Vectara REST API v2
The Vectara Platform to context engineer Enterprise Agents. The REST API gives you server-side control with enterprise-grade RBAC, multi-tenancy, and full observability. Build agents that combine Vectara's multimodal retrieval with tool use, structured instructions, and managed sessions — all through simple REST endpoints.
All endpoints live at https://api.vectara.io/v2/<resource> using lowercase, hyphenated paths (e.g. /corpora/:corpus_key/documents).
API conventions
We follow standard REST conventions: GET to read, POST to create, PATCH to update, PUT to replace, and DELETE to remove. Actions that don't map to CRUD verbs use a separate POST /<resource>/<action> path (e.g. POST /corpora/:corpus_key/reset).
Backward compatibility — New fields may be added to any response at any time. Fields are never removed, only deprecated. Clients should ignore unknown fields. We aim for strong backward compatibility, though the agentic AI space is evolving rapidly and agent-related APIs may see more frequent additions.
Authentication methods
Every API request must be authenticated using one of these methods:
API Key — Pass your key in the x-api-key header. Create API keys with precise roles for least-privilege access, or use personal API keys that inherit the same roles as your user account.
OAuth 2.0 — Use the client credentials flow to obtain a JWT token from https://auth.vectara.io/oauth2/token, then pass it in the Authorization: Bearer <token> header. Tokens expire after 30 minutes.
Role-based access control
Each endpoint requires specific roles. The role badges on each endpoint page show which roles grant access. Vectara uses three role types:
API Roles (account-wide, assigned to users): Roles like owner, administrator, corpus_administrator, corpus_developer, corpus_viewer, agent_administrator, agent_developer, agent_viewer, agent_user, pipeline_administrator, pipeline_viewer, and viewer. These grant access across all resources of that type.
Corpus Roles (per-corpus, assigned on specific corpora): owner, administrator, editor, viewer. These grant access to a specific corpus only.
Agent Roles (per-agent, assigned on specific agents): agent_administrator, agent_developer, agent_viewer, agent_user. These grant access to a specific agent only.
A user's effective permissions are the union of their API roles, corpus roles, and agent roles. Higher roles in each hierarchy inherit lower role permissions. See Role-based access control for the full role hierarchy and assignment instructions.
Authentication
- OAuth 2.0: OAuth2
- API Key: ApiKeyAuth
OAuth2 access to Vectara
Security Scheme Type: | oauth2 |
|---|---|
OAuth Flow (clientCredentials): | Token URL: https://auth.vectara.io/oauth2/token Scopes: |
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | x-api-key |
Contact
Terms of Service
https://vectara.com/legal/terms-of-service/