Skip to main content
Agents integrate with VaultGraph over MCP, and merchants integrate their storefront by implementing one HTTPS endpoint the gateway calls — see SDK and the remote adapter protocol. The REST endpoints documented in the API Reference tab cover the surfaces around those primary paths:
  • Shop management (/api/shops) — control-plane CRUD over your shops.
  • Commerce (/api/commerce/*) — the agent-facing REST mirror of the MCP tool surface. Useful for inspecting tool responses without an MCP client. Not the merchant integration path — your storefront should not call these endpoints. Merchant integration goes the other direction: see SDK.
  • UCP discovery (/.well-known/ucp/{deployment}) — public capability profile per deployment.

Base URL

https://app.vaultgraph.com

Authentication

All authenticated requests carry an API key in the x-api-key header: 
curl -H "x-api-key: your-api-key" \
  https://app.vaultgraph.com/api/shops
Two kinds of key:
  • Organization API key (vk_) — scoped to a whole organization. Authenticates shop management.
  • Deployment API key (dk_) — scoped to a single deployment. Authenticates commerce endpoints and the MCP session.
Both carry coarse-grained scopes. Keys are created in the portal — see Setup — and hashed at rest. Keep them server-side only.