Developer & Agent Access - User Guides

Documentation Index

Fetch the complete documentation index at: /llms.txt

Use this file to discover all available QwryAI pages before exploring further.

Availability

Developer and agent access is available only when your workspace has an active paid subscription. Access follows the current workspace subscription, so downgraded, canceled, inactive, or suspended workspaces stop API-key, OAuth, MCP, and CLI usage at validation time.

The QwryAI app keeps Settings > Security focused on credential management. Use it to generate or revoke API keys and disconnect OAuth clients; use this guide for endpoint URLs, client setup, examples, and troubleshooting.

Installation

Install the QwryAI CLI and verify it is available from your shell.

npm install -g qwryai-cli
qwryai-cli --help

Authentication

OAuth device login is recommended for interactive CLI use.

qwryai-cli auth:login
qwryai-cli auth:status
qwryai-cli auth:status --verify
qwryai-cli auth:logout

Run qwryai-cli auth:login.
Copy the one-time device code from your terminal.
Open the QwryAI approval screen.
Confirm the workspace name, tenant id, and Developer & Agent Access eligibility.
Approve developer access.
QwryAI saves credentials to ~/.qwryai/credentials.json.

Use API keys for OpenClaw, Cursor, custom MCP clients, scripts, CI jobs, and headless automation.

Keep QWRYAI_API_KEY as a placeholder in reusable setup snippets. Paste the one-time key only into your local environment or secret manager.

Open your QwryAI workspace.
Go to Settings > Security.
Find API keys.
Confirm Paid plan enabled.
Select Generate New Key.
Choose an expiration.
Copy the key immediately because the full value is shown once.

export QWRYAI_API_KEY=<your-qwryai-api-key>

When both OAuth credentials and QWRYAI_API_KEY are present, qwryai-cli uses OAuth credentials first and falls back to the API key when no OAuth session is stored.

Custom API URL

For staging, self-hosted, or tunneled environments, point the CLI and scripts to a different QwryAI API origin.

export QWRYAI_API_URL=https://api.qwryai.com/public/v1
export QWRYAI_AUTH_SERVER=https://api.qwryai.com
export QWRYAI_MCP_URL=https://api.qwryai.com/mcp

Endpoints

Surface	URL
Public API	https://api.qwryai.com/public/v1
MCP	https://api.qwryai.com/mcp
Claude MCP	https://api.qwryai.com/mcp-oauth
OAuth authorization	https://www.qwryai.com/oauth/authorize
Device approval	https://www.qwryai.com/oauth/device/verify

Quick Start

# 1. Authenticate with OAuth
qwryai-cli auth:login

# 2. Confirm the current workspace
qwryai-cli auth:status --verify

# 3. List chatbots
qwryai-cli chatbots:list

# 4. Create a conversation
qwryai-cli conversations:create --chatbot <chatbot-id>

# 5. Send a message
qwryai-cli conversations:send <conversation-id> --content "I need help with my order"

# 6. Search knowledge
qwryai-cli knowledge:search --chatbot <chatbot-id> --query "refund policy"

All CLI output is JSON. Authentication and API failures exit with a nonzero code and may include machine-readable error.code, error.statusCode, or error.httpStatus fields for scripts and CI jobs.

Commands Overview

Command	Description
qwryai-cli auth:login	Authenticate with OAuth device login.
qwryai-cli auth:status	Show the stored authentication method.
qwryai-cli auth:status --verify	Verify stored credentials against QwryAI.
qwryai-cli auth:logout	Revoke the stored OAuth grant and remove local credentials.
qwryai-cli mcp:config	Print a secret-safe MCP config using Bearer ${QWRYAI_API_KEY}.
qwryai-cli chatbots:list	List workspace chatbots.
qwryai-cli chatbots:get <id>	Get one chatbot.
qwryai-cli conversations:list	List conversations.
qwryai-cli conversations:create --chatbot <id>	Create a conversation.
qwryai-cli conversations:get <id>	Get one conversation.
qwryai-cli conversations:messages <id>	Read messages for one conversation.
qwryai-cli conversations:send <id> --content "..."	Send a customer message and return AI stream events.
qwryai-cli conversations:agent-message <id> --content "..."	Add a human agent reply.
qwryai-cli conversations:note <id> --note "..."	Add an internal note.
qwryai-cli conversations:escalate <id>	Escalate a conversation.
qwryai-cli conversations:resolve <id>	Resolve a conversation.
qwryai-cli conversations:read <id>	Mark a conversation read.
qwryai-cli conversations:unread <id>	Mark a conversation unread.
qwryai-cli knowledge:search --chatbot <id> --query "..."	Search chatbot knowledge.
qwryai-cli analytics:overview	View analytics overview.

MCP Clients

QwryAI MCP is a hosted remote HTTPS endpoint, not a local stdio MCP server. Configure clients to call the hosted MCP URL with a bearer token.

For OpenClaw-style clients, define both a remote server and a named qwryai server if the client supports both shapes.

{
  "remote": {
    "url": "https://api.qwryai.com/mcp",
    "headers": {
      "Authorization": "Bearer ${QWRYAI_API_KEY}"
    }
  },
  "mcpServers": {
    "qwryai": {
      "url": "https://api.qwryai.com/mcp",
      "headers": {
        "Authorization": "Bearer ${QWRYAI_API_KEY}"
      }
    }
  }
}

For Cursor-style MCP configuration, add a qwryai server with the same URL and bearer header. Compatible custom MCP clients can use the same hosted remote HTTPS server definition.

Claude OAuth

Claude should use https://api.qwryai.com/mcp-oauth through OAuth. Do not paste a QwryAI API key into Claude. Confirm the approval screen shows the correct workspace name, tenant id, and Developer & Agent Access eligibility before approving developer access.

Public REST

Scripts can use the public REST facade with an API key.

export QWRYAI_API_URL=https://api.qwryai.com/public/v1
export QWRYAI_API_KEY=<your-qwryai-api-key>

curl -fsS "$QWRYAI_API_URL/me" \
  -H "Authorization: Bearer $QWRYAI_API_KEY"

curl -fsS "$QWRYAI_API_URL/me" \
  -H "X-API-Key: $QWRYAI_API_KEY"

Capabilities

Capability	Description
get_account_context	Show tenant, plan, auth method, scopes, and capabilities.
list_chatbots	List available chatbots.
get_chatbot	Inspect one chatbot.
list_conversations	List conversations.
create_conversation	Create a conversation.
get_conversation	Inspect one conversation.
get_conversation_messages	Read conversation messages.
send_message	Send a customer message and return AI stream events.
send_agent_message	Add a human agent reply.
add_internal_note	Add an internal note.
escalate_conversation	Escalate to human support.
resolve_conversation	Resolve the conversation.
mark_conversation_read	Mark the conversation read.
mark_conversation_unread	Mark the conversation unread.
search_knowledge	Search chatbot knowledge.
get_analytics_overview	View analytics overview.

Developer access does not expose billing, user-management, destructive delete, or admin configuration tools.

Revoke Access

Open Settings > Security.
In API keys, find the key.
Select revoke. Revoked keys stop working immediately.
In OAuth connections, find the Claude or qwryai-cli connection.
Select disconnect. Disconnecting an OAuth client revokes its access and refresh tokens immediately.

qwryai-cli auth:logout

Troubleshooting

Key is rejected: confirm the full key was copied, has not expired, and has not been revoked.
Access stopped after plan change: Developer access follows the current active workspace subscription plan.
Claude asks for approval: complete the QwryAI OAuth approval screen.
OpenClaw or Cursor cannot connect: confirm the client is using remote HTTPS MCP and a bearer API-key header.
CLI is not authenticated: run qwryai-cli auth:login again or set QWRYAI_API_KEY.
OAuth client still has access: disconnect it under OAuth connections, then ask the user to reconnect if access is still needed.
CLI command failed in CI: check error.code, error.statusCode, or error.httpStatus in the JSON output.
A tool is missing: confirm the credential has the matching scope and the workspace is on a paid active plan.