rfp.ai REST API Documentation

Creating an API Token

1. Log in to your rfp.ai dashboard
2. Go to Settings → API & Extensions → API Tokens
3. Click Create Token
4. Name your token (e.g., "Production Server")
5. Copy and save the token securely (you won't see it again!)

Using the Token

Authorization: Bearer YOUR_API_TOKEN

Example Request

curl -X GET https://rfp.ai/api/projects \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

How do I authenticate with the rfp.ai API?

Use Bearer token authentication. Include your API token in the Authorization header: Authorization: Bearer YOUR_TOKEN. Create tokens in Settings → API Tokens (requires Starter plan or higher).

What are the API rate limits?

Rate limits depend on your plan: Free (10 req/min), Starter (30 req/min), Professional (60 req/min), Enterprise (unlimited). Exceeding limits returns a 429 error with a retry-after header.

Can I generate AI answers via the API?

Yes. POST to /api/ask with projectId, question, and optional wordLimit. Returns AI-generated answer with trust score, source citations, and confidence level.

What export formats does the API support?

The API supports exporting to Word (DOCX), PDF, Excel (XLSX), CSV, and PowerPoint (PPT). Use POST /api/export/{format} endpoints.

Is there a sandbox or test environment?

Use the main API with a test project. Create a project specifically for testing, upload test documents, and experiment with API calls without affecting production data. All plans include project creation.

Can I use the API for batch processing?

Yes. You can make multiple API calls within your rate limit to process questions in bulk. For large volumes, consider Enterprise plan for unlimited rate limits or contact us for batch processing options.

How are API tokens secured?

Tokens are hashed and stored securely. You can view token metadata but never the actual token value after creation. Tokens are org-scoped (can only access your organization's data), carry one or more scopes (read, projects.write, qa.write, qa.approve, kb.write), and can be revoked anytime from Settings. New tokens default to read.

Can MCP agents (Claude, Cursor) write data, not just read?

Yes — at /api/mcp we expose 18 MCP tools (9 read + 9 write). Write tools require an explicit token scope, hit per-scope rate sub-caps, and every call is recorded in a per-org MCP audit log (with sensitive payloads redacted). See the Agents on rfp.ai page or the full MCP integration docs.

Does the API include source citations?

Yes. All AI-generated answers via /api/ask include source citations showing which documents and pages were used, plus confidence scores for transparency.

Python

import requests

API_TOKEN = "your_api_token_here"
BASE_URL = "https://rfp.ai/api"

headers = {
    "Authorization": f"Bearer {API_TOKEN}",
    "Content-Type": "application/json"
}

# Generate an answer
response = requests.post(
    f"{BASE_URL}/ask",
    headers=headers,
    json={
        "projectId": "proj_123",
        "question": "What is your HIPAA compliance status?",
        "wordLimit": 200
    }
)

data = response.json()
print(f"Answer: {data['answer']}")
print(f"Trust Score: {data['trustScore']}")

JavaScript/Node.js

const API_TOKEN = "your_api_token_here";
const BASE_URL = "https://rfp.ai/api";

// Generate an answer
const response = await fetch(`${BASE_URL}/ask`, {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${API_TOKEN}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    projectId: "proj_123",
    question: "What is your HIPAA compliance status?",
    wordLimit: 200
  })
});

const data = await response.json();
// Use the answer and trust score
// const answer = data.answer;
// const trustScore = data.trustScore;