API
VectorStores And Warehouses
Layer exposes the declared data-supply resources through read-only gateway
routes. VectorStore is the serving-side connection; Warehouse is the
source-side connection used by pipelines. The responses are safe to show in
operator tools: they include Secret reference names and keys, never Secret
contents.
All routes require a key with read scope.
Create and edit these resources through the Kubernetes CRDs or the dashboard’s apply forms. The gateway surface is the credential-safe read projection.
VectorStores
curl -H "Authorization: Bearer $LAYER_API_KEY" \
"$LAYER_BASE_URL/v2/vectorstores"
{
"vectorstores": [
{
"name": "prod-turbopuffer",
"kind": "turbopuffer",
"default": true,
"endpoint": {
"url": "https://aws-us-east-1.turbopuffer.com",
"region": "aws-us-east-1"
},
"turbopuffer": {
"orgId": "org_123"
},
"credential": {
"secretRef": {
"name": "layer-turbopuffer",
"key": "turbopuffer-api-key"
}
},
"inboundAuth": {
"mode": "deriveFromStore"
},
"status": {
"reachable": true,
"observedGeneration": 7,
"conditions": []
},
"turbopufferUrl": "https://turbopuffer.com/organizations/org_123"
}
]
}
GET /v2/vectorstores/{name} returns one object in the same shape.
turbopufferUrl is omitted when spec.turbopuffer.orgId is not set.
Warehouses
curl -H "Authorization: Bearer $LAYER_API_KEY" \
"$LAYER_BASE_URL/v2/warehouses"
{
"warehouses": [
{
"name": "prod-snowflake",
"kind": "snowflake",
"snowflake": {
"account": "acme-xy12345",
"user": "SVC_LAYER",
"role": "SVC_LAYER_ROLE",
"warehouse": "EXTRACT_WH",
"keyPairSecretRef": {
"name": "snowflake-rsa"
},
"pool": {
"size": 5,
"timeout": "30s"
}
},
"verifyInterval": "1h",
"status": {
"phase": "Verified",
"verifiedAt": "2026-06-10T00:00:00Z",
"consumers": {
"pipelines": 2,
"apiKeys": 1
},
"conditions": []
}
}
]
}
GET /v2/warehouses/{name} returns one object in the same shape. phase
is Pending, Verified, or Failed; failed warehouses include
status.failureReason. status.consumers counts pipelines and API keys
that still reference the warehouse.