TeraVera Secure AI

API Developer Documentation

Welcome to the TeraVera Secure AI API Developer Documentation. This guide provides everything you need to integrate, authenticate, and interact with our secure AI services.

Get started quickly with our clear examples and best practices.

View Documentation Request Access Contact Support

Example cURL Request

curl --location "https://api.teravera.com/api/AuthenticateFunction?code=HieH2aRe4eQZ4D-x6usgBImy2vTJHvoiCg3nfLM0B-jiAzFukK4wYQ==" \
--header "Content-Type: application/json" \
--data '{
    "Username": "YOUR-USER-HERE",
    "AccessKey": "YOUR-USER-KEY",
    "OrganisationId": "YOUR-ORG-ID"
}'

Introduction

System Overview

The TeraVera AI is an enterprise-grade, Azure native AI Agent platform designed for secure, scalable document querying. It processes uploaded documents into searchable content using vector embeddings, keyword search, and LLM-based response generation.

The APIs and endpoints described in this document are intended for developers integrating directly with the system. This includes functionality for document upload, query execution, and response handling. Authentication is handled via OAuth 2.0, and all operations are executed within the scope of the client's secure Azure environment.

Key Features:

Secure Document Ingestion: Current File Type support (PDF, DOCX, TXT, CSV, Excel)
Dynamic Indexing Pipeline: Documents are automatically chunked, embedded, and stored.
Multi-Modal Retrieval: Combines vector search, BM25 keyword ranking, and semantic reranking to return highly relevant document chunks.
LLM-Based Response Generation: Retrieved data processed and sent along with the prompt to an Azure-hosted LLM (e.g., ChatGPT-4o).
Tenant-Level Isolation: Each client operates in a fully separated Azure environment enforced via RBAC and Zero Trust architecture.
No Data Retention: All queries, intermediate data, and outputs are transient—nothing is stored or used for model training.
Scalable and Fault-Tolerant: The system leverages serverless orchestration to dynamically scale and recover from transient failures.

Authentication Endpoint

All API requests to the TeraVera AI system must be authenticated using a valid JWT bearer token. Tokens are issued via the /api/Auth/GenerateToken endpoint.

Authentication Token Request Format

Requests to the authentication endpoint include a username, access key, and organisation ID:

{
    "Username": "Your Username Here",
    "AccessKey": "Your Access Key Here",
    "OrganisationId": "Your Organisation ID Here"
}

Authentication Token Success Response

On successful authentication, a signed JWT is issued as a session token and returned in a Set-Cookie header:

{
    "Entity": {
        "Token": "Output JWT Token Here",
        "Expires": "expiry date here - yyyy-MM-ddTHH:mm:ssZ",
        "PublicUserName": "Your Username here"
    },
    "ErrorMessage": "",
    "IsSuccess": true
}

Authentication Token Error Responses

If the authentication endpoint fails, it will produce one of the following error codes

Status Code	Description	Common Causes
400 Bad Request	Request is malformed or missing fields	Missing username or password
500 Internal Server Error	Unhandled backend exception	Unexpected runtime error Incorrect username or password as this is proxied to an external token issuer
503 Service Unavailable	Auth/session infrastructure is unreachable	Token validation or session DB temporarily down

File Upload Endpoint

The /api/ReceiveAndUploadFileFunction endpoint handles uploading of both unstructured documents and structured tabular files.

Supported file types include .pdf, .docx, .txt, .csv, .xlsx, and .xls.

Upload Request Format

Request to the upload endpoint must include an authorisation header with the bearer token obtained from the authentication endpoint as well as the form data containing the file to be uploaded which is structured as follows:

{
    "AgentId": "Your Agent ID Here",
    "OrganisationId": "Your Organisation ID Here",
    "file": "file form-data"
}

Upload Success Response

A successful file upload returns the following response format, regardless of file type:

{
    "Message": "File received and uploaded to blob successfully. Beginning Indexing",
    "FileName": "example.pdf",
    "AgentId": "Your Agent ID Here",
    "OrganisationId": "Your Organisation ID Here"
}

Upload Error Responses

If the authentication endpoint fails, it will produce one of the following error codes:

Status Code	Description	Common Causes
400 Bad Request	Request is malformed or missing fields	Missing Field File contains no data Invalid file name
401 Unauthorized	Token is missing, invalid, or expired	No/expired/invalid authorization token in header or cookie
409 Conflict	Request contains invalid field	File with this name already uploaded
500 Internal Server Error	Unhandled backend exception	Internal processing error Cosmos DB/Blob error
503 Service Unavailable	Auth/session infrastructure is unreachable	Authentication middleware or session DB temporarily down

Querying Endpoint

The /api/AskAgentFunction endpoint accepts a natural language query and returns a context-aware response generated from previously uploaded data.

Query Request Format

Request to the query endpoint include an authorisation header with the token obtained from the authentication endpoint as well as the message containing the query and the files to be queried which is structured as follows:

{
    "Query": "Example Query",
    "OrganisationId": "Your Organisation ID Here",
    "AgentId": "Your Agent ID Here",
    "ProjectSummary": "Example summary of documentation uploaded",
    "NotFoundMessage": "Apologies I could not answer your question."
}

The meaning of each respective field is as follows:

Query: A required natural language question posed by the user. This is used to perform semantic search across indexed content and to drive LLM response generation.
OrganisationId: A required identifier representing the client or tenant. This is used to enforce data isolation and access control between different clients.
AgentId: A required identifier for the current project or knowledgebase. It ensures the query is scoped to the correct set of uploaded documents and associated data.
ProjectSummary: An optional description of the project or query context that may be inserted into the prompt to help the LLM disambiguate answers.
NotFoundMessage: An optional custom message returned when no relevant content is found in either structured or unstructured sources. If not provided, a default fallback message is used.

Query Success Response

{
    "Entity": {
        "Context": "...",
        "GeneratedResponse": {
            "Response": "Here is the answer to your query...",
            "FileNames": [“list of files”, “that contributed”, “to the answer”],
            "AnswerFound": true,
            "InputTokens": 902,
            "OutputTokens": 40
        },
        "FileNames": [“full list of files”, “that matched”, “the query”],
        "SearchResults": [...],
        "TableResults": null
    },
    "ErrorMessage": "",
    "IsSuccess": true
}

The meaning of each respective field is as follows:

Context: The full prompt sent to the LLM, including the query, retrieved content, and any optional metadata like project summaries.
GeneratedResponse: A nested object containing the output from the language model and metadata about response generation.
- Response: The final natural language answer generated by the model, grounded in the retrieved content.
- FileNames: A list of files that contributed content to the generated answer. May be null if not applicable.
- AnswerFound: A boolean indicating whether a meaningful answer was returned (true) or the NotFoundMessage was used (false).
- InputTokens: Number of tokens consumed in constructing the LLM prompt.
- OutputTokens: Number of tokens in the model's generated response.
FileNames (outside GeneratedResponse): A list of all files matched during search, whether or not they contributed to the final response.
SearchResults: Raw search results from unstructured sources, including scored document chunks and associated metadata.
TableResults: Structured data results from document if relevant, including table schema and rows. May be null if none found.
ErrorMessage: A plain text field that remains empty on success.
IsSuccess: A boolean flag indicating whether the query operation was successfully processed.

Query Error Responses

If the authentication endpoint fails, it will produce one of the following error codes:

Status Code	Description	Common Causes
400 Bad Request	Request is malformed or missing fields	Missing request field
401 Unauthorized	Token is missing, invalid, or expired	No/expired/invalid authorization token in header or cookie
500 Internal Server Error	Unhandled backend exception	Internal processing error Cosmos DB/Blob error
503 Service Unavailable	Unavailable Auth/session infrastructure is unreachable	Authentication middleware or session DB temporarily down

Delete File Endpoint

The /api/DeleteFileFunction endpoint removes both the file blob and indexed document chunks, based on the provided FileName and AgentId.

Delete Request Format

Request to the delete endpoint include an authorisation header with the token obtained from the authentication endpoint as well as the message containing the file to be deleted which is structured as follows:

{
    "FileName": "example.pdf",
    "OrganisationId": "Your Organisation ID Here",
    "AgentId": "Your Agent ID Here"
}

Delete Success Response

On successful deletion of the file, a plain text message is returned:

Index documents and blob for FileName ‘example.pdf' deleted successfully.

Delete Error Responses

If the delete endpoint fails, it will produce one of the following error codes:

Status Code	Description	Common Causes
400 Bad Request	Request is malformed or missing fields	Missing request field
401 Unauthorized	Token is missing, invalid, or expired	No/expired/invalid authorization token in header or cookie
500 Internal Server Error	Unhandled backend exception	Internal processing error Cosmos DB/Blob error
503 Service Unavailable	Auth/session infrastructure is unreachable	Authentication middleware or session DB temporarily down