Skip to main content

What is SafeFetch?

SafeFetch is a safety layer for AI actions. You send actions via REST API, the SafeFetch CLI, or MCP tool calls. SafeFetch makes reliable HTTP requests to any URL you specify — API endpoints, internal services, third-party APIs — with retries, HMAC signatures, and stored results. Start with the Quickstart, then see CLI Install, MCP Setup, and the API Reference.

One API call

POST /v1/actions with a URL and body. That’s it. No SDK required, no workers, no Redis.

Stored results

Every action’s response is stored and retrievable. No callback endpoints, no log diving.

Human approval

Pause actions for human sign-off before execution. First-class support for consequential actions.

MCP-native

Built-in MCP server so AI agents can send and manage actions as tool calls.

Quick example

# Send an action
curl -X POST https://api.safefetch.dev/v1/actions \
  -H "Authorization: Bearer sf_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://myapp.com/process",
    "body": { "file": "data.csv" }
  }'

# Check the result later
curl https://api.safefetch.dev/v1/actions/act_V1StGXR8_Z5j \
  -H "Authorization: Bearer sf_live_..."

Action lifecycle

pending -> active -> completed     (success)
pending -> active -> pending       (retry on failure)
pending -> active -> failed        (retries exhausted)
pending -> cancelled               (user cancelled)
pending -> awaiting_approval -> pending -> ...  (approval flow)

Key features

  • Per-action pricing - Simple, predictable. No per-message multiplication.
  • Exponential backoff - 20s, 40s, 80s… up to 1 hour between retries.
  • HMAC signatures - Every HTTP request is signed so your endpoint can verify delivery authenticity.
  • Deduplication - Prevent duplicate execution with dedupe keys.
  • Idempotency - Idempotency-Key header prevents double-submission.
  • Rate limiting - Built-in per-account rate limiting.
  • Request IDs - Every response includes X-Request-Id for tracing.