Developers · API
API documentation
Cytra does not offer a public programmatic API today — no API keys, no token endpoint, and no published SDKs. Programmatic access is on the roadmap. Access to Cytra itself is sales-led, and the managed MCP gateway is in private beta; if you need integration now, talk to us and we'll scope it during onboarding.
Public API on the roadmap — not yet availableWhat exists today
Two authentication surfaces, neither a public API
Dashboard session auth
The dashboard and its /api/* routes authenticate with BetterAuth session cookies; accounts are provisioned by invitation. These routes serve the dashboard and are not a supported public API — shapes may change without notice.
Internal agent protocol
Cytra-built collectors and on-prem agents authenticate with a per-agent HMAC scheme (signed, timestamped, replay-protected requests), provisioned during early-access onboarding. Not a general-purpose public API.
Both surfaces are documented for integrators working directly with Cytra. No compatibility guarantees exist for any route today.
Roadmap
What the planned public API will cover
Governance & policy
Manage policies, control mappings, and approval gates that the gateway enforces at runtime.
Managed MCP gateway
Broker scoped credentials and route governed AI/agent actions through the per-tenant policy engine.
Evidence & audit
Export the per-tenant, hash-chained, tamper-evident record of every governed action and denial.
Bias & fairness
Read fairness metrics and drift signals from scheduled measurement on configured eval datasets.
When the public API ships, this page will be replaced with the real reference — endpoints, authentication, rate limits, and language samples — generated from the served OpenAPI description.