Direct HTTP and CLI path.
The direct HTTP and CLI path uses https://api.assets.hoistai.com/v1. Health is public; ABN/PPSR endpoints require a Hoist Assets API key and approved source access. Use MCP at https://mcp.assets.hoistai.com/mcp when an AI host needs OAuth consent.
About the Hoist Connector
Hoist connects your AI tool of choice to Australian source data. Ask whether a business, asset, invoice, or counterparty checks out. Hoist checks the sources and returns an Evidence Pack: verdict, source checks, timestamps, risk flags, and next steps. The Due Diligence Record PDF is included where a search produces one.
Hoist works across MCP hosts, API clients, and CLI workflows. This page covers direct HTTP and CLI. Use MCP for OAuth-approved agent-host access; use API or CLI when you control the API-key call path.
Current status. API health, MCP discovery, OAuth metadata, dynamic client registration, and protected MCP/API entry points are live. Tool calls require OAuth or an API key. Real PPSR and ABN source checks require approved account access and source readiness.
GET https://api.assets.hoistai.com/v1/_health is live. Protected API endpoints intentionally return 401 without Authorization: Bearer $HOIST_ASSETS_API_KEY. CLI calls use --token or HOIST_ASSETS_API_KEY. MCP calls use OAuth consent at https://mcp.assets.hoistai.com/mcp.Direct API example
# Run a PPSR organisation search (requires API key and approved source access)
curl https://api.assets.hoistai.com/v1/ppsr/search \
-H "Authorization: Bearer $HOIST_ASSETS_API_KEY" \
-H "Content-Type: application/json" \
-d '{"acn":"123 456 789","sample response":true}'Steps API-key access
- Create a Hoist Assets API key. Approved accounts get direct API and CLI key access.
- Export:
export HOIST_ASSETS_API_KEY=<api_key> - Run the curl above. Response will be JSON when the key, scopes, account access, and source readiness allow the check.
Smoke test Live health probe
First run GET https://api.assets.hoistai.com/v1/_health. Protected endpoints return 401 without an API key. Then replace 123 456 789 with an approved test subject once your account has source access. For AI-host OAuth, use the MCP endpoint at https://mcp.assets.hoistai.com/mcp.
Troubleshooting
- Getting 401 without an API key. That is expected. Send
Authorization: Bearer $HOIST_ASSETS_API_KEY. - Getting 401 with an API key. Check the key, scopes, and account/source enablement.
- 403 on the MCP endpoint. Re-approve OAuth - the cached token may have expired or had scopes revoked.
- Still stuck? Contact us with the host name and the error message.
What to ask after connect
With token access and approved source access, these are the queries you can drive from any HTTP client or CLI script:
- "Can we finance this vehicle for this ABN?" (calls
POST /v1/ppsr/search+GET /v1/abn/{abn}) - "Is this asset encumbered?" (calls
POST /v1/ppsr/searchwith serial number or ACN) - "Does this business have current GST registration?" (calls
GET /v1/abn/{abn}/gst) - "Is this broker licensed?" (calls
GET /v1/abn/{abn}/history) - "What changed since we last checked this counterparty?" (calls
GET /v1/abn/{abn}/history) - "Export the Evidence Pack for deal reference AU-2026-0042." (calls
GET /v1/evidence-packs/{ref})
For AI-host OAuth, use the MCP endpoint at https://mcp.assets.hoistai.com/mcp. Hoist returns source-backed evidence. It does not guarantee that a transaction is safe, legal, compliant, or financeable. Paid searches require confirmation before executing.