HTTP Endpoints
REST-style endpoints available alongside JSON-RPC. User-scoped endpoints usually require Authorization: Bearer <token>. Large-file chunk uploads can also use the scoped x-mcp-upload-token returned by prepare_local_file_upload.
Provenance
Every request to /api/mcp is tagged with a provenance: an identifier for which surface initiated it. ONCE auto-detects:
AIMD: the requestOrigin/Referermatchesapp.aimusicdistributor.com, OR the JSON-RPC arguments include"provenance": "AIMD"(used for server-to-server calls).MCP: every other authenticated MCP client.
Billing is the same on every surface: 1 credit per human song, 2 credits per AI-detected song. Provenance (MCP vs AIMD) is recorded on the release row (releases.mcp_provenance) for analytics in the admin AI dashboard, it does not change the rate.
Authentication
OAuth metadata discovery (no auth required)
GET /.well-known/oauth-protected-resourceGET /.well-known/oauth-protected-resource/api/mcpGET /.well-known/oauth-authorization-serverGET /.well-known/openid-configuration
OAuth authorization + token
GET /oauth/authorizePOST /oauth/tokenPOST /oauth/register
Most MCP clients use these automatically when they receive a 401 challenge from /api/mcp.
Upload
POST /api/mcp/upload (requires auth)
Multipart form-data with fields:
| Field | Description |
|---|---|
file | Binary file data |
type | coverArt or audio |
Returns fileUrl for use in submission payloads.
Large local files in Claude Code / Cursor
- Call the
prepare_local_file_uploadMCP tool. - Upload chunks to
POST /api/mcp/upload/chunkwithx-mcp-upload-token. - Finish with
POST /api/mcp/upload/completeusing the same scoped token.
Draft Snapshot
POST /api/mcp/draft (requires auth)
Save work-in-progress metadata before final submission.
{
"releaseId": "optional",
"conversationId": "optional",
"mode": "delta",
"release": { ... },
"tracks": [ ... ],
"trackPatches": [ ... ],
"uploadRequests": [ ... ],
"status": "collecting"
}Submit Release
POST /api/mcp/submit (requires auth)
{
"release": { ... },
"tracks": [ ... ],
"releaseId": "optional",
"conversationId": "optional",
"tokenOffset": false
}Rate limited. On 429 response, check retryAfterSeconds.
Note: MCP submissions debit credits from the authenticated ONCE account.
Token Offset (optional): Set tokenOffset: true to add a flat +1 credit ($1) that funds tokenoffset.com to offset the AI environmental cost of the release. Recorded in release_token_offsets and surfaced as a separate credit_transactions row with ref=token_offset:<release_id> so it shows up cleanly in the user’s credit history. Available on every MCP surface (Non-AIMD and AIMD). The agent is expected to offer this opt-in to the user before submitting.
AI Detection
The Vobile/Pex AI Song Detector is exposed as the detect_audio_ai MCP tool, there is no dedicated REST endpoint. After uploading audio, call the tool with the returned fileUrl to read back the detection result (including the predicted-model classification). See API Reference → AI Detection.
Profile, Pricing & Credits
The agent can fetch the authenticated user’s profile, the price list, and the credit balance directly:
get_profileMCP tool, returns id, email, name, signed avatar URL, patron + admin flags. MirrorsGET /api/profile.get_pricingMCP tool, returns the full price list: $1/credit, per-song cost (1 credit human / 2 credits AI), the Token Offset add-on, every discounted bulk bundle (with itspackageId), and how auto-reload works. No auth-specific data. MirrorsGET /v1/pricing.get_creditsMCP tool, returns balance, lifetime aggregates, and recent transactions. MirrorsGET /api/credits.create_credit_checkout_sessionMCP tool, creates a Stripe Checkout session for buying credits. Passcreditsfor a custom $1/credit amount orpackageIdfor a discounted bundle. Hosted mode (uiMode: "hosted") returns a payableurl; embedded mode returns aclientSecretfor web UIs. PasssavePaymentMethod: trueto keep the card for auto-reload.
See API Reference → Profile & Credits.
Auto-reload
Auto-reload tops the balance back up off-session whenever it falls to the threshold (0 by default), so a release never stalls mid-submission.
get_autoreloadMCP tool, returns the current config (enabled, reload amount, threshold, saved card, last status). MirrorsGET /v1/me/autoreload.set_autoreloadMCP tool, enables/disables/reconfigures it. Choose the reload amount withpackageId(a bundle) or a customquantity; enabling needs a saved card (paymentMethodId, or omit it to reuse the most recent saved card). MirrorsPOST /v1/me/autoreload.
To set it up end-to-end, call create_credit_checkout_session with savePaymentMethod: true, then set_autoreload with { "enabled": true, "packageId": "credits_100" }.
List Releases
GET /api/mcp/releases?limit=100 (requires auth)
Returns the most recent releases for the authenticated user.
Release Metadata
GET /api/mcp/releases/:id/metadata (requires auth)
Returns merged metadata for a release (draft snapshot or latest merged data).
Release Status
GET /api/mcp/releases/:id/status (requires auth)
Returns store and aggregate status information.
Job Status
GET /api/mcp/release-jobs/:id (requires auth)
Returns job processing status and error information.
Performance Analytics
Streaming performance is exposed as two read-only MCP tools (no dedicated REST endpoint). Both default to the trailing 30 days and accept an optional fromDate/toDate window (YYYY-MM-DD). Data is scoped to the authenticated user’s releases.
get_performance_summaryMCP tool — catalog-wide totals, daily time series, top stores, and top releases.get_release_performanceMCP tool — per-release totals, daily time series, per-store breakdown, and (withincludeTracks: true) per-track streams.