API · POST
POST /v1/tools
Register a tool from an OpenAPI / GraphQL / SOAP specification.
Overview
POST /v1/tools
Registers a new tool that agents can invoke. Provide the spec, auth configuration, and policy class. The platform handles schema indexing, scoping and audit.
All xyner API calls require an OAuth2 bearer token with the appropriate scope. Every request is identity-bound and audit-captured.
Request
Example request
{
"name": "guidewire-claims",
"type": "openapi",
"spec_url": "https://internal.api/guidewire/openapi.json",
"auth": {
"type": "oauth2",
"secrets_ref": "vault://guidewire/prod"
},
"policy_class": "claims-write",
"side_effects": ["create", "update"],
"idempotency_support": true
}
Response
Example response
A successful response has shape:
{
"id": "tool_01H8X",
"name": "guidewire-claims",
"operations": 47,
"indexed_at": "2026-04-12T09:18:10Z",
"scope_required": "claims:write"
}
Notes
Things worth knowing
Useful behavioural details for this endpoint.
- All endpoints support OpenTelemetry trace-context propagation via standard W3C headers.
- Idempotency keys are honoured for 24 hours (or longer for endpoints that explicitly support extended idempotency).
- Errors follow RFC 7807 problem+json with a stable error code in
type. - Every successful action produces one or more audit records, queryable via /v1/audit/query.
- Rate limits apply per-tenant; current limits are returned in
X-RateLimit-*response headers.
See also
Related endpoints and concepts
This endpoint is part of the broader xyner platform API. For an end-to-end view, see the platform overview and the documentation hub.
Get started
Ready to put autonomous agents to work?
See xyner in your environment with a guided executive demo.