Esta página se muestra en inglés. La versión en español está en camino.
Agents, MCP, and OAuth
Quotrr is built to be read by agents. This page is the developer-facing version of the agent surface: how to discover Quotrr, how to identify, and how to act for a person with their consent.
Discovery
Everything an agent needs to find and read Quotrr is public:
- /llms.txt at the domain root. A plain-text map of the surface for language models.
- /.well-known/agents.json. The agent discovery file: auth model, scopes, rate limits, and contact.
- https://api.quotrr.com/openapi.json. The OpenAPI 3.1 spec for the full API.
- mcp.quotrr.com. The MCP server preview.
Reading llms.txt
Start at the root. The llms.txt file states what is free to query, what needs human consent, and what is off-limits, then points at agents.json and the OpenAPI spec. Fetch it first, follow its links, and you have the whole surface.
curl -s https://quotrr.com/llms.txt
curl -s https://quotrr.com/.well-known/agents.jsonIdentity and consent: OAuth 2.0 with PKCE
Agent identity and human consent both run on OAuth 2.0 with PKCE.
- Agent identity. Establish a verified identity for higher limits. Unknown agents get a low anonymous tier: cached responses and a challenge.
- Human consent. Any action for a person needs a delegated, scoped, expiring token that person signed. The token names exactly what the agent may do, expires on its own, and can be revoked. Every consented action is logged in the human's audit trail and is reversible for 24 hours.
Pass the consent token as a bearer token. The write endpoints, request a quote and submit a review, document the exact scope each one needs.
Authorization: Bearer <consent-token>MCP tools
The MCP server preview exposes these tools, which map onto the same endpoints documented in this reference:
- get_price_range(trade, zip, scope). Anonymized local price range. See price-range.
- find_contractors(trade, zip, filters). Public contractor profiles. See contractors.
- check_contractor_reputation(handle). Score and Props for a handle. See contractor reputation.
- request_quote(homeowner_info, scope, consent_proof). Consent-gated. See quote-requests.
- submit_review(verified_job_id, rating, props). Consent-gated. See reviews.
Rate and cost limits
Limits are per agent identity. Verified agents get higher ceilings. Each identity also has a daily cost budget, and access auto-disables for the day on a breach. Every query is logged with identity, route, cost, and response size. The full policy and the rules of the road are on the agent surface page and in the Terms.