Changelog

This page tracks every notable change to the Raster REST API. The format follows Keep a Changelog.

REST versioning is per-request via the Api-Version header — date strings, e.g. Api-Version: 2026-05-20. The header is required on every request. Every response carries Vary: Api-Version so caches key bodies per version. Pin a version in your client; existing integrations keep working against their pinned version until they choose to migrate.

2026-06-03 — Single-asset read, key context, library management

Added

• GET /:orgId/libraries/:libraryId/assets/:assetId — fetch one asset by id, returning the same Asset shape the list endpoint returns. Reads one asset's url, tags, description, and dimensions without paging GET /assets. Returns 404 when the asset is missing, in another library, or trashed. Available over GraphQL as the asset query and over MCP as the get_asset tool. See GET /assets/:assetId.
• GET /me — resolve the organization and libraries your API key can act on, so a client holding only a key can discover the organizationId every org-scoped endpoint needs. Mounted at /me. Available over GraphQL as the viewer query and over MCP as the whoami tool. Full parameters and response shape: GET /me.
• POST /libraries — create an organization, a starter library, and an API key with no account and no existing key, for clients (typically AI agents) creating a library on someone's behalf. Anonymous; available over both REST and MCP (the create_organization tool). Full parameters, response, and limits: POST /libraries.
• POST /:orgId/libraries — create a new library inside an organization you already have an API key for. The new library is granted to your key (so the same key can upload to it immediately) and is shown to your team in the web app; this needs a key with write access. Optional slug sets the URL. Available over MCP as create_library. See POST /:orgId/libraries.
• PATCH /:orgId/libraries/:libraryId — rename a library; the new name shows everywhere, including each team member's view. Available over MCP as rename_library. See PATCH /libraries/:libraryId.

Changed

• DELETE /:orgId/libraries/:libraryId/assets now moves assets to trash (soft delete) instead of deleting them immediately, matching the Raster app. Deleted assets leave GET /assets and search right away, stay recoverable from trash, and are permanently removed after 30 days. The request/response shape is unchanged; the success message now reads "Moved N assets to trash", and ids returns the assets actually moved (so ids.length equals N). The call is idempotent — re-deleting ids already in trash returns "Moved 0 assets to trash", ids: [], success: true. Emptying trash for good stays in the app. Applies to MCP delete_assets and GraphQL deleteAssets too.
• The anonymous, no-account MCP tool was renamed create_library → create_organization, because it mints a whole new organization. The new authenticated MCP create_library tool creates a library in an organization you already have a key for.

2026-05-28 — Asset metadata mutations

Added

• Batch-tag, untag, transfer, and re-describe assets over REST. Four new Write endpoints round out the metadata surface — agents and clients can now keep tags, descriptions, and library organization in sync without falling back to the web app:
  • POST /:orgId/libraries/:libraryId/assets/tag — apply up to 20 tags to up to 100 assets, returns { taggedCount }. See POST /assets/tag.
  • POST /:orgId/libraries/:libraryId/assets/untag — symmetric remove, returns { untaggedCount }. See POST /assets/untag.
  • PATCH /:orgId/libraries/:libraryId/assets/:assetId/description — replace a single asset's description verbatim (no trim, no AI rewrite), returns { assetId, description }. See PATCH /:assetId/description.
  • POST /:orgId/libraries/:libraryId/assets/transfer — move up to 100 assets to another library in the same organization, returns { transferredCount, sourceLibraryId, targetLibraryId }. See POST /assets/transfer.

2026-05-27 — Search API + Uploader cleanup

Added

• GET /:orgId/search/assets — search assets across the libraries an API key authorizes. Organization-scoped; supports q, libraries, page, and pageSize. Returns SearchResult with hits, found, and page; each hit is an Asset plus optional highlights and score. See GET /search/assets.
• Objects reference page consolidating the wire shapes (Asset, Library, Tag, SearchHit, SearchResult, SearchHitHighlights, Uploader, AssetView). Endpoint pages now link here instead of inlining each type.

Removed

• Uploader.integration removed from the wire. The source- identifier field is no longer returned on uploadedBy. Clients reading uploadedBy.integration will receive undefined. The full Uploader shape is now { name }. Allowed under the Alpha policy at the top of this page.

2026-05-20 — Initial Alpha release

Added

• REST transport at https://api.raster.app/organizations/..., mirroring the GraphQL surface over the same data and the same API keys.
• Api-Version request header (required) and Vary: Api-Version response header on every reply.
• { data } / { error: { code, message } } response envelope on every endpoint, including auth rejections and unknown-path 404s.
• GET /:orgId/libraries — list libraries in an organization.
• GET /:orgId/libraries/:libraryId/assets — list assets, with page, pageSize, and tags filters (repeatable or comma-separated).
• GET /:orgId/libraries/:libraryId/tags — list tags with limit.
• POST /:orgId/libraries/:libraryId/assets — multipart upload (files field), returns each new asset including a permanent CDN url.
• DELETE /:orgId/libraries/:libraryId/assets — batch delete by id.
• Timestamps on the wire are unix milliseconds (number).

Security

• Bearer-token authentication on every endpoint.
• Per-library access levels (Read / Write) enforced on every request before any data is read or written.