apisec-ng-mcp-server by kauaim - MCP Server

APIsec NG MCP Server

An MCP (Model Context Protocol) server for interacting with the APIsec NG platform. This server provides tools to manage applications, initiate security scans, and review scan results.

Features

Application Management

Create OAS Application: Create applications from OpenAPI Specification files or URLs
Create GraphQL Application: Create applications from GraphQL SDL files or URLs
Create Postman Application: Create applications from Postman collection files or URLs
Get All Applications: List all applications with pagination support
Get Application by ID: Retrieve details of a specific application

Scan Management

Start Scan: Initiate security scans on application instances
Get Scan Details: Retrieve scan status, results, and progress
Get Detections: Get security findings with descriptions and remediations
Get Detection by ID: Get details of a specific security detection
Get OWASP Coverage: Retrieve OWASP coverage reports

Installation

Local Installation

Install the required dependencies:

pip install -r requirements.txt

Set up environment variables:

export APISEC_API_TOKEN="your_personal_access_token_here"
export APISEC_API_URL="https://api.apisecapps.com/v1"  # Optional, defaults to this

Docker Installation

Build the Docker image:

docker build -t apisec-ng/mcp-server:latest .

Run the Docker container:

docker run -it --rm \
  -e APISEC_API_TOKEN="your_token_here" \
  apisec-ng/mcp-server:latest

For more Docker deployment options, see .

Configuration

The server uses environment variables for configuration:

APISEC_API_TOKEN (required): Your APIsec NG Personal Access Token (PAT)
APISEC_API_URL (optional): Base URL for the API (defaults to https://api.apisecapps.com/v1)

Getting Your API Token

Log in to your APIsec NG platform
Navigate to your profile/settings
Generate a Personal Access Token (PAT)
Set it as the APISEC_API_TOKEN environment variable

Usage

Running the Server

python apisec-ng-mcp-server.py

Using with MCP Clients

The server follows the MCP protocol and can be used with any MCP-compatible client. Configure your MCP client to connect to this server.

Example MCP Client Configuration

For Cursor or other MCP clients, add this to your MCP configuration:

Local Installation:

{
  "mcpServers": {
    "apisec-ng": {
      "command": "python",
      "args": ["/path/to/apisec-ng-mcp-server.py"],
      "env": {
        "APISEC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Docker Installation:

{
  "mcpServers": {
    "apisec-ng": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e", "APISEC_API_TOKEN=${APISEC_API_TOKEN}",
        "apisec-ng/mcp-server:latest"
      ],
      "env": {
        "APISEC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Available Tools

`create_oas_application`

Create a new application from an OpenAPI Specification.

Parameters:

application_name (required): Name of the application
oas_url (optional): URL to fetch OAS content
file_path (optional): Path to OAS file
origin (optional): Origin value (default: "TENANT_PORTAL")

`create_graphql_application`

Create a new application from a GraphQL SDL file.

Parameters:

application_name (required): Name of the application
sdl_url (optional): URL to fetch GraphQL SDL content
file_path (optional): Path to GraphQL SDL file
origin (optional): Origin value (default: "TENANT_PORTAL")

`create_postman_application`

Create a new application from a Postman collection.

Parameters:

application_name (required): Name of the application
collection_url (optional): URL to fetch Postman collection
file_path (optional): Path to Postman collection file
collection_id (optional): Postman collection ID
api_key (optional): Postman API key
origin (optional): Origin value (default: "TENANT_PORTAL")

`start_scan`

Start a security scan on an application instance.

Parameters:

application_id (required): The application ID
instance_id (required): The instance ID
endpoint_ids (optional): List of endpoint IDs to scan
scan_with_auth_id (optional): Authentication ID for the scan

`get_scan_details`

Get details of a specific scan.

Parameters:

application_id (required): The application ID
instance_id (required): The instance ID
scan_id (required): The scan ID

`get_detections`

Get security detections for an application instance.

Parameters:

application_id (required): The application ID
instance_id (required): The instance ID
include_metadata (optional): Include metadata (default: true)
exclude_false_positives (optional): Exclude false positives (default: true)

`get_detection_by_id`

Get details of a specific detection.

Parameters:

application_id (required): The application ID
instance_id (required): The instance ID
detection_id (required): The detection ID

`get_all_applications`

Get a paginated list of all applications.

Parameters:

next_token (optional): Token for pagination

`get_application_by_id`

Get details of a specific application.

Parameters:

application_id (required): The application ID

`get_owasp_coverage`

Get OWASP coverage report for an application instance.

Parameters:

application_id (required): The application ID
instance_id (required): The instance ID

Example Workflow

Create an application:

create_oas_application(
    application_name="My API",
    oas_url="https://api.example.com/openapi.json"
)

Start a scan:

start_scan(
    application_id="app-123",
    instance_id="instance-456"
)

Check scan status:

get_scan_details(
    application_id="app-123",
    instance_id="instance-456",
    scan_id="scan-789"
)

Review detections:

get_detections(
    application_id="app-123",
    instance_id="instance-456"
)

Error Handling

All tools return JSON responses. In case of errors, the response will include an error field with a description of what went wrong.

License

This MCP server is provided as-is for use with the APIsec NG platform.

Support

For issues related to:

This MCP Server: Please check the code and configuration
APIsec NG Platform: Contact APIsec NG support