Docs for the Hoist Connector.
Connect your AI tool of choice, API client, or CLI workflow to Australian source evidence.
What you can do with the Connector
Jobs first. Pick the one that matches what you (or your agent) are trying to do, then follow the surface that fits your workflow. The Hoist Connector is the agent-facing access layer; it works through API, CLI, and MCP.
- Verify a counterparty. Run a fixture ABN, GST, and PPSR organisation-grantor lookup. Get back an Evidence Pack with verdict, source checks, and risk flags. (Real ABR and AFSA traffic at S2-gate.)
- Verify an asset. Run a fixture PPSR serial-number search by VIN or chassis number. Get back encumbrance state and the source check that supports it. (Live PPSR traffic at S2-gate.)
- Create an Evidence Pack. Ask the Connector to bundle source checks, timestamps, certificate metadata (where applicable), and a Due Diligence Record into one citable answer for your agent.
- Retrieve a record. Pull a prior search by record id (fixture-only today). Production record retrieval at S2-gate alongside the Due Diligence Record PDF.
- Export evidence for a deal file. Bundle the Evidence Packs for a deal into a ZIP your CRM or broker workflow can attach. Production export at S2-gate.
mcp.assets.hoistai.com/mcp (OAuth 2.1 + PKCE + Resource Indicators) and the in-browser sandbox. Tool calls return canned fixtures for three organisations. Not live today: REST endpoints under api.assets.hoistai.com/v1, real AFSA traffic, the Due Diligence Record PDF, batch CSV, webhooks, and published SDKs. All S2-gate.Start here
Sandbox or MCP server
Two paths that work today: try the in-browser sandbox, or install the MCP server in your AI client and run a fixture search.
Read MCP serverConnect your AI agent
Tool surface, OAuth scopes, install snippets for eight hosts. Confirmation flows for paid actions (live at S2-gate).
Read SandboxRun a fixture search
No signup, no card. Browser-based runner that shows the response shape against three fixture organisations.
Try itAPI reference Roadmap (S2-gate)
The REST endpoints below ship at S2-gate alongside the partner intermediary. The shapes are stable enough to integrate against today using the sandbox and MCP transport. A machine-readable OpenAPI 3.1 spec will publish at /.well-known/openapi.json when the API goes live.
Authentication
Two auth modes, one live today.
- OAuth 2.1 (live) — for the MCP server. RFC 6749 / 7591 Dynamic Client Registration + PKCE + Resource Indicators (RFC 8707). Discovery at
/.well-known/oauth-authorization-server, authorize at/oauth/authorize, token at/oauth/token. Human consent runs through Clerk hosted sign-in ataccounts.assets.hoistai.com. - API key Roadmap (S2-gate) — bearer token, scoped (
readonly,readwrite,batch). Pass viaAuthorization: Bearer hoist_live_…. Test keys (hoist_test_…) will hit fixtures only and stay unlimited. Live keys count against your subscription. Both come online at S2-gate from the dashboard.
Endpoints Roadmap (S2-gate)
The endpoints below are the planned REST surface. None are reachable today — call the equivalent MCP tools against fixtures instead. Costs shown are S2-gate launch pricing once paid plans open.
| Method | Path | What it will do | Cost |
|---|---|---|---|
| POST | /v1/ppsr/search | PPSR organisation or serial-number search | A$2.50 |
| POST | /v1/ppsr/batch | Batch PPSR (CSV in, ZIP out) | Per row |
| GET | /v1/abn/{abn} | ABN lookup (current state) | A$0.10 |
| GET | /v1/abn/{abn}/history | ABN history (trading names, GST changes) | A$0.10 |
| GET | /v1/gst/{abn} | GST registration as at date | A$0.10 |
| GET | /v1/records/{id} | Retrieve a record (PDF or JSON) | Free |
| GET | /v1/records/{id}/verify | Verify a record hash | Free |
| GET | /v1/records | List recent records (paginated) | Free |
| POST | /v1/exports | Create an evidence-pack ZIP | Free |
| GET | /v1/usage | Your usage and remaining allowance | Free |
Errors Roadmap (S2-gate)
Planned error shape. Standard HTTP codes, body always:
{
"error": "individual_grantor_not_supported",
"message": "Hoist Assets is org-only: individual-grantor searches are not supported. ...",
"documentation_url": "https://assets.hoistai.com/trust/npii-boundary"
}Rate limits Roadmap (S2-gate)
- Sandbox keys: unlimited.
- Live keys: 60 requests/minute per key, burst to 120. Batch endpoint has its own quota — talk to us if you need more.
- 429s will return a
Retry-Afterheader.
SDKs Roadmap (S2-gate)
Public SDK repositories aren't published yet. We'll cut releases at S2-gate alongside the REST API.
- TypeScript / Node.js —
npm i @hoist-assets/sdk - Python —
pip install hoist-assets - Ruby —
gem install hoist_assets - Other languages: the OpenAPI spec will support
openapi-generatorfor Go, Rust, and PHP. Tested at S2-gate.
Webhooks Roadmap (S2-gate, Team tier)
Subscribe in the dashboard. Payloads will be signed with HMAC-SHA256 using your webhook secret. Planned events: search.completed, search.failed, batch.completed, export.ready. Webhook infrastructure is not shipped at S1-gate.
Versioning
API version will live in the path (/v1). Breaking changes go to /v2; we plan to maintain /v1 for 12 months after a new version ships. Non-breaking changes (new optional fields, new endpoints) will ship to /v1 without notice — code defensively. Changelog at /changelog.