# Public Containers

By default, Wire containers are private. Only authenticated members of your organization can access them. Making a container public lets anyone with the URL query its contents without signing in.

## When to Use Public Containers

Public containers are useful when you want to share context openly:

- Publish documentation or knowledge bases that AI agents can query
- Let external collaborators access data without creating Wire accounts
- List your container in the [Wire Explore directory](https://usewire.io/explore) for discovery

## Making a Container Public

1. Open your container in the Wire dashboard
2. Go to **Container Settings**
3. Toggle **Public Access** on

Only Owners and Admins can change container visibility. See [Roles & Permissions](/reference/roles/) for details.

## What's Accessible Without Authentication

Public access is read-only. Here's what unauthenticated visitors can and cannot do:

### MCP

| Tool | Public Access |
|------|:------------:|
| `wire_explore` | Yes |
| `wire_search` | Yes |
| `wire_write` | No |
| `wire_delete` | No |
| `wire_analyze` | No |
| `wire_claim` | No |

Write tools are hidden from public MCP clients entirely. They don't appear in `tools/list`.

### REST API

| Endpoint | Public Access |
|----------|:------------:|
| `GET /container/:id/status` | Yes |
| `GET /container/:id/files` | No |
| `POST /container/:id/files` | No |
| `DELETE /container/:id/files/:fileId` | No |
| `POST /container/:id/claim` | No |

See the [REST API reference](/mcp/rest-api/) for full endpoint documentation.

### Authenticated Users

Users who connect with an API key or OAuth token have full access to all tools and endpoints, regardless of whether the container is public or private.

## Credit Usage

Public visitors still consume credits from your organization's balance. Each `wire_explore` and `wire_search` call costs credits just like authenticated usage. Monitor your usage in the dashboard billing section.

## Making a Container Private Again

Toggle **Public Access** off in Container Settings. Access is revoked immediately. Unauthenticated requests will start returning `401 Unauthorized`.

## Next Steps

- [Authentication](/mcp/authentication/) -- OAuth and API key setup
- [REST API](/mcp/rest-api/) -- Programmatic container access
- [Roles & Permissions](/reference/roles/) -- Who can change visibility