MCP Proxy API
The proxy endpoint handles all MCP communication between agents and upstream servers.
Endpoint
POST https://{slug}.keypost.ai/mcpHeaders
| Header | Required | Description |
|---|---|---|
| Content-Type | Yes | Must be application/json |
| Authorization | Optional | Bearer token if API key is configured |
Supported methods
initialize
Initialize the MCP connection.
{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2024-11-05",
"capabilities": {},
"clientInfo": {
"name": "my-agent",
"version": "1.0.0"
}
}
}tools/list
List available tools from the upstream server.
{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/list"
}tools/call
Execute a tool. This is where policies are evaluated.
{
"jsonrpc": "2.0",
"id": 3,
"method": "tools/call",
"params": {
"name": "search_issues",
"arguments": {
"query": "is:open label:bug"
}
}
}resources/list
List available resources.
{
"jsonrpc": "2.0",
"id": 4,
"method": "resources/list"
}resources/read
Read a resource.
{
"jsonrpc": "2.0",
"id": 5,
"method": "resources/read",
"params": {
"uri": "file:///path/to/resource"
}
}Streaming responses
Some upstream servers return Server-Sent Events (SSE) for long-running operations. Keypost passes these through with per-event DLP scrubbing.
SSE responses have Content-Type: text/event-stream.
Policy evaluation
For each tools/call request, Keypost:
- Looks up policies attached to this Keypost
- Evaluates all policies in order
- If any policy denies → returns error immediately
- If all policies pass → forwards to upstream
- Applies response DLP to the result
- Logs the request/response to audit trail
Circuit breaker
If the upstream server fails repeatedly, Keypost opens the circuit breaker to protect your system. Requests return immediately with error code -32005.
Circuit state can be checked at https://status.keypost.ai/internal/circuit/{slug}