Vera API + MCP
Two ways to plug Vera into your stack: the REST API for push-style integrations (CRM, n8n, Slack), or the MCP server for letting your own AI agents pull live intelligence. Both are included on every plan. Manage keys in dashboard Settings.
Authentication
Every request takes a Bearer token. Create keys in Settings → API keys.
Authorization: Bearer vera_live_<your_key>text
API access is included on every plan. Rate limits: 30 req/min on Starter and Individual, higher limits on Team. Over-limit responses include Retry-After and X-RateLimit-Remaining headers.
Auth
/api/v1/public/usageGet usage
Current month's usage against your plan's caps: accounts researched, accounts watched, contact unlocks and more. The simplest endpoint to test your key works.
curl https://api.veraa.ai/api/v1/public/usage \ -H "Authorization: Bearer vera_live_..."curl
Leads
/api/v1/public/leadsList leads
Paginated list of leads in your pipeline. Filter by rating (hot/warm/cold) or status.
curl "https://api.veraa.ai/api/v1/public/leads?rating=hot&limit=20" \ -H "Authorization: Bearer vera_live_..."curl
/api/v1/public/leads/{lead_id}Get a lead
Full lead record including the entire enrichment_data blob — tech stack, news, threat alerts, GTM briefing, website intel.
curl https://api.veraa.ai/api/v1/public/leads/8f4cab97-... \ -H "Authorization: Bearer vera_live_..."curl
/api/v1/public/leads/{lead_id}/briefingGet just the briefing
Trim view that returns only the GTM briefing for piping into a CRM activity, Slack message, or email sequencer without pulling the full enrichment blob.
curl https://api.veraa.ai/api/v1/public/leads/8f4cab97-.../briefing \ -H "Authorization: Bearer vera_live_..."curl
/api/v1/public/leadsCreate a lead
Add a new lead to your pool. Provide at least one of email or linkedin_url. Set enrich=true to enrich + score it inline (uses one monthly research slot).
curl -X POST https://api.veraa.ai/api/v1/public/leads \
-H "Authorization: Bearer vera_live_..." \
-H "Content-Type: application/json" \
-d '{
"email": "ceo@example.com",
"linkedin_url": "https://linkedin.com/in/...",
"company_name": "Example Co",
"company_domain": "example.com",
"enrich": true
}'curl/api/v1/public/leads/enrichEnrich existing leads
Trigger full enrichment + scoring for one or more existing leads. Uses one monthly research slot per lead. Returns 402 if you'd exceed your plan's monthly allowance.
curl -X POST https://api.veraa.ai/api/v1/public/leads/enrich \
-H "Authorization: Bearer vera_live_..." \
-H "Content-Type: application/json" \
-d '{"lead_ids": ["8f4cab97-...", "abc12345-..."]}'curlSignals
/api/v1/public/signalsList signals
Recent signals detected across your prospects. Every row carries company_domain, company_name and person_name (when the signal names a person), so you can route by account without parsing headlines. Filter by signal_type to narrow.
curl "https://api.veraa.ai/api/v1/public/signals?signal_type=cve_in_stack&limit=50" \ -H "Authorization: Bearer vera_live_..."curl
Watchlist
/api/v1/public/watchlistList watchlist
The accounts Vera is watching for you: name, domain, priority, monitoring state and last-monitored time. Use it to reconcile your CRM against what Vera watches. Free and read-only.
curl "https://api.veraa.ai/api/v1/public/watchlist?limit=100" \ -H "Authorization: Bearer vera_live_..."curl
/api/v1/public/watchlistAdd to watchlist
Add a company to the watchlist. Vera's weekly monitor polls watched companies for changes (new blog posts, leadership changes, breach exposure) and surfaces alerts via the signals endpoint and webhooks.
curl -X POST https://api.veraa.ai/api/v1/public/watchlist \
-H "Authorization: Bearer vera_live_..." \
-H "Content-Type: application/json" \
-d '{
"company_name": "Acme Corp",
"company_domain": "acme.com",
"priority": 5
}'curlWebhooks
Real-time event delivery
Configure webhook endpoints in Settings → Webhooks. Vera POSTs signed JSON to your URL whenever the events you subscribed to fire.
import crypto from "node:crypto";
const REPLAY_TOLERANCE_SECONDS = 300; // 5 min
app.post("/webhooks/vera", express.raw({type: "application/json"}), (req, res) => {
const sig = req.headers["x-vera-signature-v2"];
const ts = parseInt(req.headers["x-vera-timestamp"], 10);
// 1. Reject replays — timestamp must be within 5 min of now
if (!ts || Math.abs(Date.now() / 1000 - ts) > REPLAY_TOLERANCE_SECONDS) {
return res.status(401).send("timestamp too old");
}
// 2. Verify HMAC over "{timestamp}.{raw_body}"
const signed = Buffer.concat([Buffer.from(`${ts}.`), req.body]);
const expected = "sha256=" + crypto
.createHmac("sha256", VERA_WEBHOOK_SECRET)
.update(signed)
.digest("hex");
if (!crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(sig))) {
return res.status(401).send("invalid signature");
}
const event = JSON.parse(req.body);
// event.id, event.event, event.created_at, event.data
res.sendStatus(204);
});jsThe V2 signature signs "{timestamp}.{body}" instead of just the body, which prevents replay attacks. The legacy X-Vera-Signature (body-only) header is still sent for backward compatibility — switch to V2 when you can.
signal.detected fires for buying-trigger signal types only (breach, leadership change, funding, security hiring, person engagement) — not the full ~50 collected types. Stops the noise. account.went_hot fires when a monitor pass surfaces fresh material changes. account.suggestion_created fires when a new candidate lands in your Suggestions pool.
0s → 30s → 5min → 1hr → 6hr → 24hr, then dead. Manually replay from the dashboard.
Each delivery has X-Vera-Delivery — store the ID and reject duplicates.
X-Vera-Signature-V2 (replay-safe, recommended), X-Vera-Timestamp (epoch), X-Vera-Signature (legacy body-only), X-Vera-Event, X-Vera-Delivery.
From Settings → Webhooks, hit the "Send" icon on any endpoint to fire a synthetic webhook.test event. Lets you confirm receiver wiring before waiting for a real event.
MCP server
Talk to Vera from your own AI surface
Connect Claude in Slack, n8n agents, ChatGPT, or any MCP-capable client. Your agent gets Vera's 17 tools (search/count accounts, signals, compare, account, ICP, watchlist) with the same RLS scoping as your dashboard.
https://veraa.ai/api/mcp Authorization: Bearer <your_mcp_token>text
Generate per-agent tokens in dashboard Settings → MCP access. One token per surface (your Slack bot, your n8n flow, etc.) so revoking one doesn't take the others down.
{
"mcpServers": {
"vera": {
"type": "http",
"url": "https://veraa.ai/api/mcp",
"headers": {
"Authorization": "Bearer vera_..."
}
}
}
}jsonEach tool returns structured JSON ready for downstream composition. find_companies runs ad-hoc Apollo-backed company search. The propose_* tools return a confirm card the end user has to slide-to-confirm; unlock_contact, delete_account and delete_person act immediately, so your agent should ask before calling them.
Your token only sees your own watchlist + ICP. No cross-org data is ever reachable.
propose_icp_change + propose_add_to_watchlist always slide-to-confirm in Vera. unlock_contact and the delete tools act immediately.
Search, compare and account reads are free. enrich_account uses a monthly research slot, unlock_contact a monthly contact reveal. get_plan_usage shows what's left.