REST API
The Rekor REST API provides full access to bases, record_types, records, relationships, inbound webhooks, triggers, and batch operations. All endpoints accept and return JSON. The CLI and MCP server are both thin wrappers over this API.
Base URL
https://api.rekor.pro/v1/{base_id}
Most endpoints are scoped to a base. Token management and vault endpoints are account-level and don't require a base ID.
Authentication
All requests require a Bearer token in the Authorization header:
curl https://api.rekor.pro/v1/my-base/record-types \
-H "Authorization: Bearer rec_your_token_here"
Create tokens via the CLI (rekor tokens create) or the POST /v1/tokens endpoint. Each token is scoped by grants — base, record_type, environment, and permission level. See Access Control for details.
Request and Response Format
All request bodies are JSON. All responses return JSON with one of two shapes:
Success — single resource
{
"id": "01926f3a-...",
"record_type": "contacts",
"data": { "name": "Jane Doe", "email": "jane@acme.com" },
"created_at": "2026-03-25T10:00:00Z",
"updated_at": "2026-03-25T10:00:00Z"
}
Success — list with pagination
{
"data": [ ... ],
"meta": {
"total": 142,
"limit": 50,
"offset": 0
}
}
Error
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid filter: unknown operator 'foo'",
"details": [ ... ]
}
}
Error Codes
| HTTP Status | Code | Meaning |
|---|---|---|
| 400 | VALIDATION_ERROR | Invalid request body, query params, or filter syntax |
| 401 | UNAUTHORIZED | Missing or invalid token |
| 403 | FORBIDDEN | Token lacks required permission or scope |
| 404 | NOT_FOUND | Resource does not exist |
| 409 | CONFLICT | Duplicate external_id or version conflict |
| 429 | RATE_LIMITED | Too many requests — retry after Retry-After seconds |
| 500 | INTERNAL_ERROR | Unexpected server error |
Pagination
List and query endpoints accept limit and offset parameters:
| Parameter | Default | Maximum |
|---|---|---|
limit | 50 | 1,000 |
offset | 0 | — |
The meta.total field in the response tells you the total number of matching records, so you can calculate pages.
# Page 1
GET /v1/crm/records/contacts?limit=50&offset=0
# Page 2
GET /v1/crm/records/contacts?limit=50&offset=50
Upsert Semantics
PUT endpoints are upserts. If a record with the given external_id and external_source exists, it's updated. Otherwise, a new record is created. This makes all writes idempotent — safe to retry without duplicating data.
Endpoints
| Section | Description |
|---|---|
| Bases | Bases API endpoints |
| Record_types | Record_types API endpoints |
| Records | Records API endpoints |
| Relationships | Relationships API endpoints |
| Change History | Change History API endpoints |
| Attachments | Attachments API endpoints |
| File Types | File Types API endpoints |
| Files | Files API endpoints |
| S3 Mount Credentials | S3 Mount Credentials API endpoints |
| Inbound_webhooks | Inbound_webhooks API endpoints |
| Triggers | Triggers API endpoints |
| MCP Factory Toolsets | MCP Factory Toolsets API endpoints |
| Actions | Actions API endpoints |
| Batch | Batch API endpoints |
| Providers | Providers API endpoints |
| SQL | SQL API endpoints |
| Environments | Environments API endpoints |
| API Tokens | API Tokens API endpoints |
| Secret Vault | Secret Vault API endpoints |
| Other | Other API endpoints |