API Manager API

1.0.x
(4 reviews)

MCP Server

With the API Manager MCP server, your AI agent gains direct access to API Manager. From a simple conversation, the agent can list environments, search for API instances, apply and manage policies, and update API configurations without requiring you to switch tabs or make manual API calls. It works with any MCP-compatible client. Connect once, and your AI agent knows what to call and when.

Supported Agent Actions

Once connected, you can ask your AI assistant to:

  • List all environments in your organization
  • Search and list API instances in an environment
  • Create a new API instance from an Exchange asset
  • Update an API instance's configuration or endpoint
  • Retrieve the Exchange asset details for an API instance
  • Apply, modify, enable, or disable policies on an API
  • List all policies and policy templates applied to an API

Authentication

The API Manager MCP server uses Anypoint Platform bearer tokens. Before setting up your AI client, obtain an access token.

Replace ANYPOINT_USERNAME and ANYPOINT_PASSWORD with your Anypoint credentials.

curl --location --request POST 'https://anypoint.mulesoft.com/accounts/login' \
     --header 'Content-Type: application/json' \
     --data-raw '{
        "username": "ANYPOINT_USERNAME",
        "password": "ANYPOINT_PASSWORD"
     }' | jq -r ".access_token"

Copy the token from the response and use it in these setup steps.

Token Expiry: Anypoint tokens are valid for 1 hour. You'll need to refresh your token periodically.

Connect Your AI Client

MCP Inspector

The MCP Inspector is a browser-based tool that lets you connect to any MCP server, discover its tools, and test them interactively.

1. Launch the Inspector

If you have MCP Inspector installed, run:

npx @modelcontextprotocol/inspector

This opens the inspector UI in your browser (typically at http://localhost:6274). A proxy session token is automatically generated and appended to the URL.

2. Connect to the API Manager MCP Server

In the inspector UI:

  1. Set the Transport Type to Streamable HTTP.
  2. Enter the server URL:
https://anypoint.mulesoft.com/apimanager/mcp
  1. Under Headers, add your authorization header:
Header NameValue
AuthorizationBearer YOUR_TOKEN
  1. Click Connect.
3. Discover and Test Tools

Once connected:

  1. Click List Tools to see all available API Manager tools.
  2. Select any tool to view its parameters and description.
  3. Fill in the required fields and click Run Tool to test it directly from the inspector.

Claude Code

Run this single command in your terminal. Replace YOUR_TOKEN with your Anypoint token.

claude mcp add --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer YOUR_TOKEN"

Verify the connection:

claude mcp list

You should see an output like:

api-manager-mcp: https://anypoint.mulesoft.com/apimanager/mcp (HTTP) - ✓ Connected

Understanding Configuration Scopes

Claude Code stores MCP servers in different locations depending on who should have access:

ScopeFlagWhere It's StoredWho Can Use It
Local (default)--scope local~/.claude.json (per-project)Only you, in this project
User--scope user~/.claude.jsonOnly you, across all projects
Project--scope project.mcp.json in your repoAnyone who clones this repo

Examples:

# Add for this project only (default)
claude mcp add --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer YOUR_TOKEN"

# Add for all your projects
claude mcp add --scope user --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer YOUR_TOKEN"

# Add for your team (creates .mcp.json in repo)
claude mcp add --scope project --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer YOUR_TOKEN"

What is .mcp.json?

When you add an MCP server with --scope project, Claude Code creates a .mcp.json file in your repository root. This file contains the MCP server configuration that gets shared with your team.

Example .mcp.json:

{
  "mcpServers": {
    "api-manager-mcp": {
      "type": "http",
      "url": "https://anypoint.mulesoft.com/apimanager/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN"
      }
    }
  }
}

Security Note: The .mcp.json file contains your token. If sharing with a team, consider using environment variables or having each team member add their own token locally.

Cursor IDE

Add the MCP server to your Cursor configuration. Open or create .cursor/mcp.json in your project root:

{
  "mcpServers": {
    "api-manager-mcp": {
      "url": "https://anypoint.mulesoft.com/apimanager/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN"
      }
    }
  }
}

Restart Cursor to pick up the new configuration. The API Manager tools will then be available to the AI assistant.

Useful Commands Reference

CommandWhat It Does
claude mcp listShow all configured servers and their connection status
claude mcp get <name>Show details for a specific server (URL, headers, scope)
claude mcp remove <name>Remove a server
claude mcp remove <name> --scope userRemove from a specific scope

Troubleshooting & FAQ

Connection Issues

"Failed to connect" status?

# 1. Check the server details.
claude mcp get api-manager-mcp

# 2. Verify your token hasn't expired (tokens last 1 hour).
# Get a fresh token and update the server:
claude mcp remove api-manager-mcp
claude mcp add --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer NEW_TOKEN"

MCP Inspector won't connect?

  1. Confirm the transport type is set to Streamable HTTP.
  2. Verify the URL is https://anypoint.mulesoft.com/apimanager/mcp.
  3. Ensure the Authorization header includes Bearer (with a trailing space) before the token.
  4. Refresh your token if it has expired.

Server not appearing in claude mcp list?

# The server might be in a different scope. Check all locations:
cat ~/.claude.json | grep -A5 "mcpServers"  # User/Local scope
cat .mcp.json 2>/dev/null                    # Project scope

Token Issues

"Authentication failed" or 401 errors?

Your token has expired. Get a new one:

# Get a fresh token
curl --location --request POST 'https://anypoint.mulesoft.com/accounts/login' \
     --header 'Content-Type: application/json' \
     --data-raw '{"username": "YOUR_USERNAME", "password": "YOUR_PASSWORD"}' | jq -r ".access_token"

# Update the server with the new token
claude mcp remove api-manager-mcp
claude mcp add --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer NEW_TOKEN"

For MCP Inspector: Update the Authorization header value in the inspector UI and click Connect again.

Scope Confusion

"I added the server but it's not working in a different project"

You likely added it with local scope (the default). Add it with user scope instead:

claude mcp add --scope user --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer YOUR_TOKEN"

Removing and Re-adding

Need to update the token or URL?

# Remove the existing server
claude mcp remove api-manager-mcp

# Add it back with new settings
claude mcp add --transport http api-manager-mcp https://anypoint.mulesoft.com/apimanager/mcp --header "Authorization: Bearer NEW_TOKEN"

Remove from a specific scope:

claude mcp remove api-manager-mcp --scope user     # Remove from user scope
claude mcp remove api-manager-mcp --scope project  # Remove from project scope (.mcp.json)
claude mcp remove api-manager-mcp --scope local    # Remove from local scope

Quick Checklist

If you encounter issues, use this checklist:

  • Token is fresh (less than 1 hour old)
  • Server URL is correct: https://anypoint.mulesoft.com/apimanager/mcp
  • Header format is correct: Authorization: Bearer YOUR_TOKEN (note the space after "Bearer")
  • Transport is set to http (Claude Code) or Streamable HTTP (MCP Inspector)
  • You're in the right project directory (for local/project scope)

Available Tools

ToolWhat it does
list_environemntsReturns all environments (e.g., Sandbox, Production, Design) that the authenticated user has permission to access within the given organization.
list_api_instancesSearch and list all API instances (managed APIs) in a specific environment. Supports pagination, sorting, search, and filtering by endpoint type, asset ID, and more.
create_api_instanceCreates a new API instance in the specified environment from an Exchange asset. Supports configuring the endpoint URI, instance label, and technology type.
patch_api_instanceUpdates an API instance's configuration including endpoint URI, instance label, deployment settings, and asset version. Supports partial updates.
get_api_assetRetrieves the Exchange asset information associated with an API instance, including the asset's group ID, asset ID, version, name, and type.
get_applied_policy_templatesReturns all policy templates currently applied to a specific API instance, including their configuration, order of execution, and status.
list_policiesReturns all policies currently applied to a specific API instance, including their configuration, order of execution, and enabled/disabled status.
apply_policyApplies a policy template to an API instance with the specified configuration. The policy template is identified by groupId, assetId, and assetVersion from Exchange.
modify_policyUpdates the configuration of a policy already applied to an API instance. Use this to change settings such as rate limits, CORS origins, or authentication parameters.
enable_policyEnables a previously disabled policy on an API instance. The policy must already be applied to the API instance.
disable_policyDisables an active policy on an API instance without removing it. The policy remains applied but stops being enforced at runtime.

Example Prompts

Once connected, try asking your AI agent:

  • "List all environments in my organization."
  • "Show me all API instances in my production environment."
  • "Create a new API instance for the Orders API from Exchange in my sandbox environment."
  • "What policies are applied to API instance 12345?"
  • "Apply a rate-limiting policy to my Payments API."
  • "Disable the CORS policy on API instance 67890."
  • "Update the endpoint URI for my Customer API instance."
  • "What Exchange asset is associated with this API instance?"

See Also

Reviews