Skip to main content
API Preview
Developers

Getting started

The way in is your AI client. Add ~Alter as a connector in Claude, ChatGPT, Le Chat, or Perplexity, sign in through your browser, and choose your ~handle. No terminal required.

Connect your AI

In Claude, ChatGPT, Le Chat, or Perplexity, add a custom connector at https://mcp.truealter.com, sign in through your browser, and choose your ~handle. Choosing your ~handle is how your account is created. Then use your AI as you normally would. Through the connector it reads only what you allow, and your record earns each time someone verifies you with your consent.

  1. 1Add the connector

    Open your AI client’s connector settings and add a custom connector pointing at https://mcp.truealter.com.

  2. 2Sign in through your browser

    Your client opens a browser sign-in. Authorise the connector to read your identity on the terms you set.

  3. 3Choose your ~handle

    Pick your ~handle. That choice creates your account. From here, use your AI as you normally would. For client-by-client setup, see the client guides.

Base URL

All REST API requests go to:

bash
https://mcp.truealter.com/api/v1

The MCP Identity Server is at https://mcp.truealter.com/api/v1/mcp using the streamable-http transport.

API versioning

The current REST API version is v1 (Preview), embedded in the URL path. When we release a new major version, existing endpoints keep working under their original version prefix. Breaking changes are versioned; deprecated fields are announced before removal.

Preview API

The API is in preview. Endpoints, request shapes, and response schemas may change without notice. Pin to specific response fields and ignore unrecognised response fields; do not error on unexpected keys. Breaking changes go out through the changelog.

Developer / REST API path

  1. 1Register via the REST API

    For raw API access, create an account with an email and password (minimum 8 characters). See Authentication for full registration options.

    curl -X POST https://mcp.truealter.com/api/v1/auth/register \
      -H "Content-Type: application/json" \
      -d '{
        "email": "you@example.com",
        "password": "your-secure-password", // pragma: allowlist secret
        "full_name": "Jane Smith"
      }'
  2. 2Obtain a JWT token

    Log in to get an access token and a refresh cookie. The access token lasts 6 hours. For token lifecycle details including refresh rotation, see JWT Bearer Tokens.

    curl -X POST https://mcp.truealter.com/api/v1/auth/login \
      -H "Content-Type: application/json" \
      -d '{"email": "you@example.com", "password": "your-secure-password"}'
    
    # Response:
    # {
    #   "access_token": "eyJhbGciOiJFUzI1NiIs...",
    #   "token_type": "bearer"
    # }
  3. 3Call an authenticated endpoint

    Pass the token in the Authorization header.

    curl https://mcp.truealter.com/api/v1/me \
      -H "Authorization: Bearer eyJhbGciOiJFUzI1NiIs..."

Request & response format

All bodies are JSON. Set Content-Type to application/json on any request with a body.

Cursor-based pagination

All list endpoints use cursor-based pagination for stable, performant traversal. The cursor is an opaque base64-encoded string - do not attempt to decode or construct cursors manually.

Query Parameters

NameTypeDescription
limitstringPage size (default varies by endpoint, max 100)
cursorstringOpaque pagination cursor from the previous response

Response Fields

NameTypeDescription
dataarrayArray of items for the current page
pagination.next_cursorstring | nullCursor for the next page (null if no more pages)
pagination.has_morebooleanBoolean indicating whether more pages exist
pagination.total_countintegerTotal number of items matching the query
bash
// First page
GET /api/v1/credentials/?limit=20

// Next page
GET /api/v1/credentials/?limit=20&cursor=eyJzIjoiMjAyNi0w...

Response envelope

List endpoints return a paginated envelope. Single-resource endpoints return the object directly.

json
{
  "data": [
    { "id": "a1b2c3d4-...", "full_name": "Jane Smith", ... }
  ],
  "pagination": {
    "next_cursor": "eyJzIjoiMjAyNi0w...",
    "has_more": true,
    "total_count": 142
  }
}

Rate limits

Rate limiting uses a Redis-backed sliding window counter and is applied per authenticated role, not by a free/pro tier split. A member or org admin gets 120 requests/minute and 5,000/day; org viewers and auditors get 60/minute and 2,000/day; unauthenticated requests run in the lowest bucket at 40/minute and 20,000/day. When a limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header. For the full list of status codes returned when limits are exceeded, see the Error Reference.

REST API
120/min, 5,000/day (member)
x402 queries
120/min (member); 60/min (viewer)
MCP tools
40/min, 20,000/day (unauthenticated)

Rate limit headers

NameTypeDescription
X-RateLimit-LimitstringMaximum requests allowed in the window
X-RateLimit-RemainingstringRequests remaining in the current window
X-RateLimit-ResetstringUnix timestamp when the window resets
Retry-AfterstringSeconds until the next request is allowed (only on 429)

Preview API notice

The API is in preview. During the preview period:

  • Endpoints may be added, changed, or removed without a major version bump
  • Response schemas may gain new fields (we won't remove fields without notice)
  • Rate limits and pricing may change
  • Code defensively: ignore unknown fields; return a typed error on unexpected status codes

Subscribe to the changelog for breaking change notifications.

Docs | ~alter