API Reference

Handler exposes two interfaces: MCP (for agents) and REST (for programmatic access). Both use the same authentication and return the same response format.

Authentication

Handler has two key types. The key prefix determines access level.

Key prefix	Type	Access
`sk-hndlr-*`	Agent key	Superpowers + management tools gated by `management_scopes`
`sk-owner-*`	Owner key	Full access — all superpowers and all management operations

Owner keys are issued via handler login --owner (CLI) or the CLI auth page. Agent keys are created by the owner via handler agents create or the dashboard.

MCP Endpoints

Handler exposes two MCP endpoints on the same host. Connect to the one that matches your agent's role.

/mcp — Superpowers (all agents)

Setting	Value
URL	`https://mcp.usehandler.dev/mcp`
Transport	Streamable HTTP
Tools visible	13 — 7 superpowers + 6 utilities (plus N connected services)
Auth (Option A)	OAuth — the client handles the browser flow automatically
Auth (Option B)	`Authorization: Bearer sk-hndlr-` or `sk-owner-`

/manage — Management (orchestrators & owners)

Setting	Value
URL	`https://mcp.usehandler.dev/manage`
Transport	Streamable HTTP
Tools visible	30 management tools — all shown, execution gated by member capabilities
Auth	`Authorization: Bearer sk-owner-` or `sk-hndlr-` (with management scopes)

Which endpoint should I use? Regular agents use /mcp only. Orchestrator agents add both endpoints to their MCP config — /mcp for doing things and /manage for governing the swarm. Owner keys work on both.

MCP Tools

Handler exposes 26 MCP tools. Eight are superpowers (billed), four are utility tools (free), and 14 are management tools (free, require management scopes or owner key).

Superpowers

Tool	Parameters	Description
`handler_research`	`query`, `task?`, `max_results?`, `url?`	Web search, content extraction, AI answers, similar pages
`handler_intel`	`task?`, `query?`, `email?`, `domain?`, `linkedin_url?`, `first_name?`, `last_name?`, `company?`	B2B people/company search and enrichment
`handler_monitor`	`task?`, `query?`, `max_results?`	Social media, news, and web monitoring
`handler_finance`	`task?`, `symbol?`	Stock quotes, crypto, financials, technicals
`handler_communicate`	`task?`, `to?`, `subject?`, `body?`, `message_id?`	Email send/read via agent inbox or connected services
`handler_audio`	`task?`, `audio_url?`, `text?`	Transcription, text-to-speech, audio summarization
`handler_marketing`	`task?`, `query?`	SERP analysis, Google Trends, shopping, maps, YouTube
`handler_generate`	`task?`, `prompt`, `system?`	AI text generation and content moderation

Utility Tools (free)

Tool	Parameters	Description
`handler_status`	none	Returns capabilities, balance, governance rules, and usage examples
`handler_connect`	`service?`	Browse available services or initiate OAuth connection for a specific service
`handler_disconnect`	`service`	Revoke a connected service and remove its tasks
`handler_connections`	none	List all connected services and available services to connect

Note: Parameters marked with ? are optional. Each superpower has a default task that executes when task is omitted. See Superpowers for the default task per superpower.

Management Tools

Available when authenticated with an owner key, or an agent key that has been granted the corresponding management scope. See Agent Swarms for setup.

Tool	Scope required	Description
`handler_manage_status`	`status:read`	Balance, monthly spend, agent count, pending approvals by tier
`handler_agents`	`agents:read`	List all agents with rules, scopes, delegate threshold, monthly spend
`handler_agent_detail`	`agents:read`	Full detail for a single agent including per-service rules
`handler_create_agent`	`agents:create`	Create a new agent — returns key once
`handler_update_rules`	`agents:update`	Update spending rules for an agent
`handler_deactivate_agent`	`agents:deactivate`	Deactivate or reactivate an agent
`handler_approvals`	`approvals:read`	List pending approvals — all tiers visible
`handler_decide`	`approvals:decide`	Approve or reject a delegated-tier approval
`handler_activity`	`activity:read`	Recent audit log entries with tool, cost, outcome, agent
`handler_spend_summary`	`spend:read`	Spend breakdown by agent and service
`handler_toggle_service`	`services:toggle`	Enable or disable a service for an agent
`handler_set_member_capability`	admin / owner	Grant or revoke a management capability for a member
`handler_pin_service`	admin / owner	Pin a service to require admin/owner approval regardless of policy
`handler_update_approval_routing`	`approvals:configure`	Set where approval holds are sent (dashboard, WhatsApp, Telegram, email, MCP)
`handler_invite_member` · `handler_manage_members`	`members:write`	Invite or update org members
`handler_manage_groups` · `handler_assign_profile_to_group` · `handler_unassign_profile_from_group`	`groups:write`	Manage groups and profile-group assignments
`handler_manage_templates` · `handler_manage_approval_policies`	`policies:write`	Manage profile templates and approval policies
`handler_effective_permissions`	`agents:read`	Show the final cascaded permissions for a profile
`handler_idp_status` · `handler_idp_sync_now`	`idp:read` / `idp:sync`	Inspect or trigger an IdP sync

REST API

For programmatic access outside of MCP, Handler provides a REST API.

Setting	Value
Base URL	`https://api.usehandler.dev/v2`
Auth (agent key)	`Authorization: Bearer sk-hndlr-YOUR_KEY`
Auth (owner key)	`Authorization: Bearer sk-owner-YOUR_KEY`
Content-Type	`application/json`

Superpower Endpoints

GET /v2/superpowers — List available superpowers and their tasks.

curl -H "Authorization: Bearer sk-hndlr-YOUR_KEY" \
  https://api.usehandler.dev/v2/superpowers

POST /v2/superpowers/:slug — Execute a superpower.

curl -X POST \
  -H "Authorization: Bearer sk-hndlr-YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "task": "search", "query": "AI agent frameworks" }' \
  https://api.usehandler.dev/v2/superpowers/handler_research

Management Endpoints

All /v2/manage/* endpoints require an owner key or an agent key with the appropriate management scope. See Agent Swarms for scope details.

GET /v2/manage/status — Owner balance, monthly spend, agent count, pending approvals. Scope: status:read.

curl -H "Authorization: Bearer sk-owner-YOUR_KEY" \
  https://api.usehandler.dev/v2/manage/status

GET /v2/manage/agents — List all agents with rules, scopes, delegate threshold, monthly spend. Scope: agents:read.

GET /v2/manage/agents/:id — Full detail for a single agent. Scope: agents:read.

POST /v2/manage/agents — Create a new agent. The key is returned once. Scope: agents:create.

curl -X POST \
  -H "Authorization: Bearer sk-owner-YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Worker-1", "auto_approve_below": 2, "monthly_cap": 50 }' \
  https://api.usehandler.dev/v2/manage/agents

PATCH /v2/manage/agents/:id/rules — Update spending rules (partial). Scope: agents:update.

curl -X PATCH \
  -H "Authorization: Bearer sk-owner-YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "auto_approve_below": 5, "monthly_cap": 100 }' \
  https://api.usehandler.dev/v2/manage/agents/AGENT_ID/rules

PATCH /v2/manage/agents/:id/scopes — Grant management scopes to an agent. Owner only.

curl -X PATCH \
  -H "Authorization: Bearer sk-owner-YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "scopes": ["agents:read", "approvals:read", "approvals:decide"] }' \
  https://api.usehandler.dev/v2/manage/agents/AGENT_ID/scopes

PATCH /v2/manage/agents/:id/delegate — Set the delegation threshold (approvals below this dollar amount route to the orchestrator instead of the owner). Owner only.

curl -X PATCH \
  -H "Authorization: Bearer sk-owner-YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "delegate_approve_below": 10 }' \
  https://api.usehandler.dev/v2/manage/agents/AGENT_ID/delegate

PATCH /v2/manage/agents/:id/active — Deactivate or reactivate an agent. Scope: agents:deactivate.

PATCH /v2/manage/agents/:id/services — Enable or disable a service for an agent. Scope: services:toggle.

PATCH /v2/manage/agents/:id/required-services — Replace the list of services this profile requires members to connect (full replacement, Composio toolkit slugs). Existing instances stay activated; members missing a newly required service see a "needs reconnection" prompt until they connect. Admin only.

curl -X PATCH \
  -H "Authorization: Bearer sk-member-YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"services":["gmail","github","slack"]}' \
  https://api.usehandler.dev/v2/manage/agents/AGENT_ID/required-services

PATCH /v2/manage/agents/:id/pin — Pin a service to always require owner approval regardless of delegation threshold. Owner only.

GET /v2/manage/approvals — List pending approvals across all tiers. Scope: approvals:read. Query params: agent_id, tier (delegated|owner_required), status, limit, offset.

POST /v2/manage/approvals/:id/decide — Approve or reject an approval. Scope: approvals:decide (delegated tier only) or approvals:decide:all (any tier). Owner key can decide any tier.

curl -X POST \
  -H "Authorization: Bearer sk-hndlr-ORCHESTRATOR_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "decision": "approved" }' \
  https://api.usehandler.dev/v2/manage/approvals/APPROVAL_ID/decide

GET /v2/manage/activity — Recent audit log entries. Scope: activity:read. Query params: agent_id, limit, since (ISO 8601), outcome.

GET /v2/manage/spend — Spend breakdown by agent and service. Scope: spend:read. Query params: period (7d|30d|all), agent_id.

POST /v2/manage/owner-keys — Create an owner API key. Requires Supabase dashboard session (not a bearer token). The full key is returned once.

Three-tier approval routing: When an agent makes a call that needs approval, it is routed to one of three tiers: auto_approve (below threshold, no human needed), delegated (below delegate_approve_below, orchestrator agent decides via approvals:decide), or owner_required (above threshold or pinned, owner handles via Telegram/WhatsApp). Set delegate_approve_below on an agent to enable the delegated tier.

Response Format

Every Handler call — whether via MCP or REST — returns a consistent response object:

{
  "status": "executed",
  "result": {
    // Superpower-specific result data
  },
  "cost": {
    "charged": 0.005,
    "superpower": "handler_research",
    "task": "search"
  },
  "budget": {
    "remaining": 9.995,
    "calls_remaining": 1999,
    "expires_at": "2026-04-28T00:00:00Z"
  },
  "context": {
    "type": "external"
  }
}

Status Values

Status	Meaning	What to do
executed	Call succeeded. Result is in the `result` field.	Use the result normally.
pending	Call is held for owner approval. The owner has been notified.	Wait for the owner to approve or reject. Retry later.
blocked	Call was blocked by a governance rule or spending cap.	Do not retry. Inform the user that the action is restricted.
auth_required	The required service is not connected. Includes an `auth_url`.	Present the `auth_url` to the user to connect the service.

Response Fields

Field	Type	Description
`status`	string	One of: `executed`, `pending`, `blocked`, `auth_required`
`result`	object	Superpower-specific result data. Only present when `status` is `executed`.
`cost.charged`	number	Amount charged for this call in dollars.
`cost.superpower`	string	Which superpower was invoked.
`cost.task`	string	Which task within the superpower was executed.
`budget.remaining`	number	Remaining balance in dollars for the current billing cycle.
`budget.calls_remaining`	number	Approximate number of standard calls remaining.
`budget.expires_at`	string	ISO 8601 timestamp when the current billing cycle ends.
`context.type`	string	`external` for Handler-provided services, `internal` for owner-connected services.

Error Handling

When a call fails, Handler returns an error object instead of a result:

{
  "status": "error",
  "error": {
    "code": "unauthorized",
    "message": "Invalid or expired agent key"
  }
}

Error Codes

Code	HTTP Status	Description
`unauthorized`	401	Invalid, expired, or missing agent key. Check your `sk-hndlr` key.
`rate_limited`	429	Too many requests. Back off and retry after the `Retry-After` header value.
`temporarily_unavailable`	503	The underlying service is temporarily unavailable. Retry after a short delay.
`invalid_query`	400	Missing or invalid parameters. Check the required parameters for the superpower.
`forbidden`	403	The key lacks the required management scope. The `message` field names the missing scope.
`wrong_tier`	403	Approval is `owner_required` tier — only the owner can decide it. Agent needs `approvals:decide:all` for cross-tier decisions.

Tip: For MCP clients, errors are returned as tool results (not HTTP errors), so your agent can read the error message and decide how to proceed. For the REST API, errors use standard HTTP status codes.