API & CLI Integration
API & CLI Integration
📌 TL;DR:
Understand how to trigger prompts and flows programmatically, including REST endpoints and CLI tools to embed MCP into CI/CD workflows.
RESTful & GraphQL Endpoints
Why it matters:
Direct HTTP APIs will enable developers to trigger MCP flows from external systems, dashboards, or automation pipelines.
Example Endpoint (REST):
POST /mcp/execute
{
"task": "threat_summary",
"input": "CVE-2025-20345",
"model": "claude-4-sonnet"
}
Expected Features:
- Auth via API keys or OAuth2
- JSON schema validation
- Streaming support (for long responses)
- Role-based access control per route
CLI Interface for DevOps & Analysts
Use Case:
Security engineers want to run prompts or trigger workflows from their terminal or CI/CD tools.
Example Usage:
mcp exec summarize-threat --input "Stealer logs from 45.66.23.1"
Supported Flags:
- –model (e.g., claude, llama3)
- –context-file (e.g., indicators.json)
- –dry-run (validate without execution)
- –output-format=json|markdown|pdf
Use in CI Pipelines:
- name: MCP Lint & Risk Check
run: |
mcp exec compliance-check --input-file ./policy.json
Webhook & Async Execution
Problem:
LLM-based tasks can be long-running. API should support async responses and callbacks.
Planned Structure:
- Submit → get job_id
- Poll: GET /mcp/status/:job_id
- Or provide a callback_url and MCP notifies upon completion
Planned SDKs (Python, Go, JS)
Roadmap items:
- Python SDK for fast dev
- TypeScript SDK for frontend integration
- Go SDK for SOC/EDR tooling
Example Python usage:
from mcp_sdk import MCPClient
client = MCPClient(api_key="s3cr3t")
response = client.execute("intel_summary", input="Axiom APT in Eastern Europe")
print(response.summary)
Security & Governance for APIs
Key Features Expected:
- IP allowlisting
- Prompt integrity checks (hash match)
- Throttling & quota per user or API key
- Audit log for every CLI/API call
Bonus: Example Swagger/OpenAPI v3.0 for MCP Server
openapi: 3.0.3
info:
title: SOCRadar MCP Server API
description: API for triggering prompt-based tasks via the MCP Server.
version: 1.0.0
paths:
/mcp/execute:
post:
summary: Execute a prompt-based task
description: Triggers an MCP Server workflow with specified model and context.
operationId: executeTask
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ExecuteRequest'
responses:
'200':
description: Successful task execution
content:
application/json:
schema:
$ref: '#/components/schemas/ExecuteResponse'
'400':
description: Invalid input
'401':
description: Unauthorized
'500':
description: Server error
components:
schemas:
ExecuteRequest:
type: object
required:
- task
- input
properties:
task:
type: string
example: threat_summary
description: The name of the MCP task or flow to run
input:
type: string
example: CVE-2025-20345
description: Raw input prompt or data
model:
type: string
example: claude-3-sonnet
description: Optional model override
context_file:
type: string
example: indicators.json
description: Optional context file to preload
dry_run:
type: boolean
example: false
description: If true, validates the flow without executing
ExecuteResponse:
type: object
properties:
job_id:
type: string
example: job_abc123xyz
status:
type: string
example: queued
output:
type: string
example: "The CVE is associated with ransomware activity in Europe..."