MCP Server
The middleBrick MCP server lets AI assistants scan APIs, interpret results, and suggest fixes through natural conversation. Instead of switching to a dashboard or terminal, ask your assistant to scan, and it handles the rest.
Requires Starter plan or above.
What is MCP?
Section titled “What is MCP?”The Model Context Protocol (MCP) is an open standard that lets AI assistants connect to external tools and data sources. When you add middleBrick as an MCP server, your assistant gains the ability to:
- Submit API security scans
- Retrieve and interpret scan results
- Explain findings in plain language
- Suggest specific fixes for each vulnerability
- Compare scan results over time
Claude Desktop
Section titled “Claude Desktop”Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{ "mcpServers": { "middlebrick": { "command": "npx", "args": ["middlebrick-mcp"], "env": { "MIDDLEBRICK_API_KEY": "mb_your_api_key_here" } } }}Restart Claude Desktop after saving. You should see “middlebrick” in the MCP tools list (click the hammer icon).
Claude Code
Section titled “Claude Code”Add to your project’s .mcp.json or global MCP config:
{ "mcpServers": { "middlebrick": { "command": "npx", "args": ["middlebrick-mcp"], "env": { "MIDDLEBRICK_API_KEY": "mb_your_api_key_here" } } }}Cursor
Section titled “Cursor”Go to Settings → MCP Servers → Add Server and enter:
- Name: middlebrick
- Command:
npx middlebrick-mcp - Environment:
MIDDLEBRICK_API_KEY=mb_your_api_key_here
Or edit .cursor/mcp.json directly with the same JSON format as Claude Desktop.
Windsurf
Section titled “Windsurf”Add to your Windsurf MCP configuration:
{ "mcpServers": { "middlebrick": { "command": "npx", "args": ["middlebrick-mcp"], "env": { "MIDDLEBRICK_API_KEY": "mb_your_api_key_here" } } }}Any MCP-compatible client
Section titled “Any MCP-compatible client”The middleBrick MCP server follows the standard MCP protocol. Any client that supports MCP tool servers can connect using the npx middlebrick-mcp command with the MIDDLEBRICK_API_KEY environment variable.
Available Tools
Section titled “Available Tools”The MCP server exposes three tools to your AI assistant:
scan_api
Section titled “scan_api”Submit a URL for security scanning. Returns the full scan result including score, grade, categories, and findings.
Parameters:
url(required): API endpoint to scanspecUrl(optional): OpenAPI/Swagger spec URL for deeper analysiscontext(optional):financial,medical,public,internal
get_scan
Section titled “get_scan”Retrieve results for a previous scan by ID. Useful for checking on async scans or revisiting past results.
Parameters:
id(required): Scan ID (e.g.,scan_abc123)
list_scans
Section titled “list_scans”List your recent scans with scores, grades, and timestamps. Helps your assistant understand your scan history and track improvements.
Example Conversations
Section titled “Example Conversations”Basic scan and remediation
Section titled “Basic scan and remediation”You: Scan my users API at https://api.example.com/v1/users and tell me what to fix first.
Assistant: I’ll scan that endpoint now. (calls scan_api)
Your API scored 68/100 (C). Here are the top priorities:
Critical — No authentication required. Anyone can access your user data without credentials. Add auth middleware to this endpoint immediately.
High — PII exposed in responses. Email addresses and phone numbers are returned for all users. Return only the fields the client needs, or mask sensitive values.
Medium — No rate limiting. An attacker could scrape all user records. Add rate limiting (return 429 after N requests/minute).
Want me to show you how to implement any of these fixes?
Scan with context
Section titled “Scan with context”You: Scan our payments API with financial context: https://api.example.com/v1/payments
Assistant: (calls scan_api with context: “financial”)
Score: 54/100 (D) — below average for a financial API. The financial context elevates the weight of authentication and encryption checks. Key issues:
- Critical: HTTP endpoint accepts requests without HTTPS redirect
- High: Credit card numbers appear in response body (truncate to last 4 digits)
- High: No HSTS header on HTTPS responses
Check progress over time
Section titled “Check progress over time”You: How has our API score changed? Show me my recent scans.
Assistant: (calls list_scans)
Here’s your scan history:
- Today: 78/100 (B) — up from last week
- Last week: 68/100 (C) — you fixed the auth issue
- 2 weeks ago: 54/100 (D) — initial scan
Great progress — 24-point improvement in two weeks. The remaining findings are mostly medium severity.
API Key
Section titled “API Key”Generate your API key from the dashboard. The MCP server reads it from the MIDDLEBRICK_API_KEY environment variable.
Security note: Your API key is stored in your local MCP configuration file. Don’t commit this file to version control. Add it to .gitignore.
Troubleshooting
Section titled “Troubleshooting”| Problem | Fix |
|---|---|
| ”middlebrick” not showing in tools | Restart your AI assistant after saving the config |
| ”Unauthorized” error | Check that MIDDLEBRICK_API_KEY is set correctly |
| ”npx: command not found” | Install Node.js 18+ and ensure npx is in your PATH |
| Scan times out | Ensure the target URL is publicly accessible |
| Tools appear but don’t work | Update to the latest version: npx middlebrick-mcp@latest |