI, SDKs, and MCP servers all wrap this API — they add no capability of their own. Anything they can do, you can do with a plain curl. By the end of this section you will know how the API authenticates, what its errors look like, how writes stay idempotent across retries, how to walk paginated lists, and where to find every resource.

A first request

curl https://api.gavai.app/v1/me \
  -H "Authorization: Bearer gak_test_xxxxxxxxxxxxx"
That call is the smallest legal request the API accepts. The bearer token authenticates you, the JSON body identifies the principal behind that token, and the workspace tells you which tenant the token resolves to. Every other endpoint follows the same shape.

The contract in one table

WhatValue
Base URLhttps://api.gavai.app/v1
Request and response bodyapplication/json
AuthenticationAuthorization: Bearer <token> on every request
Token typesWorkspace API keys (gak_live_*, gak_test_*) or OAuth session tokens (gst_*)
Error envelope{ "error": { "code": string, "message": string, "details"?: object } }
Idempotency window24 hours, keyed by Idempotency-Key header
PaginationCursor-based, next_cursor on list responses
Rate limitsPer-token, surfaced via X-RateLimit-* headers
Every overview page in this section unpacks one row of that table.

Read these first

Resources

Next

Authentication

Pick a token type, mint a key, and make your first authenticated call.