Your safety operation,addressable.
REST, an MCP server and an OAuth connector over one connected operation — tenant-isolated, rate-limited and audit-logged on every call.
One core.
Every surface.
Pull occurrences, hazards, findings and CAPAs from one connected operation — not a pile of per-module exports. The API, the MCP server and the UI all speak the same core.
Read and write
records.
A bearer-key REST API over your live operation. Records CRUD, streaming export, staged imports and key introspection — with a contract you can generate a client from.
- Records CRUD + NDJSON streaming export
Create, read, update and stream large result sets row-by-row.
- Linked records
Connect records — caused_by, mitigated_by, documented_in — over the API.
- Async CSV import
50MB uploads with column-mapping, chunked and processed as a job.
- Async export
JSON, CSV, Parquet or PDF, delivered as a 7-day signed URL.
- Key introspection
GET /api/v1/me returns the calling key’s scopes and identity.
Connect an AI assistant
to your operation.
eAviora is an MCP server — connect Claude or any agent to your live safety operation. Eleven tools over the same authorization stack as the app.
list_modulessearch_recordsget_recordget_record_linksget_import_joblist_export_jobscreate_recordupdate_recordlink_recordsstart_csv_importrequest_export/api/mcp/mcpStreamable HTTP · bearer auth · tenant-isolated · auditedNo keys
to paste.
Add eAviora as a custom connector in Claude. Your team consents in-app and acts under their exact role — no API key ever changes hands.
- Dynamic client registration
Connectors register themselves over RFC 7591 — there is no console step to provision a client.
- PKCE on every flow
Mandatory PKCE S256 with single-use authorization codes — the modern OAuth 2.1 baseline.
- Short-lived, rotating tokens
1-hour access tokens with a 30-day rotating refresh — a leaked token expires fast.
- Scoped consent
The consent screen is read, or read and write — the user sees exactly what they grant.
Automation can’t
bypass sign-off.
The reason a regulated operator can open its API. Speed on the read and write paths, without ever losing control of the record.
Signed, retried,
replayable.
Subscribe to record events and verify them with the official zero-dependency SDK. Every delivery is signed; every URL write is checked against an SSRF blocklist.
Plug into
your IdP.
The answers a security questionnaire asks for, built in — single sign-on, automated provisioning, a rate-limit contract, and isolation enforced at the database.
Build with eAviora.
Govern the writes.
See the API, the MCP server and the Claude connector against your data shape — with the founder, in 30 minutes. Already a tenant? Create a scoped key in settings.