◆API Documentation

◆Introduction

MCP-INDEX provides a REST API to access vulnerability findings, repository metadata, and analysis results for MCP servers.

◆Authentication

All API endpoints require an API token. Pass it as a Bearer token.

curl -H "Authorization: Bearer YOUR_TOKEN" https://mcpindex.fyi/api/search?q=mcp

Get your free token →

◆Rate Limits

Free tier: 1000 requests per day, resetting at 00:00 UTC. A 429 response is returned when exceeded.

◆Endpoints

GET /api/search?q={query}

Search MCP servers

Params: q (string), page (int), limit (int), source (string: github/npm/all)

GET /api/repos/:id

Repository details

GET /api/repos/:id/vulnerabilities

LLM findings for a repo

GET /api/dangerous

High-risk MCP servers

GET /api/findings/recent

Recent critical/high findings

GET /api/npm/:id

NPM package details

GET /api/npm/:id/vulnerabilities

Findings for npm packages

GET /api/stats

Aggregate statistics (no auth)

GET /api/health

System health (no auth)

GET /api/disclosure

Responsible disclosure policy

GET /api/auth/me

Current user profile and usage

◆Examples

curl:

curl -H 'Authorization: Bearer YOUR_TOKEN' 'https://mcpindex.fyi/api/search?q=shell&limit=5'

JavaScript:

fetch('https://mcpindex.fyi/api/search?q=shell', {
  headers: { 'Authorization': 'Bearer YOUR_TOKEN' }
}).then(r => r.json()).then(console.log)

Python:

import requests
r = requests.get('https://mcpindex.fyi/api/search', params={'q':'shell'}, headers={'Authorization':'Bearer YOUR_TOKEN'})
print(r.json())

◆Premium Tiers (coming soon)

Professional and Enterprise tiers with higher rate limits, webhooks, and priority support — coming soon. Express interest.