Summary
Gives Claude five focused HTTP utilities: making requests with full header and auth control, parallel health checks across multiple endpoints with SSL validation, JWT decoding without verification, URL parsing and building, and security header analysis with letter grading. The header analyzer is especially handy when you're auditing HSTS, CSP, CORS configs, and cookie attributes. Reach for this when you need Claude to test APIs, debug authentication tokens, or assess endpoint security posture. All tools return structured data with timing info, making it straightforward to chain operations or build monitoring workflows. Works over stdio, so it runs locally without external dependencies beyond Node.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
@rog0x/mcp-api-tools
HTTP/API testing tools for AI agents, built on the Model Context Protocol.
Tools
http_request
Make any HTTP request (GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS) with full control over headers, body, authentication, and timeouts. Returns status code, response headers, body, and timing information.
api_health
Check the health of multiple API endpoints in parallel. Returns HTTP status, response time, SSL certificate validity and expiry, and optional response body validation. Includes a summary with counts of healthy, unhealthy, and errored endpoints.
jwt_decode
Decode a JWT token without cryptographic verification. Returns the decoded header and payload, issued-at time, expiry time, and whether the token is currently expired.
url_parse
Parse a URL into its component parts (protocol, host, port, path, query parameters, hash) or build a URL from individual parts.
header_analyzer
Analyze HTTP response headers for security posture (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), caching directives, CORS configuration, and cookie attributes. Provides a letter grade for security. Can fetch headers from a live URL or analyze a provided headers object.
Installation
npm install
npm run build
Configuration
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"api-tools": {
"command": "node",
"args": ["D:/products/mcp-servers/mcp-api-tools/dist/index.js"]
}
}
}
Claude Code
claude mcp add api-tools node D:/products/mcp-servers/mcp-api-tools/dist/index.js
Examples
Make a POST request:
Use http_request to POST to https://httpbin.org/post with JSON body {"key": "value"}
Check API health:
Use api_health to check these endpoints: https://api.github.com, https://httpbin.org/get
Decode a JWT:
Use jwt_decode to decode this token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Parse a URL:
Use url_parse to break down https://example.com:8080/api/v1?key=value&debug=true#section
Analyze security headers:
Use header_analyzer to check security headers for https://github.com
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →