> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sidenet.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a tool provider (optionally with its API tools)

> Creates an api/mcp/sidenet provider for the org. For API providers an optional `tools` array creates tools in the same call. Sensitive credentials go in `auth_secret` (stored in Vault). Reloads the org tools and rebuilds dependent agents.



## OpenAPI

````yaml /api-reference/openapi.json post /v1/tool-providers
openapi: 3.1.0
info:
  title: Sidenet API
  version: 1.0.0
  description: >-
    Custom HTTP endpoints exposed by the Sidenet Mastra server. All routes
    require a bearer token and resolve org context from the API key (or the
    `X-Organization-Id` header). This reference is generated from the live route
    definitions in `src/mastra/routes`.
servers:
  - url: ''
security:
  - bearerAuth: []
paths:
  /v1/tool-providers:
    servers:
      - url: /
    post:
      tags:
        - V1
        - Tool Providers
      summary: Create a tool provider (optionally with its API tools)
      description: >-
        Creates an api/mcp/sidenet provider for the org. For API providers an
        optional `tools` array creates tools in the same call. Sensitive
        credentials go in `auth_secret` (stored in Vault). Reloads the org tools
        and rebuilds dependent agents.
      parameters:
        - name: X-Organization-Id
          in: header
          required: false
          schema:
            type: string
          description: >-
            Organization to scope the request to. Optional when authenticating
            with an org API key (the org is taken from the key; if sent, it must
            match). Required when authenticating with the trusted key.
        - name: X-User-Id
          in: header
          required: false
          schema:
            type: string
          description: >-
            End-user identity for the request; user-scoped data (threads,
            memory) resolves to `{orgId}_{userId}`. Required by endpoints that
            read or write user-scoped resources. A `userId` query param (or body
            field, where documented) is accepted as a fallback.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                name:
                  type: string
                  minLength: 1
                type:
                  type: string
                  enum:
                    - api
                    - mcp
                    - sidenet
                  default: api
                base_url:
                  type: string
                  format: uri
                description:
                  type: string
                  nullable: true
                auth_type:
                  type: string
                  enum:
                    - basic
                    - bearer
                    - api-key
                    - oauth2
                    - custom
                  nullable: true
                auth_config:
                  type: object
                  additionalProperties: {}
                  nullable: true
                default_headers:
                  type: object
                  additionalProperties:
                    type: string
                  nullable: true
                runtime_auth:
                  type: boolean
                timeout_ms:
                  type: integer
                  minimum: 1000
                  maximum: 30000
                mcp_transport:
                  type: string
                  enum:
                    - streamable_http
                    - sse
                  nullable: true
                auth_secret:
                  type: object
                  additionalProperties: {}
                tools:
                  type: array
                  items:
                    type: object
                    properties:
                      name:
                        type: string
                        minLength: 1
                      description:
                        type: string
                        nullable: true
                      method:
                        type: string
                        enum:
                          - GET
                          - POST
                          - PUT
                          - PATCH
                          - DELETE
                        default: GET
                      path:
                        type: string
                        minLength: 1
                      input_schema:
                        type: object
                        additionalProperties: {}
                        nullable: true
                      output_schema:
                        type: object
                        additionalProperties: {}
                        nullable: true
                      timeout_ms:
                        type: integer
                        minimum: 1000
                        maximum: 120000
                      is_enabled:
                        type: boolean
                      operation_id:
                        type: string
                      tags:
                        type: array
                        items:
                          type: string
                      deprecated:
                        type: boolean
                    required:
                      - name
                      - path
                    additionalProperties: false
              required:
                - name
                - base_url
              additionalProperties: false
      responses:
        '201':
          description: Created
        '400':
          description: Bad request
        '403':
          description: Forbidden
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        Org API key (scopes the request to its organization) or the shared
        trusted key (requires `X-Organization-Id` on every request).

````