Getting started
The way in is your AI client. Add ~Alter as a connector in Claude, ChatGPT, Le Chat, or Perplexity, sign in through your browser, and choose your ~handle. No terminal required.
Connect your AI
In Claude, ChatGPT, Le Chat, or Perplexity, add a custom connector at https://mcp.truealter.com, sign in through your browser, and choose your ~handle. Choosing your ~handle is how your account is created. Then use your AI as you normally would. Through the connector it reads only what you allow, and your record earns each time someone verifies you with your consent.
- 1Add the connector
Open your AI client’s connector settings and add a custom connector pointing at
https://mcp.truealter.com. - 2Sign in through your browser
Your client opens a browser sign-in. Authorise the connector to read your identity on the terms you set.
- 3Choose your ~handle
Pick your ~handle. That choice creates your account. From here, use your AI as you normally would. For client-by-client setup, see the client guides.
Base URL
All REST API requests go to:
https://mcp.truealter.com/api/v1The MCP Identity Server is at https://mcp.truealter.com/api/v1/mcp using the streamable-http transport.
API versioning
The current REST API version is v1 (Preview), embedded in the URL path. When we release a new major version, existing endpoints keep working under their original version prefix. Breaking changes are versioned; deprecated fields are announced before removal.
Preview API
The API is in preview. Endpoints, request shapes, and response schemas may change without notice. Pin to specific response fields and ignore unrecognised response fields; do not error on unexpected keys. Breaking changes go out through the changelog.
Developer / REST API path
- 1Register via the REST API
For raw API access, create an account with an email and password (minimum 8 characters). See Authentication for full registration options.
curl -X POST https://mcp.truealter.com/api/v1/auth/register \ -H "Content-Type: application/json" \ -d '{ "email": "you@example.com", "password": "your-secure-password", // pragma: allowlist secret "full_name": "Jane Smith" }' - 2Obtain a JWT token
Log in to get an access token and a refresh cookie. The access token lasts 6 hours. For token lifecycle details including refresh rotation, see JWT Bearer Tokens.
curl -X POST https://mcp.truealter.com/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{"email": "you@example.com", "password": "your-secure-password"}' # Response: # { # "access_token": "eyJhbGciOiJFUzI1NiIs...", # "token_type": "bearer" # } - 3Call an authenticated endpoint
Pass the token in the
Authorizationheader.curl https://mcp.truealter.com/api/v1/me \ -H "Authorization: Bearer eyJhbGciOiJFUzI1NiIs..."
Request & response format
All bodies are JSON. Set Content-Type to application/json on any request with a body.
Cursor-based pagination
All list endpoints use cursor-based pagination for stable, performant traversal. The cursor is an opaque base64-encoded string - do not attempt to decode or construct cursors manually.
Query Parameters
| Name | Type | Description |
|---|---|---|
limit | string | Page size (default varies by endpoint, max 100) |
cursor | string | Opaque pagination cursor from the previous response |
Response Fields
| Name | Type | Description |
|---|---|---|
data | array | Array of items for the current page |
pagination.next_cursor | string | null | Cursor for the next page (null if no more pages) |
pagination.has_more | boolean | Boolean indicating whether more pages exist |
pagination.total_count | integer | Total number of items matching the query |
// First page
GET /api/v1/credentials/?limit=20
// Next page
GET /api/v1/credentials/?limit=20&cursor=eyJzIjoiMjAyNi0w...Response envelope
List endpoints return a paginated envelope. Single-resource endpoints return the object directly.
{
"data": [
{ "id": "a1b2c3d4-...", "full_name": "Jane Smith", ... }
],
"pagination": {
"next_cursor": "eyJzIjoiMjAyNi0w...",
"has_more": true,
"total_count": 142
}
}Rate limits
Rate limiting uses a Redis-backed sliding window counter and is applied per authenticated role, not by a free/pro tier split. A member or org admin gets 120 requests/minute and 5,000/day; org viewers and auditors get 60/minute and 2,000/day; unauthenticated requests run in the lowest bucket at 40/minute and 20,000/day. When a limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header. For the full list of status codes returned when limits are exceeded, see the Error Reference.
- REST API
- 120/min, 5,000/day (member)
- x402 queries
- 120/min (member); 60/min (viewer)
- MCP tools
- 40/min, 20,000/day (unauthenticated)
Rate limit headers
| Name | Type | Description |
|---|---|---|
X-RateLimit-Limit | string | Maximum requests allowed in the window |
X-RateLimit-Remaining | string | Requests remaining in the current window |
X-RateLimit-Reset | string | Unix timestamp when the window resets |
Retry-After | string | Seconds until the next request is allowed (only on 429) |
Preview API notice
The API is in preview. During the preview period:
- Endpoints may be added, changed, or removed without a major version bump
- Response schemas may gain new fields (we won't remove fields without notice)
- Rate limits and pricing may change
- Code defensively: ignore unknown fields; return a typed error on unexpected status codes
Subscribe to the changelog for breaking change notifications.
Next steps
Authentication
JWT and passkey login for humans, OAuth capability tokens for agents, and multi-factor authentication.
REST API Reference
Browse all 76 endpoints across 11 sections.
MCP Identity Server
Connect AI agents via the Model Context Protocol.
Error reference
HTTP status codes, error response format, and JSON-RPC error codes.