Strata — The Trust Layer for AI Agents

Strata API

Quickstart

Make your first API call in under 2 minutes.

Get your API key

Make your first request

Pass your key in the X-API-Key header. All requests use HTTPS.

Explore the response

The response contains an items array. Each item has a title, body, and updated_at timestamp. Items are Claude-validated and safe for injection into AI prompts.

Strata API

Authentication

All API requests require an X-API-Key header. Keys are prefixed with sk_. Never expose your key in client-side code or version control.

Finding your key: Dashboard → Overview → Your API Key section. If your key is compromised, use the Regenerate button — the old key is immediately revoked.

Strata API

Ecosystems

All ecosystems available via the API.

Pass the ecosystem slug as the ecosystem parameter in any API call. Core ecosystems are available on all tiers. All others require a Pro subscription.

Core — Free + Pro

Slug	Name	Vendor	Tier
`claude`	Claude	Anthropic	Free + Pro
`openai`	ChatGPT	OpenAI	Free + Pro
`gemini`	Gemini	Google	Free + Pro
`langchain`	LangChain	LangChain	Free + Pro
`ollama`	Ollama	Ollama	Free + Pro

AI Coding Tools — Pro

Slug	Name	Vendor	Tier
`cursor`	Cursor	Anysphere	Pro
`claudecode`	Claude Code	Anthropic	Pro
`codex`	Codex	OpenAI	Pro
`windsurf`	Windsurf	Codeium	Pro
`copilot`	Copilot	Microsoft	Pro
`cody`	Cody	Sourcegraph	Pro

AI Search & Research — Pro

Slug	Name	Vendor	Tier
`perplexity`	Perplexity	Perplexity	Pro
`youcom`	You.com	You.com	Pro
`exa`	Exa	Exa	Pro

AI Infrastructure — Pro

Slug	Name	Vendor	Tier
`replicate`	Replicate	Replicate	Pro
`togetherai`	Together AI	Together	Pro
`groq`	Groq	Groq	Pro
`fireworks`	Fireworks	Fireworks AI	Pro

AI Agents & Media — Pro

Slug	Name	Vendor	Tier
`manus`	Manus	Butterfly Effect	Pro
`higgsfield`	Higgsfield	Higgsfield AI	Pro
`v0`	v0	Vercel	Pro
`bolt`	Bolt	StackBlitz	Pro

Strata API

Rate Limits

Plan	Calls / month	News lag	Refresh rate
Free	100	24 hours	Weekly
Pro	10,000	Every 12 hours	Daily

When you exceed your monthly limit the API returns a 429 status. Limits reset on the first day of each calendar month.

To increase your limit, upgrade to Pro.

Strata API

API Reference

Base URL: https://usestrata.dev/api/v1

In local dev: http://localhost:3000/api/v1

GET

/best-practices

Returns AI-verified best practices for a given ecosystem and category.

Parameters

Parameter	Type	Required	Description
`ecosystem`	`string`	required	Ecosystem slug: claude, openai, gemini, langchain, ollama
`category`	`string`	optional	Content category. Defaults to best_practices

Response fields

Field	Type	Description
`ecosystem`	`string`	Requested ecosystem slug
`category`	`string`	Requested category
`items`	`array`	Array of { id, title, body, updated_at }

GET

/news

Returns aggregated news for an ecosystem. Free tier receives items older than 24 hours. Pro tier receives results updated every 12 hours.

Parameters

Parameter	Type	Required	Description
`ecosystem`	`string`	required	Ecosystem slug
`limit`	`integer`	optional	Number of results. Default 5, max 20

Response fields

Field	Type	Description
`ecosystem`	`string`	Requested ecosystem slug
`tier`	`string`	Your plan tier: free or pro
`items`	`array`	Array of { id, title, body, source_url, published_at }

GET

/integrations

Returns ranked integrations and MCP servers for an ecosystem.

Parameters

Parameter	Type	Required	Description
`ecosystem`	`string`	required	Ecosystem slug
`use_case`	`string`	optional	Filter by use case, e.g. coding, research

Response fields

Field	Type	Description
`ecosystem`	`string`	Requested ecosystem slug
`items`	`array`	Array of { id, title, body } — rank field included when use_case is provided

GET

/search

Full-text search across all verified content. Returns results ranked by relevance.

Parameters

Parameter	Type	Required	Description
`query`	`string`	required	Search query
`ecosystem`	`string`	optional	Filter to a specific ecosystem. Default: all

Response fields

Field	Type	Description
`query`	`string`	The original search query
`results`	`array`	Array of { id, title, body, category, ecosystem_slug, source_url }

Strata API

Error Codes

Status	Code	Description
401	Invalid API key	Key missing or not found
403	Ecosystem not available on free tier	Upgrade to Pro for this ecosystem
404	Ecosystem not found	Check the ecosystem slug
429	Monthly limit reached	Upgrade or wait for monthly reset
500	Internal server error	Something went wrong on our end

All error responses share the same shape:

{ "error": "message", "tier": "free" }

The tier field is included only on 403 and 429 responses.

Strata API

Code Examples

1. Get Claude best practices

Fetch the current top best practices for the Claude ecosystem.

# Get Claude best practices
curl -s "https://usestrata.dev/api/v1/best-practices?ecosystem=claude" \
  -H "X-API-Key: sk_your_api_key_here"

2. Search across all ecosystems

Run a full-text search across every verified content item.

# Search across all ecosystems
curl -s "https://usestrata.dev/api/v1/search?query=function+calling" \
  -H "X-API-Key: sk_your_api_key_here"

3. Poll for latest news with pagination

Continuously poll the news endpoint, tracking seen items by ID to surface only new arrivals.

# Poll for latest news (page 1)
curl -s "https://usestrata.dev/api/v1/news?ecosystem=openai&limit=5" \
  -H "X-API-Key: sk_your_api_key_here"

# Page 2 (offset-based)
curl -s "https://usestrata.dev/api/v1/news?ecosystem=openai&limit=5&offset=5" \
  -H "X-API-Key: sk_your_api_key_here"

Strata API

Security API

Trust signals, agent identity, lineage, threat feed, and compliance — all under /api/v1/*.

All routes accept X-API-Key or Authorization: Bearer headers. Compliance reporting (/api/compliance/report) and agent creation use session cookie auth — sign in via the dashboard first.

GET

/api/v1/mcp/verify

Verify any MCP server by GitHub URL, npm package name, or hosted endpoint. Returns two trust scores, capability flags, injection status, and a real-time circuit breaker state.

param	type		description
`url`	`string`	optional	GitHub URL — e.g. github.com/owner/repo
`npm`	`string`	optional	npm package name — e.g. @modelcontextprotocol/server-filesystem
`endpoint`	`string`	optional	Hosted MCP endpoint URL

Pass exactly one of url, npm, or endpoint.

GET

/api/v1/x402/verify

Verify an x402 payment endpoint before your agent pays anything. Checks SSL validity, domain age, payment amount reasonableness. Returns a trust score and risk flags. Results cached for 24 hours.

param	type		description
`url`	`string`	required	Full https:// URL of the payment endpoint

POST

/api/v1/agents

Issue an Ed25519-signed JWT credential for an agent identity. Requires dashboard session cookie — authenticate via /login first. The returned credential is shown once only.

Also available: POST /api/v1/agents/verify (API key auth) to verify a credential with live revocation check, and GET /.well-known/jwks.json for offline JWKS verification.

POST

/api/v1/lineage

Record a data flow between two MCP servers. Builds an auditable lineage graph visible in the dashboard. Use the MCP tool track_data_flow to call this automatically from inside your agent.

field	type		description
`source_server`	`string`	required	https:// URL of the server data was read from
`dest_server`	`string`	required	https:// URL of the server data was sent to
`session_id`	`string`	optional	Opaque run/trace ID to group related flows
`data_tags`	`string[]`	optional	pii · credentials · financial · internal

GET

/api/v1/threats

Query the real-time threat feed — changes to MCP server risk signals (quarantines, dangerous capability additions, score drops, injection detections). Use affected_only=true to surface only events for servers you've connected to.

param	type		description
`severity`	`string`	optional	critical · high · medium · low
`since`	`ISO 8601`	optional	Return events after this timestamp. Default: 7 days ago
`affected_only`	`boolean`	optional	Filter to servers in your activity ledger
`limit`	`number`	optional	1–200. Default 50

GET

/api/compliance/report

Generate a SOC 2 or ISO 27001 compliance evidence package from the Agent Activity Ledger. Includes tamper evidence (HMAC spot-check), agent activity summary, risk posture, and tool breakdown. Requires dashboard session cookie.

param	type		description
`format`	`string`	required	json · csv
`period`	`string`	required	30d · 90d · 1y · custom
`standard`	`string`	optional	soc2 · iso27001

GET

/api/v1/anomalies

List behavioral anomaly events detected against your rolling baselines. Three detector types: volume_spike (5× baseline), high_risk_surge (3× baseline), net_egress_surge (3× baseline, escalates off-hours). Detection requires 7 days of history and 50+ calls.

Acknowledge an event: POST /api/v1/anomalies/:id/acknowledge

GET

/api/v1/dependency-graph

Returns the complete dependency graph for the authenticated profile — all MCP servers your agents have connected to, their current risk state, data flows between them, and circuit breaker status. Pass period=7d|30d|90d|all to control the lookback window.

Strata API

MCP Server

Connect your agent once and get access to all Strata tools automatically.

Strata is available as a native MCP server. Any MCP-compatible client — Claude.ai, Cursor, Windsurf, or a custom agent — can call all four tools without making individual REST requests.

Remote connection (Streamable HTTP)

Strata works with any MCP-compatible client and any model that can make HTTP requests — not just Claude.

Add via the CLI:

Local connection (stdio)

For local development with Claude Desktop, clone the repo and add to claude_desktop_config.json:

{
  "mcpServers": {
    "strata": {
      "command": "npx",
      "args": [
        "tsx",
        "/path/to/strata/scripts/mcp-stdio.ts"
      ],
      "env": {
        "STRATA_API_KEY": "sk_your_api_key_here"
      }
    }
  }
}

The stdio transport works with any client that supports local MCP servers via command + args config, including Cursor and Windsurf.

Available tools (10)

get_best_practices

ecosystem (required), category (optional)

Current AI-verified best practices for a given ecosystem.

get_latest_news

ecosystem (required), limit (optional, max 20)

Latest news and releases. Pro gets results updated every 12 hours; free gets items older than 24 h.

get_top_integrations

ecosystem (required), use_case (optional)

Ranked integrations and MCP servers. Filter by use case for relevance-sorted results.

search_ecosystem

query (required), ecosystem (optional)

Full-text search across all verified content. Omit ecosystem to search globally.

find_mcp_servers

query (required), exclude_capability_flags, min_security_score…

Semantic search across 2,179+ scored MCP servers. Filter by capability flags, scores, and hosted endpoint.

verify_payment_endpoint

url (required)

x402 payment endpoint trust score. Call before any autonomous payment to confirm legitimacy.

verify_agent_credential

credential (required)

Verify a Strata-issued agent JWT with live revocation check. Use for high-trust calls.

track_data_flow

source_server, dest_server (required), session_id, data_tags

Record a data flow between two MCP servers for lineage tracking.

get_threat_feed

since, severity, affected_only (all optional)

Recent risk-signal changes for MCP servers. Set affected_only=true to filter to your dependencies.

list_ecosystems

(none)

List all AI ecosystems available on your tier. Call this first to discover valid slugs before using get_best_practices, get_latest_news, get_top_integrations, or search_ecosystem.

MCP Server

Prompts & Formatting

Strata includes built-in MCP prompts that tell your agent how to present intelligence in a structured briefing format. Supported in Claude Desktop and Claude Code.

ecosystem_briefing

Full intelligence briefing for any ecosystem. Calls best practices, news, and integrations automatically.

argument: ecosystem — e.g. "claude", "groq", "cursor"

Claude Desktop: type /ecosystem_briefing in chat

cross_ecosystem_compare

Side-by-side comparison of two ecosystems. Ideal for architecture decisions.

argument: ecosystem_a

argument: ecosystem_b

agent_stack_review

Stack recommendation for a specific use case based on current Strata intelligence.

argument: use_case — e.g. "RAG pipeline", "coding assistant"

Even without prompts, Strata tools always return structured JSON. The formatting guide resource at strata://formatting-guide tells your agent how to present results — Claude reads this automatically when Strata is connected.