TrustPager Docs

Authentication & Scopes

One API key per TrustPager workspace, with scope-based permissions and optional approval gating.

API key format

Scopes

Scopes are stamped on the key at creation and follow you across both MCP and REST surfaces. Format: <resource>:<action>.

Full list of per-resource scopes: see the OpenAPI spec under each endpoint's x-scopes.

Approval queue

Keys with -approval scope variants (e.g. contacts:write-approval) queue write operations for human review instead of executing immediately. Use these when an AI agent should be able to PROPOSE changes that a human ratifies.

Pagination

List endpoints return a cursor-paginated envelope: { data, pagination: { has_more, next_cursor } }. Pass the next_cursor value back as the ?after= query parameter to fetch the next page. Default page size is 25, maximum 100 (?limit=).

Idempotency

Send an Idempotency-Key header on write requests (POST/PATCH/PUT/DELETE) to prevent duplicate records if a request is retried. The same key replays the original response instead of executing the operation again.

Credit costs

Reads are free. Writes are billed; AI generation and sends (email, SMS, voice) are billed more. The MCP surface is ~10× cheaper per call than REST and is the recommended surface for interactive AI work — see Using AI.

Error responses on auth failure

401 and 403 responses are AI-friendly — they tell the caller exactly what to do:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="trustpager", error="invalid_token", error_description="Missing Authorization header"
Link: <https://docs.trustpager.com>; rel="help", <https://docs.trustpager.com/openapi.json>; rel="describedby"
Content-Type: application/json

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing Authorization header",
    "details": {
      "docs": "https://docs.trustpager.com",
      "api_base_url": "https://api.trustpager.com/functions/v1/api/v1",
      "auth_scheme": "Authorization: Bearer tp_live_...",
      "fix": "Include a valid API key in the Authorization header..."
    }
  }
}

Rate limits

Default: 60 requests per minute, 10,000 per day per key. Configurable per key. On limit hit you'll see HTTP 429 with a Retry-After header and a RATE_LIMITED error code.

IP allowlist (optional)

You can restrict a key to specific IP addresses on the key creation form. Requests from other IPs return HTTP 403 with error.code: "FORBIDDEN" and message "IP address not allowed". Leave the allowlist empty to allow any IP.