Generate a Personal Access Token (PAT) in Azure DevOps under User Settings > Personal access tokens with 'Build (Read & execute)' scope
Encode the PAT for Basic auth: base64-encode the string ':YOUR_PAT' (colon prefix, no username) and set the Authorization header to 'Basic ENCODED_VALUE'
POST to 'https://dev.azure.com/{organization}/{project}/_apis/pipelines/{pipelineId}/runs?api-version=7.1' with Content-Type 'application/json'
Include a JSON body with 'resources.repositories.self.refName' for the branch, and optionally 'templateParameters' and 'variables' objects for runtime overrides
Poll GET on the returned 'url' field of the run object, checking 'state' (inProgress/completed) and 'result' (succeeded/failed/canceled)
Known gotchas
Pipeline variables passed at runtime via the API are only accepted if the pipeline definition has marked those variables as 'Settable at queue time'; others are silently ignored
The PAT must be scoped to the correct organization; cross-organization requests with a PAT scoped to a different org return 401 rather than 403, which can be misleading
Azure DevOps API versioning is explicit and required; omitting 'api-version' or using an unsupported version returns a 400 or changed response schema
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp