Integrations Overview
middleBrick integrates into your workflow however you prefer to work, from a web dashboard for one-off scans to CI/CD automation that blocks insecure deploys.
Integration Points
Section titled “Integration Points”| Integration | Best for | Plan |
|---|---|---|
| Dashboard | Visual scans, exploring results, sharing reports | Free |
| REST API | Custom integrations, scripts, internal tooling | Free |
| CLI | Terminal workflows, CI scripts, quick local scans | Free |
| MCP Server | AI-assisted security (Claude, Cursor, Windsurf) | Starter |
| GitHub Action | PR checks, deploy gates, automated scanning | Pro |
Feature Comparison
Section titled “Feature Comparison”| Feature | Dashboard | API | CLI | MCP | GitHub Action |
|---|---|---|---|---|---|
| Submit scan | Yes | Yes | Yes | Yes | Yes |
| View results | Yes | Yes | Yes | Yes | Yes |
| OpenAPI spec | Yes | Yes | Yes | Yes | Yes |
| Context parameter | Yes | Yes | Yes | Yes | Yes |
| JSON output | — | Yes | Yes | Yes | Yes |
| PDF export | Yes | — | — | — | — |
| Score threshold gate | — | — | Yes | — | Yes |
| PR status check | — | — | — | — | Yes |
| Conversational analysis | — | — | — | Yes | — |
| Scan history | Yes | Yes | Yes | Yes | — |
| API key management | Yes | — | — | — | — |
Choosing the Right Integration
Section titled “Choosing the Right Integration””I want to try middleBrick right now”
Section titled “”I want to try middleBrick right now””Use the Dashboard. Sign up, paste a URL, see your results. No setup, no API key, no installation.
”I want to scan from my terminal”
Section titled “”I want to scan from my terminal””Install the CLI. npm install -g middlebrick, log in, scan. Pipe output to jq for scripting, use exit codes for CI gates.
”I want to block insecure deploys”
Section titled “”I want to block insecure deploys””Use the GitHub Action (Pro plan). Set a score threshold — if the API drops below it, the PR check fails. Add it to your existing workflow in 5 lines of YAML.
”I want custom automation”
Section titled “”I want custom automation””Use the REST API. Build scans into your internal tools, dashboards, Slack bots, or any system that can make HTTP requests.
”I want my AI assistant to scan for me”
Section titled “”I want my AI assistant to scan for me””Set up the MCP Server (Starter plan). Claude, Cursor, and other MCP-compatible assistants can scan APIs, interpret results, and suggest fixes in natural language.
Authentication
Section titled “Authentication”All integrations (except the Dashboard UI) authenticate with an API key:
Authorization: Bearer mb_your_api_key_hereManaging API keys
Section titled “Managing API keys”- Go to your dashboard
- Click Generate API Key
- Copy the key (it’s only shown once)
- Store it securely (environment variable, GitHub Secret, etc.)
Keys are scoped to your account and inherit your plan’s rate limits and scan quotas. You can revoke a key at any time from the dashboard.
Security best practices
Section titled “Security best practices”- Never hardcode API keys in source code
- Use environment variables or secret managers
- Rotate keys regularly. Generate a new one, update your integrations, then revoke the old one.
- Use separate keys for different environments (CI, staging, local) so you can revoke individually