← Back to Overview

MCP SERVERS

Management MCP

A built-in MCP server with 33 tools that gives any AI client full workspace management capabilities — collections, environments, requests, mock servers, security scanning, and more via natural language.

Management MCP enabled in the Mock+MCP panel

Overview

The Management MCP server is a built-in MCP (Model Context Protocol) server that exposes 33 tools for full workspace management via AI. Any MCP-compatible client can connect and control API Studio programmatically.

Compatible clients: GitHub Copilot, Cursor, Kiro, Claude Desktop, Amazon Q
Default port: 3199
Endpoint: http://127.0.0.1:3199/mcp
Does NOT auto-start — must be enabled manually in settings
Note: The Management MCP server does not start automatically. You must explicitly enable it via VS Code settings or the Mock+MCP panel before AI clients can connect.

Enabling

Two ways to enable the Management MCP server:

1

VS Code Settings

Settings → Extensions → API Studio → Management MCP Enabled

Setting key: openPost.managementMcp.enabled

Port: openPost.managementMcp.port (default: 3199)

2

Mock+MCP Panel

Mock+MCP view → MCP Servers section → Management MCP → toggle on

Important: The Management MCP server cannot be deleted from the UI — it can only be started and stopped. It always appears first in the MCP servers list.

All 33 Tools

The Management MCP exposes the following tools, organized by category:

Read (5 tools)

ToolDescription
list_collectionsList all collections (local + global)
list_requestsList requests in a collection or folder
list_environmentsList all environments (local + global)
get_requestGet full details of a specific request
list_serversList mock and MCP server instances

Write (17 tools)

ToolDescription
create_collectionCreate a new collection
create_requestCreate a new request in a collection
create_folderCreate a folder in a collection
create_environmentCreate a new environment
create_mock_serverCreate a new mock server
create_mock_routeAdd a route to a mock server
start_mock_serverStart a mock server
stop_mock_serverStop a running mock server
restart_mock_serverRestart a mock server
start_mcp_serverStart a collection-sourced MCP server
stop_mcp_serverStop a running MCP server
restart_mcp_serverRestart an MCP server
update_collectionUpdate collection name, description, auth, or scripts
update_requestUpdate request fields including testRules and setVariables
update_environmentUpdate environment variables
update_mock_routeUpdate an existing mock route
set_active_environmentSwitch the active environment

Execution (2 tools)

ToolDescription
run_requestExecute a single request — full pipeline: auth, scripts, cookies, testRules, setVariables, digest retry, history save
run_collectionRun all requests — sequential (shared env for chaining) or parallel (separate copies)

History & Snapshots (4 tools)

ToolDescription
list_historyList request history entries
get_history_entryGet full details of a history entry
list_snapshotsList snapshot contracts
get_snapshotGet full details of a snapshot

Import / Export (4 tools)

ToolDescription
import_curlImport a cURL command as a request
import_openapiImport an OpenAPI/Swagger spec as a collection
export_curlExport a request as a cURL command
export_openapiExport a collection as an OpenAPI spec

Security (1 tool)

ToolDescription
security_scanRun automated security probes against an endpoint

Tool Categories Explained

Read

List and inspect existing data — collections, requests, environments, servers. No mutations.

Write

Create, update, and delete resources. Includes server lifecycle management (start/stop/restart).

Execution

run_request executes the full pipeline — auth injection, pre-request scripts, HTTP call, test runner, digest retry, history save. run_collection runs all requests either sequentially (shared env vars for chaining) or in parallel (separate env copies per request).

Import / Export

Convert between formats — import cURL commands or OpenAPI specs, export requests as cURL or collections as OpenAPI.

Security

Automated security testing — run probes against endpoints to detect common vulnerabilities.

Security Scan Tool

The security_scan tool runs automated security probes against an endpoint. It checks for common vulnerabilities and returns findings with severity levels.

Probe Types

ProbeWhat it checks
injectionSQL injection and XSS vulnerabilities
broken-authMissing or weak authentication checks
security-headersHSTS, Content-Security-Policy, X-Frame-Options
information-disclosureStack traces in errors, server version headers
rate-limitBurst request testing for rate limiting
mass-assignmentExtra field injection to test for unprotected properties
Output: Each finding includes a severity level (critical, high, medium, low, info), description, and remediation guidance.

Stdio Mode

For AI clients that prefer stdio transport over HTTP, API Studio provides a stable script path that survives extension upgrades.

Stable script path:

~/.openpost/global/mcp-stdio.js
Copied automatically on extension activation
Survives extension version upgrades without manual path updates
MCP Connect panel shows both HTTP URL and stdio command

Usage:

node ~/.openpost/global/mcp-stdio.js
MCP connection instructions showing HTTP URL

The MCP Connect panel shows connection instructions for both HTTP and stdio modes

Multi-Window Note

The Management MCP server runs as a single global instance — the first VS Code window to start it wins.

Important: Local scope operations (like create_collection, create_request without scope: "global") always target the workspace where the Management MCP server was started.

Workarounds

Use scope: "global" for collections you want accessible across all workspaces
Close the primary window and reload the target window so the Management MCP starts there instead

Next

Ko-fi