MCP Proxy API

The proxy endpoint handles all MCP communication between agents and upstream servers.

Endpoint

POST https://{slug}.keypost.ai/mcp

Headers

HeaderRequiredDescription
Content-TypeYesMust be application/json
AuthorizationOptionalBearer token if API key is configured

Supported methods

initialize

Initialize the MCP connection.

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "initialize",
  "params": {
    "protocolVersion": "2024-11-05",
    "capabilities": {},
    "clientInfo": {
      "name": "my-agent",
      "version": "1.0.0"
    }
  }
}

tools/list

List available tools from the upstream server.

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/list"
}

tools/call

Execute a tool. This is where policies are evaluated.

{
  "jsonrpc": "2.0",
  "id": 3,
  "method": "tools/call",
  "params": {
    "name": "search_issues",
    "arguments": {
      "query": "is:open label:bug"
    }
  }
}

resources/list

List available resources.

{
  "jsonrpc": "2.0",
  "id": 4,
  "method": "resources/list"
}

resources/read

Read a resource.

{
  "jsonrpc": "2.0",
  "id": 5,
  "method": "resources/read",
  "params": {
    "uri": "file:///path/to/resource"
  }
}

Streaming responses

Some upstream servers return Server-Sent Events (SSE) for long-running operations. Keypost passes these through with per-event DLP scrubbing.

SSE responses have Content-Type: text/event-stream.

Policy evaluation

For each tools/call request, Keypost:

  1. Looks up policies attached to this Keypost
  2. Evaluates all policies in order
  3. If any policy denies → returns error immediately
  4. If all policies pass → forwards to upstream
  5. Applies response DLP to the result
  6. Logs the request/response to audit trail

Circuit breaker

If the upstream server fails repeatedly, Keypost opens the circuit breaker to protect your system. Requests return immediately with error code -32005.

Circuit state can be checked at https://status.keypost.ai/internal/circuit/{slug}