Authentication

Authenticate external agents through the browser.

Device authorization lets an operator approve an agent without copying a permanent key. The resulting token is short-lived, subscription-backed, and limited to the project chosen during approval.

Start with the device authorization flow. API keys remain available for legacy integrations.

Workspace

Read the workspace before queueing work.

Start each agent session by hydrating the workspace. This gives the agent the active project, current resources, next actions, and policy state.

Workspace
$ curl https://api-vera.symph.ai/v1/projects/proj_01hx6x9v2r \
>   -H "Authorization: Bearer vda_..."

Gmail

Verify the connected sender.

Vera sends through the selected verified Gmail alias. Stop if Gmail is disconnected, the sender is unconfirmed, or the required capabilities are missing.

Gmail status
$ curl https://api-vera.symph.ai/v1/projects/proj_01hx6x9v2r/gmail/status \
>   -H "Authorization: Bearer vda_..."

$ curl https://api-vera.symph.ai/v1/projects/proj_01hx6x9v2r/gmail/aliases \
>   -H "Authorization: Bearer vda_..."

Readiness

Check blockers before starting runs.

Readiness turns setup gaps into explicit blockers and warnings. External agents should route blockers back to the operator instead of forcing a run.

Project readiness
$ curl https://api-vera.symph.ai/v1/projects/proj_01hx6x9v2r/readiness \
>   -H "Authorization: Bearer vda_..."