API & MCP

MCP Server Setup

Install and configure the APVISO MCP server for use with AI coding assistants like Cursor, Windsurf, and more.

What Is MCP?

The Model Context Protocol (MCP) is an open standard that lets AI assistants interact with external tools and services. APVISO provides an MCP server that exposes your security data — targets, scans, findings, compliance posture — as tools that AI coding assistants can call directly.

Why Use APVISO MCP?

With APVISO MCP, you can ask your AI assistant questions like:

  • "What are the critical findings on staging.example.com?"
  • "Start a scan on api.example.com with the medium preset."
  • "Show me the compliance posture for PCI-DSS."
  • "What findings were fixed in the last 30 days?"

The assistant calls APVISO tools behind the scenes and returns the results in your conversation.

Installation

Install the MCP server package globally:

bash
npm install -g @apviso/mcp

Or with Bun:

bash
bun install -g @apviso/mcp

Environment Variables

The MCP server requires your API key:

bash
export APVISO_API_KEY="apvk_your_key_here"

Optionally set the API base URL if you are using a self-hosted or regional instance:

bash
export APVISO_API_URL="https://api.apviso.com/v1"

Configuring with Claude Code

Add the following to your Claude Code MCP configuration (.claude/mcp.json or global settings):

json
{
  "mcpServers": {
    "apviso": {
      "command": "npx",
      "args": ["-y", "@apviso/mcp"],
      "env": {
        "APVISO_API_KEY": "apvk_your_key_here"
      }
    }
  }
}

Configuring with Cursor

In Cursor, go to Settings → MCP Servers → Add Server and enter:

  • Name: APVISO
  • Command: npx -y @apviso/mcp
  • Environment: APVISO_API_KEY=apvk_your_key_here

Configuring with Windsurf

Add to your Windsurf MCP configuration file:

json
{
  "mcpServers": {
    "apviso": {
      "command": "npx",
      "args": ["-y", "@apviso/mcp"],
      "env": {
        "APVISO_API_KEY": "apvk_your_key_here"
      }
    }
  }
}

Available Tools

The MCP server exposes the following tools:

  • list_targets — list all targets with verification status.
  • get_target — get details for a specific target.
  • list_scans — list scans with optional filters.
  • start_scan — initiate a new scan.
  • get_findings — retrieve findings for a scan or target.
  • get_compliance_posture — get posture scores for a framework.
  • get_scan_report — retrieve a scan report.

Security

The MCP server runs locally and communicates with the APVISO API over HTTPS using your API key. It does not expose any network ports. Your API key is never sent to the AI model — it stays in the MCP server process.

Back to Knowledge Base