Developers

REST API reference

Name: Mantle
Author: mantle

The HTTP surface mantle exposes at https://api.mantleai.dev/v1— authenticate with the same Bearer API key you'd use for MCP.

OpenAPI

Generate a typed client from our spec: api.mantleai.dev/openapi.json. Works with openapi-typescript, openapi-python-client, Postman, Scalar.

Most users will never touch the REST API directly — their agent uses MCP instead. Reach for this surface when:

You're writing a server-side integration and don't want to run an MCP client
You need batch operations that don't fit the MCP conversational shape
You're wiring mantle into a custom dashboard or admin tool
You want to debug what an agent is actually calling (MCP tools forward to these endpoints under the hood)

Authentication

Every endpoint requires Authorization: Bearer <key>. API keys look like mk_... and are issued from the dashboard at app.mantleai.dev.

curl https://api.mantleai.dev/v1/sources \
  -H "Authorization: Bearer mk_your_key_here"

Scopes ride on the key. A read-scoped key can call every read endpoint; write is required for sync triggers and mutations; admin is required for things like bulk-revoke on the api-keys endpoints. Scopes are hierarchical — admin grants write grants read.

Rate limits: 300 requests/minute per API key by default. Specific endpoints are tighter (create-key is 10/min, sync-trigger is 20/min). Rate-limit hits return 429 Too Many Requests. See specific endpoint docs for per-route limits.

OpenAPI

The full, always-current schema lives at https://api.mantleai.dev/openapi.json. Every endpoint, parameter, response shape, and status code is documented there. If you use a tool that ingests OpenAPI (Postman, Insomnia, Scalar, openapi-typescript, openapi-python-client), point it at that URL and you'll have a working client in seconds.

This page gives you a curated tour; the OpenAPI spec is the authoritative reference.

Endpoint groups

Search & graph

POST/v1/searchsemantic search over indexed chunks

POST/v1/search/relationshipsfuzzy rel-type lookup

GET/v1/search/entitiesentity name search

GET/v1/search/entities/{id}single entity lookup

GET/v1/search/entities/{id}/contextentity snapshot

GET/v1/search/entities/{id}/relationshipspaginated edges

GET/v1/search/entities/{id}/relationships/summarygrouped

POST/v1/search/entities/degreesbatch degree lookup

GET/v1/search/entities/{id}/path?to={id}shortest path

GET/v1/search/entities/{id}/graphlocal subgraph

Sources

GET/v1/sourceslist connected sources

POST/v1/sourcesconnect a new source

GET/v1/sources/{id}source detail

DELETE/v1/sources/{id}disconnect

PATCH/v1/sources/{id}rename / reconfigure

POST/v1/sources/{id}/synctrigger an async sync

GET/v1/sources/{id}/eventslive sync event feed

GET/v1/sources/{id}/filessynced-file browser

POST/v1/sources/{id}/files/purgeremove files

GET/v1/sources/{id}/failuresextraction DLQ

POST/v1/sources/{id}/retry-failuresre-run failed extractions

POST/v1/sources/{id}/querySQL against a connected database

API keys

POST/v1/api-keyscreate

GET/v1/api-keyslist

PATCH/v1/api-keys/{id}rename / re-scope

DELETE/v1/api-keys/{id}revoke one

POST/v1/api-keys/{id}/rotaterotate (mint new, revoke old)

POST/v1/api-keys/revoke-allemergency kill switch

Documents & content

GET/v1/sources/{source_id}/content/{file_id}fetch full document content

GET/v1/sources/{source_id}/files/{file_id}/chunkslist chunks for a file

GET/v1/chunks/{chunk_id}/contextchunk + neighbour window

Auth

GET/v1/auth/login-urlOAuth provider login URL

POST/v1/auth/callbackOAuth callback exchange

POST/v1/auth/refreshrefresh session token

GET/v1/auth/mecurrent authed user + tenant

Connectors & sync

GET/v1/connectorslist available connector types

POST/v1/sources/{id}/oauth/startbegin source OAuth flow

POST/v1/sources/{id}/oauth/callbackcomplete source OAuth

POST/v1/sources/{id}/cleanup-previewpreview what a re-sync would change

Usage

GET/v1/usage/balancecurrent credit balance

GET/v1/usage/eventsusage event history

Tenants

DELETE/v1/tenants/{tenant_id}GDPR-compliant tenant deletion

Health & status

GET/v1/healthliveness probe

GET/v1/readyreadiness probe (Postgres + Neo4j + Redis)

GET/v1/statscorpus statistics

GET/v1/status/publicpublic component-level status (no auth, CORS-open)

Example — full roundtrip

Search for an entity, pull its context, and read the top linked document:

# 1. Resolve the name
curl -s https://api.mantleai.dev/v1/search/entities?q=brickell \
  -H "Authorization: Bearer mk_..." | jq '.[0].entity_id'
# → "ent_0e19a8f4..."

# 2. Pull the snapshot
curl -s "https://api.mantleai.dev/v1/search/entities/ent_0e19a8f4.../context" \
  -H "Authorization: Bearer mk_..." | jq '.entity.name, .entity.properties, .relationships[:3]'

# 3. Fetch full document content for a related file
curl -s "https://api.mantleai.dev/v1/sources/src_xyz/content/file_abc" \
  -H "Authorization: Bearer mk_..." | jq '.content[:500]'

Errors

Errors return standard HTTP status codes plus a JSON body:

{
  "detail": "Authorization required. Provide a Bearer token in the Authorization header."
}

Common codes:

401 Unauthorized — missing or invalid Bearer token
402 Payment Required — tenant is out of credits; contact hello@mantleai.dev to top up
403 Forbidden — your API key doesn't have the required scope
404 Not Found — entity/source/file not found, or not visible to your tenant
429 Too Many Requests — rate limit exceeded; respect Retry-After header
5xx — something's broken on our side; retry with exponential backoff. If persistent, ping hello@mantleai.dev with the X-Request-Id header from the response.

Changelog

Breaking changes to public endpoints are rare but announced in advance via the changelog. Endpoints prefixed /v1/ are stable; anything under /v0/ (none today) would be considered unstable.