curl and direct HTTP
Use direct HTTP when you control the bearer-token call path. Use MCP at https://mcp.assets.hoistai.com/mcp when a host needs OAuth consent and tool discovery.
REST health probe
Section titled “REST health probe”curl https://api.assets.hoistai.com/v1/_healthREST authenticated call
Section titled “REST authenticated call”export HOIST_TOKEN=<oauth_access_token>
curl https://api.assets.hoistai.com/v1/abn/11695718659 \ -H "Authorization: Bearer $HOIST_TOKEN"PPSR organisation search
Section titled “PPSR organisation search”curl https://api.assets.hoistai.com/v1/ppsr/search \ -H "Authorization: Bearer $HOIST_TOKEN" \ -H "Content-Type: application/json" \ -d '{"subject_kind":"organisation","acn":"123456789","purpose":"counterparty check"}'MCP endpoint
Section titled “MCP endpoint”MCPhttps://mcp.assets.hoistai.com/mcp
MCP calls require an OAuth token with the matching scopes. If you are building a custom host, discover metadata at https://mcp.assets.hoistai.com/.well-known/oauth-authorization-server.
Troubleshooting
Section titled “Troubleshooting”401without a token is expected on protected REST routes.401with a token usually means the token is expired, malformed, or issued for the wrong audience.403usually means the token is valid but lacks scope, account access, or source readiness.