MCP Server Setup - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)MCP Server SetupAPI & MCPMCP Server Setup ================ Install and configure the APVISO MCP server for use with AI coding assistants like Cursor, Windsurf, and more. What Is MCP? ------------ The Model Context Protocol (MCP) is an open standard that lets AI assistants interact with external tools and services. APVISO provides an MCP server that exposes self-hosted BYOK control-plane actions as tools: runner readiness, target management, pentest creation, findings, reports, and schedules. Why Use APVISO MCP? ------------------- With APVISO MCP, you can ask your AI assistant questions like: - "Are any self-hosted runners online for staging?" - "Create a localhost target for my preview environment." - "Estimate whether a high-depth pentest can start now." - "Show the critical findings from the last pentest and generate the PDF report." The assistant calls APVISO tools behind the scenes and returns the results in your conversation. Installation ------------ Use `npx` from your MCP-compatible assistant configuration: ```bash npx -y @apviso/mcp ``` Environment Variables --------------------- The MCP server requires a user API key: ```bash export APVISO_API_KEY="apvk_your_key_here" ``` Optionally set the API origin or API base URL for local, regional, or dedicated deployments. Values ending in `/api` or `/api/v1` are normalized automatically. ```bash export APVISO_API_URL="https://api.apviso.com" ``` Configuring with Claude Code ---------------------------- ```json { "mcpServers": { "apviso": { "type": "stdio", "command": "npx", "args": ["-y", "@apviso/mcp"], "env": { "APVISO_API_KEY": "apvk_your_key_here" } } } } ``` Available Tools --------------- The MCP server exposes 25 tools across seven categories: - License: `get_quota`. - Runners: `list_runners`, `get_runner_readiness`, `create_runner_enrollment_token`. - Targets: `list_targets`, `get_target`, `create_target`, deprecated compatibility verification tools, and `delete_target`. - Pentests: `list_scans`, `get_scan`, `create_scan`, `estimate_scan_readiness`, `cancel_scan`. - Findings: `list_findings`, `update_finding_status`, `reorder_findings`. - Reports: `get_report`, `generate_report_pdf`. - Schedules: `list_schedules`, `get_schedule`, `create_schedule`, `update_schedule`, `delete_schedule`. Security -------- The MCP server runs locally and communicates with the APVISO API over HTTPS using your API key. Runner daemons use runner-scoped tokens (`apvr_...`), not user API keys. BYOK model-provider secrets and target application credentials stay on the self-hosted runner and are not passed to MCP tools. ### Related Articles [Generating API Keys How to create and manage API keys for programmatic access to the APVISO API.](/docs/generating-api-keys)[API Rate Limits Understand APVISO's API rate limits, how to monitor usage via response headers, and how to handle 429 responses.](/docs/api-rate-limits)[Integrations Overview An overview of APVISO's 40+ integration options, supported event types, and tier availability.](/docs/integrations-overview) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.