Base URL:
http://<host>:8000
Swagger UI:http://<host>:8000/docs
All endpoints (except /api/health and /api/auth/login) require a Bearer token:
Authorization: Bearer <token>
Two types of tokens are supported:
| Type | How to get | Expiration |
|---|---|---|
| JWT | POST /api/auth/login |
Configurable (default 24h) |
| Admin Token | Settings β Security β Admin Token | Never expires |
π No auth required
Health check and system metrics.
Response:
{
"status": "ok",
"name": "McpHub",
"servers_count": 8,
"exposure_mode": "progressive",
"total_tools": 49,
"cpu_percent": 0.2,
"memory_used_mb": 112.0,
"memory_total_mb": 7940.0,
"memory_percent": 1.4
}π No auth required
Body:
{ "username": "admin", "password": "admin123" }Response:
{ "access_token": "eyJ...", "token_type": "bearer" }π Auth required
Body:
{ "old_password": "admin123", "new_password": "newpass" }π Auth required
List all registered MCP servers.
π Auth required
Get a single server's config.
π Auth required
Register a new MCP server.
Body:
{
"name": "my-server",
"transport": "stdio",
"command": "npx",
"args": ["-y", "@example/mcp-server"],
"env": { "API_KEY": "xxx" },
"description": "My MCP server"
}For SSE/Streamable HTTP transport:
{
"name": "remote-server",
"transport": "sse",
"url": "https://example.com/mcp",
"headers": { "Authorization": "Bearer xxx" }
}π Auth required
Update a server's config. Same body as POST.
π Auth required
Unregister a server.
π Auth required
List all tools of a server, with disabled status.
Response:
{
"tools": [
{ "name": "search", "description": "...", "inputSchema": {...}, "disabled": false }
],
"disabled_tools": ["some-tool"]
}π Auth required
Update which tools are disabled.
Body:
{ "disabled_tools": ["tool-a", "tool-b"] }π Auth required
Test server connectivity and list tools.
Response:
{
"status": "ok",
"connected": true,
"elapsed_ms": 1234,
"tools_count": 5,
"tools": [...]
}π Auth required
Invoke a tool on a server.
Body:
{ "tool_name": "search", "arguments": { "query": "hello" } }Response:
{
"status": "ok",
"elapsed_ms": 500,
"tool_name": "search",
"result": [{ "type": "text", "text": "..." }]
}π Auth required
Export all servers as JSON. Formats:
genericβ array of server objectsclaudeβ Claude DesktopmcpServersformatvscodeβ VS Codemcp.serversformat
π Auth required
Import servers from JSON. Auto-detects Claude/VSCode/generic format.
Body: Raw JSON in any supported format.
π Auth required
Sync servers from ModelScope MCP Hub.
π Auth required
Generate a description for a server using LLM.
π Auth required
Batch generate descriptions for all servers.
π Auth required
Query tool call logs.
Query params: page, page_size, server_name, tool_name, status
Response:
{
"items": [{ "id": 1, "server_name": "...", "tool_name": "...", "status": "ok", ... }],
"total": 100,
"page": 1,
"page_size": 20,
"total_pages": 5
}π Auth required
Get audit statistics.
π Auth required
Get all settings as key-value pairs.
π Auth required
Update a setting. Allowed keys: api_key, admin_token, llm_base_url, llm_api_key, llm_model, modelscope_token
Body:
{ "value": "new-value" }π Auth required
List files in a directory.
π Auth required
Upload a file. Use multipart/form-data.
π Auth required
Download a file.
π Auth required
Read file content as text.
π Auth required
Write text content to a file.
Body:
{ "path": "config.json", "content": "..." }π Auth required
Create a directory.
Body:
{ "path": "new-folder" }π Auth required
Delete a file or directory.
π Auth required (via query param)
WebSocket terminal. Provides a full PTY shell inside the container.
Client β Server:
- Text data β stdin
{"type":"resize","cols":120,"rows":30}β resize PTY
Server β Client:
- Text data β stdout/stderr
π API Key required (different from Admin Token)
The Streamable HTTP endpoint for AI clients (Claude, Cursor, etc.) to connect.
Auth uses the API Key set in Settings β General:
Authorization: Bearer <api_key>