Skip to content
DEVELOPER PLATFORM · REST · MCP · OAUTH

Your safety operation,addressable.

REST, an MCP server and an OAuth connector over one connected operation — tenant-isolated, rate-limited and audit-logged on every call.

LIVEREST API v1
24endpoints
11MCP tools
3.1OpenAPI
API V1
SAMPLE
REQUEST
curl https://app.eaviora.com/api/v1/records?module=sms \
  -H "Authorization: Bearer $EAVIORA_API_KEY"
RESPONSE · 200
{
  "data": [
    {
      "reference": "OCC-2026-0042",
      "module": "sms",
      "stage": "investigation",
      "title": "De-icing hold-over exceeded on stand"
    }
  ],
  "next_cursor": null
}
Tenant-isolated · rate-limited · audit-logged
01ONE CONNECTED OPERATION

One core.
Every surface.

Pull occurrences, hazards, findings and CAPAs from one connected operation — not a pile of per-module exports. The API, the MCP server and the UI all speak the same core.

RECORDS
One records model
Occurrences, hazards, findings and CAPAs live in one table — every record type, one shape, referenced as {MODULE}-{YYYY}-{NNNN}.
LINKS
Links between records
caused_by, mitigated_by, documented_in, required_by — traceability is a query, not a spreadsheet.
CORE
Same stack as the UI
Every call runs scope check → rate limit → tenant isolation → permission check → audit log. One core, every surface.
02REST API V1

Read and write
records.

A bearer-key REST API over your live operation. Records CRUD, streaming export, staged imports and key introspection — with a contract you can generate a client from.

REQUEST · GET /api/v1/records
curl https://app.eaviora.com/api/v1/records?module=sms \
  -H "Authorization: Bearer $EAVIORA_API_KEY"
RESPONSE · 200
{
  "data": [
    {
      "reference": "OCC-2026-0042",
      "module": "sms",
      "stage": "investigation",
      "title": "De-icing hold-over exceeded on stand"
    }
  ],
  "next_cursor": null
}
  • Records CRUD + NDJSON streaming export

    Create, read, update and stream large result sets row-by-row.

  • Linked records

    Connect records — caused_by, mitigated_by, documented_in — over the API.

  • Async CSV import

    50MB uploads with column-mapping, chunked and processed as a job.

  • Async export

    JSON, CSV, Parquet or PDF, delivered as a 7-day signed URL.

  • Key introspection

    GET /api/v1/me returns the calling key’s scopes and identity.

OPENAPI 3.1
Generated from the runtime
The spec is built from the same route definitions the handlers bind, so the contract can’t drift. Generate a typed client in any language.
Get the OpenAPI 3.1 spec
03MCP SERVER

Connect an AI assistant
to your operation.

eAviora is an MCP server — connect Claude or any agent to your live safety operation. Eleven tools over the same authorization stack as the app.

READ6 tools
list_modules
search_records
get_record
get_record_links
get_import_job
list_export_jobs
WRITE5 tools
create_record
update_record
link_records
start_csv_import
request_export
ENDPOINT/api/mcp/mcpStreamable HTTP · bearer auth · tenant-isolated · audited
04CLAUDE CONNECTOR

No keys
to paste.

Add eAviora as a custom connector in Claude. Your team consents in-app and acts under their exact role — no API key ever changes hands.

  • Dynamic client registration

    Connectors register themselves over RFC 7591 — there is no console step to provision a client.

  • PKCE on every flow

    Mandatory PKCE S256 with single-use authorization codes — the modern OAuth 2.1 baseline.

  • Short-lived, rotating tokens

    1-hour access tokens with a 30-day rotating refresh — a leaked token expires fast.

  • Scoped consent

    The consent screen is read, or read and write — the user sees exactly what they grant.

05GOVERNED BY DESIGN

Automation can’t
bypass sign-off.

The reason a regulated operator can open its API. Speed on the read and write paths, without ever losing control of the record.

STATE LOCKED
Workflow state is non-settable
Workflow and governance state cannot be set through the API or MCP — only a person moves a record.
HUMAN-GATED
AI suggests, a human validates
Write tools propose; nothing reaches the record until a person accepts it. Enforced in code, not policy.
AUDITED
Logged in the same transaction
Every call is audit-logged under the key’s identity, in the same transaction as the change.
06OUTBOUND WEBHOOKS

Signed, retried,
replayable.

Subscribe to record events and verify them with the official zero-dependency SDK. Every delivery is signed; every URL write is checked against an SSRF blocklist.

HMAC-SHA256 — sha256= over timestamp.body, constant-time verify
SSRF blocklist on every webhook URL write
10 retries with exponential backoff
Secret shown once on create, rotate any time
@eaviora/webhooks
Zero-dep HMAC verifier
Runtime-agnostic — Node, Deno, Bun, Cloudflare Workers and browsers — with Express middleware included.
07ENTERPRISE READY

Plug into
your IdP.

The answers a security questionnaire asks for, built in — single sign-on, automated provisioning, a rate-limit contract, and isolation enforced at the database.

SSO
Plug into your IdP
SAML 2.0 with Okta, Microsoft Entra and Google · SSO-required enforcement · JIT provisioning.
SCIM
Provision automatically
SCIM 2.0 auto-provision and deprovision, so leavers lose access without a manual step.
LIMITS
Rate limits as a contract
Per-tier ceilings the platform enforces — plan batch imports and polling against documented limits.
ISOLATION
Isolated at the database
Database-enforced tenant isolation against a non-bypass role — a query missing your org returns zero rows.
GET STARTED

Build with eAviora.
Govern the writes.

See the API, the MCP server and the Claude connector against your data shape — with the founder, in 30 minutes. Already a tenant? Create a scoped key in settings.

Create an API keyOperators start at /help