API & agent discovery

Holihopper exposes machine-readable discovery endpoints for agents, public API consumers, and browser-based assistants.

Discovery endpoints

API catalog
OpenAPI description
Health status
OpenID Connect discovery
OAuth protected resource metadata
MCP server card
Agent skills index

Published endpoints

GET /api/health for health and discovery links
POST /mcp for read-only MCP discovery tools

This published discovery surface intentionally excludes write-capable, payment, and cost-bearing application endpoints.

MCP

The MCP endpoint is a read-only public transport. It exposes destination guides, inspiration listings, and site capability metadata. Private board edit and board view URLs are intentionally excluded.

Authentication

Holihopper uses Supabase Auth for user authentication. Discovery metadata is published under the well-known OAuth and OpenID endpoints so automated clients can discover the issuer, token endpoint, and resource metadata.