Each tenant gets a schema-isolated database, a full HTTP API surface, and runtime access to define models, store records, query data, track changes, manage access control, and move files — all without writing server-side code.
Machine-native bootstrap is first-class:
POST /auth/provision,
sign the challenge,
POST /auth/verify,
then manage bearer API keys through /api/keys or tenant machine keys through /api/user/machine-keys.
MCP is now first-class too: initialize against POST /mcp,
advertise Accept: application/json, text/event-stream,
keep the returned Mcp-Session-Id and MCP-Protocol-Version
headers, then use abbot_auth, abbot_describe,
abbot_find, abbot_data,
abbot_related, and abbot_bulk.
curl -fsSL https://raw.githubusercontent.com/abbotik/api/main/apps/api/scripts/install.sh | bash
brew install abbotik/tap/abbotik-api
curl -fsSL https://raw.githubusercontent.com/abbotik/cli/main/scripts/install.sh | bash
brew install abbotik/tap/abbot
/api/describe./api/data./api/describe — define and inspect models and fields/api/data — CRUD, relationships, and soft delete/api/find — advanced filtering with 25+ operators/api/aggregate — count, sum, avg, min, max/api/bulk — batch operations and import/export/llm — room and factory execution protocols/v1/responses — root-mounted room-backed response ingress/mcp — HTTP JSON-RPC MCP transport and session lifecycle/api/tracked — field-level change history/api/acls — per-record access control/api/cron — scheduled process management/fs — tenant-scoped virtual filesystemPOST /auth/register and continues with POST /auth/login.POST /auth/provision and continues with POST /auth/verify.POST /auth/challenge re-authenticates an existing tenant-bound key./api/keys issues and manages bearer API keys./api/user/machine-keys lists, adds, rotates, and revokes tenant-bound machine keys.POST /auth/refresh is reserved for the human login flow./docs/auth and /docs/:api before composing write requests./auth/* and /docs/* are public — no token needed.