Skip to main content
Tracent TechnologiesTracent Technologies
Get started

API & MCP reference

The complete surface of the Tracent Technologies gateway. Detailed endpoint and method pages are in progress.

Gateway REST API

Endpoints for organisations, MCP servers, Tool Groups, gateway logs and HITL transactions.

MCP methods

The JSON-RPC methods the gateway exposes to AI clients, and how arguments are validated against tool schemas.

Error codes

Gateway error codes - policy denials, rate limits, redaction failures and HITL timeouts - and how to handle them.

Rate limits

Per-minute, per-hour and per-day limits, configured for each Tool Group.

Gateway Sync: how the MCP gateway gets policies

The MCP gateway is a separate service that fronts every tool call. It needs an up-to-date copy of every organisation's Tool Group policies. Two channels keep it in sync.

1. REST snapshot (cold start, reconcile)

GET /api/gateway/tool-policy?org_id=<uuid>
Authorization: Bearer $GATEWAY_API_KEY

200 OK
{
  "organisation_id": "...",
  "groups": [
    {
      "id": "...",
      "name": "Payments",
      "allowed_roles": ["admin", "compliance"],
      "pii_mask_keys": ["bvn", "nin", "account_number"],
      "hitl_required": true,
      "rate_limit_per_minute": 60,
      "rate_limit_per_hour": 1000,
      ...
    }
  ],
  "tools": [
    { "tool_group_id": "...", "mcp_server_id": "...", "tool_name": "transfer" }
  ],
  "fetched_at": "2026-05-25T10:00:00Z"
}

The endpoint is served by Next.js using the Supabase service-role key, so it bypasses RLS. The Bearer guard is the only access control; rotate GATEWAY_API_KEY by re-deploying both sides with a new value.

2. Realtime updates (live policy edits)

The gateway also subscribes to the Supabase Realtime publication on tool_groups and tool_group_tools. When a console user saves a policy or drags a tool into a group, the gateway receives an event within ~100ms and updates its in-memory copy. Versioning gives you a safety net: the snapshot captured pre-mutation is stored in tool_group_versions and can be restored from the policy panel.

Required environment variables

  • SUPABASE_SERVICE_ROLE_KEY: from Supabase > Project Settings > API. Server-only; never ship to the browser.
  • GATEWAY_API_KEY: shared secret. Generate with openssl rand -hex 32 and set on both the console and the gateway.