AIStorageDepot
Docs / API, MCP & CLI Reference

API, MCP & CLI Reference

Everything in your library is reachable three ways: the MCP server (what your AI tool talks to), the REST API (what scripts talk to), and the pull CLI (what writes local copies into your project). All three authenticate with the same API token.

  • Base URL: https://www.aistoragedepot.com
  • Auth: an API token, sent as Authorization: Bearer <token> (or, for the MCP endpoint, ?token=<token>).
  • Free & unmetered for individuals — the only throttle is an anti-abuse rate limit.

Getting a token

  1. Settings → API tokens → New token. Give it a name.
  2. Copy it now — it's shown once. We store only a SHA-256 hash, so we can't show it again.
  3. Revoke any token from the same screen; revocation cuts off access instantly, everywhere it was used.

Tokens act as you. A Bearer request sees only your own libraries — your personal library plus the teams and companies you belong to. The prebuilt/example libraries (Welcome, Curated) are for browsing in the app and are deliberately invisible to tokens, so "use my code-review prompt" always resolves to your prompt.

Managing tokens is session-only (you must be signed in the browser). A leaked token can't mint or revoke tokens.

Deactivated items are hidden from tokens. Any item you've deactivated (💤) is skipped by every token surface — MCP, REST, and pull — so your AI never sees it. A REST read can opt back in with ?includeMuted=1.


MCP server (what your AI connects to)

The MCP server is the primary way your AI reaches your library. It's the same server whether you connect the hosted URL or run the stdio package — same prompts, resources, and tools.

Two ways to connect

Hosted (remote) — for connector-based clients

https://www.aistoragedepot.com/api/mcp?token=YOUR_TOKEN

Speaks MCP over Streamable HTTP (stateless JSON-RPC): the client POSTs a JSON-RPC request and gets a JSON response. You can send the token as ?token=… or an Authorization: Bearer … header.

Local (stdio) — for desktop apps like Claude Desktop

{
  "mcpServers": {
    "aistoragedepot": {
      "command": "cmd",
      "args": ["/c", "npx", "-y", "@aistoragedepot/mcp"],
      "env": { "AISTORAGEDEPOT_TOKEN": "YOUR_TOKEN" }
    }
  }
}

On macOS/Linux the command is just "npx" with args: ["-y", "@aistoragedepot/mcp"]. On Windows you must wrap it in cmd /c (as above) — Windows can't spawn npx directly. The Connect page generates the correct config for your OS and tool; prefer that over hand-editing.

What the server exposes

MCP capabilityWhat your AI gets
Toolssearch_library, get_item (below)
ResourcesEvery item as aisd://item/<id>, with its title, type, tags, and MIME type
PromptsEvery prompt, exposed as a native MCP prompt with its [placeholders] as fill-in arguments

Tools:

  • search_library{ "query": "keyword" }. Searches titles, bodies, tags, and categories across your own libraries. Returns matches with their aisd://item/<id> URIs. (Needs ≥ 2 characters.)
  • get_item{ "id": "<id or aisd://item/<id>>" }. Returns the full body of one item.

Server details: server name aistoragedepot, protocol version 2024-11-05. Deactivated items and the example libraries are excluded. Individuals are unmetered; the anti-abuse limit returns JSON-RPC error -32003 with HTTP 429. A missing/invalid token returns -32001 with HTTP 401.

Raw JSON-RPC example

curl -s "https://www.aistoragedepot.com/api/mcp?token=YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
       "params":{"name":"search_library","arguments":{"query":"code review"}}}'

Supported methods: initialize, ping, tools/list, tools/call, resources/list, resources/read, prompts/list, prompts/get. Batched requests (a JSON array) are supported; notifications get a 202 with no body.


pull CLI (local copies in your project)

pull is optional. MCP already serves your library live; pull writes local files into your project or user config so items show up as typed /slash commands even when your tool isn't connected over MCP.

npx -y @aistoragedepot/mcp pull --token=YOUR_TOKEN --workspaces=all --to=all --types=skill

On Windows PowerShell, quote the scoped package name:

npx -y "@aistoragedepot/mcp" pull --token=YOUR_TOKEN --workspaces=all --to=all --types=skill

Flags

FlagMeaning
--token=YOUR_TOKENYour API token. No space after the =--token= abc leaves the token empty.
--workspaces=allInclude team/company libraries too, not just your personal one.
--to=allWrite commands for every detected tool on the machine.
--types=skillDefault. Pull skills only (see the note below). Use --types=all to include prompts.

Why --types=skill is the default

Prompts already come across live over MCP as slash commands. If you also pull them, they register a second time — you'd see each prompt twice in your menu (a (user) frozen copy and a live (MCP) copy). Skills, by contrast, are documents the agent reads over MCP — they only become a typed /command when you pull them. So the safe default is: let MCP serve prompts, and pull your skills. Re-run pull any time to refresh the local copies; it only touches AIStorageDepot files.

The @aistoragedepot/mcp package is the same one you point Claude Desktop at as a stdio server — with the pull subcommand it becomes the CLI.


REST API

All REST endpoints are under /api. Send Authorization: Bearer YOUR_TOKEN. Reads via a Bearer token get the agent view — your own libraries only, deactivated items excluded.

Read your library

Method & pathPurpose
GET /api/healthLiveness + DB check. Anonymous. Returns {"ok":true} (or 503).
GET /api/workspacesThe libraries you can see. Via token: your own only (no Welcome/Curated).
GET /api/library?workspace=<id>Full payload for one library (or your default). Add ?includeMuted=1 to include deactivated items.
GET /api/search?q=<term>&…Search across your libraries.
GET /api/types · GET /api/categoriesYour item types and categories.

Create & manage items

Method & pathPurpose
POST /api/itemsCreate an item. Body: { workspaceId, typeId, title, body, categoryId?, tags? }. workspaceId and typeId are required.
GET/PATCH/DELETE /api/items/{id}Read, edit, or delete one item.
GET /api/items/{id}/versions · GET .../versions/{v}Version history, and one specific version.
POST /api/items/{id}/restoreRestore from Trash.
POST /api/items/{id}/copyCopy/publish an item to another library.
POST /api/items/{id}/shareCreate (or revoke) a public share link.
POST /api/items/import · POST /api/items/import/githubImport files/.zip, or a public GitHub repo.
GET /api/trash · POST /api/trash/{id}List the Trash; restore an item.

Tokens & account (session-only)

These require a signed-in browser session — a token can't call them.

Method & pathPurpose
GET /api/tokensList your tokens (no secrets) + this month's usage.
POST /api/tokensCreate a token: { name }{ token, … } (token shown once).
DELETE /api/tokens/{id}Revoke a token.
GET /api/sessions · DELETE /api/sessions/{id}List/sign-out active devices.
POST /api/auth/2fa · POST /api/auth/totpEnable/verify two-factor auth.
POST /api/account/password · POST /api/account/deleteChange password; delete your account.

Teams, companies & billing

Team/company management (/api/teams/*, /api/company/*, /api/invites/*), billing (/api/billing/*), and the admin console (/api/admin/*) back the in-app UI and enforce role checks server-side. They're documented functionally under Teams & Companies and Billing & Plans rather than as a public integration surface.

Errors

Standard HTTP status codes with a JSON { "error": "…" } body:

StatusMeaning
400Missing/invalid parameters.
401Missing or invalid token / not signed in.
403Authenticated but not allowed (role, or a network/IP restriction).
404No such item or library.
429Anti-abuse rate limit — slow down.
409Edit conflict (someone else changed the item first).

Quick recipes

List your libraries

curl -s https://www.aistoragedepot.com/api/workspaces \
  -H "Authorization: Bearer YOUR_TOKEN"

Pull one library's items

curl -s "https://www.aistoragedepot.com/api/library?workspace=WORKSPACE_ID" \
  -H "Authorization: Bearer YOUR_TOKEN"

Create a prompt

curl -s https://www.aistoragedepot.com/api/items \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"workspaceId":"WS_ID","typeId":"TYPE_ID","title":"Code review","body":"Review [language] code for [concern]."}'

Related: Connecting to your AI tools · Item Types · Security & Reliability