Skip to main content

What you’ll have at the end

This works at the end of the quickstart:
curl -X POST https://api.userepo.com/v1/ask \
  -H "Authorization: Bearer repo_your_key" \
  -H "Content-Type: application/json" \
  -d '{"query": "What did we decide about the brand color?", "limit": 5}'
{
  "question": "What did we decide about the brand color?",
  "answer": "[1] The team kept the lime-green accent — Q2 testing showed higher click-through vs. the navy variant.",
  "citations": [
    { "index": 1, "sourceItemId": "uuid", "title": "Brand decisions" }
  ],
  "context": [
    {
      "title": "Brand decisions",
      "url": "https://www.notion.so/Brand-decisions-...",
      "provider": "notion",
      "syncedAt": "2026-05-30T20:00:00Z"
    }
  ]
}
A real Notion page → a cited answer your agent can render with a clickable source link. Four steps.

1. Create your workspace

1

Sign up at userepo.com/console

Confirm your email when Supabase sends the verification link.
2

Create a workspace

Pick a name. This is your organization — all sources, agents, and audit logs are scoped to it.
3

Start your free trial

Pick Builder, Studio, or Scale. Card required, 7 days free, cancel anytime in the trial window with no charge. The console requires a plan before you reach the dashboard so the agent path you’re about to build is always live.

2. Connect a source

In the console, open the Sources tab and click Connect on Slack or Notion. These work immediately via standard OAuth.
Drive and Gmail are gated while Google reviews Repo for verified-app status (4–6 week window, started 2026-05-24). Click Request access on either card and we’ll add your email as a Google Cloud test user within 24h — then Connect works the same way as Slack/Notion.
The first sync starts automatically the moment OAuth completes. Watch progress in the Activity tab; typical first-sync time is under 2 minutes for small workspaces, 10–15 minutes for large ones.

3. Mint an API key

In the Developers tab, click New API key and configure:
  • Name — what this key represents, e.g. support-agent-prod
  • Actor typeagent for AI agents (default)
  • Allowed actions — pick the minimum: usually search + context + ask
  • Allowed providers — leave null for “all” or pick a subset like ["slack", "notion"]
Copy the repo_... secret — it’s shown once. Treat it like a Stripe secret: secrets manager, never in client-side code, never in git.

4. Call the API

curl -X POST https://api.userepo.com/v1/ask \
  -H "Authorization: Bearer repo_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "What did we decide about the brand color?",
    "limit": 5
  }'
const response = await fetch("https://api.userepo.com/v1/ask", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.REPO_API_KEY}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    query: "What did we decide about the brand color?",
    limit: 5
  })
});

const { answer, citations, context } = await response.json();
console.log(answer);
import os
import requests

response = requests.post(
    "https://api.userepo.com/v1/ask",
    headers={"Authorization": f"Bearer {os.environ['REPO_API_KEY']}"},
    json={"query": "What did we decide about the brand color?", "limit": 5}
)

data = response.json()
print(data["answer"])
Behind that single call: bearer auth check, per-action rate limit, credit budget enforcement, scoped vector search against your org’s embeddings, OpenAI completion with a citation-grounded prompt, and an audit-log entry. You did none of it.

You’re done. Now make it real.

The quickstart shipped you the simplest possible call. Your real agent will probably want:

The Context Contract

/v1/context returns hits + citations + exclusions + limitations so your agent can honestly say “I have data I’m not allowed to share” instead of pretending.

Bring your own LLM

Skip /v1/ask and call /v1/context instead — same retrieval, you craft the prompt and pick the model.

Scope keys narrowly

Mint one key per logical agent with the minimum set of actions + providers. If a key leaks, blast radius = one agent.

Audit the agent

Every retrieval is logged. Pull the trail for SOC 2 review or to debug “what did the agent see at 3am last Tuesday?”