Skip to main content

Developers · API

API documentation

Cytra does not offer a public programmatic API today — no API keys, no token endpoint, and no published SDKs. Programmatic access is on the roadmap. Access to Cytra itself is sales-led, and the managed MCP gateway is in private beta; if you need integration now, talk to us and we'll scope it during onboarding.

Public API on the roadmap — not yet available

What exists today

Two authentication surfaces, neither a public API

Exists today

Dashboard session auth

The dashboard and its /api/* routes authenticate with BetterAuth session cookies; accounts are provisioned by invitation. These routes serve the dashboard and are not a supported public API — shapes may change without notice.

Exists today

Internal agent protocol

Cytra-built collectors and on-prem agents authenticate with a per-agent HMAC scheme (signed, timestamped, replay-protected requests), provisioned during early-access onboarding. Not a general-purpose public API.

Both surfaces are documented for integrators working directly with Cytra. No compatibility guarantees exist for any route today.

Roadmap

What the planned public API will cover

Planned

Governance & policy

Manage policies, control mappings, and approval gates that the gateway enforces at runtime.

Planned

Managed MCP gateway

Broker scoped credentials and route governed AI/agent actions through the per-tenant policy engine.

Planned

Evidence & audit

Export the per-tenant, hash-chained, tamper-evident record of every governed action and denial.

Planned

Bias & fairness

Read fairness metrics and drift signals from scheduled measurement on configured eval datasets.

When the public API ships, this page will be replaced with the real reference — endpoints, authentication, rate limits, and language samples — generated from the served OpenAPI description.