Turn an authenticated HTTP API into an MCP-callable AgentPMT tool without exposing API keys, bearer tokens, or OAuth credentials to the agent.
API To MCP Tool Conversion
Connected APIs turn a normal authenticated HTTP endpoint into a private AgentPMT tool that your MCP-connected agent can call. You define the allowed URLs, HTTP methods, credentials, and agent-facing instructions in the dashboard. AgentPMT then exposes a tool named API Access <name> with safe actions for the agent.
The value is the boundary: the agent can send a request, but it never sees API keys, bearer tokens, OAuth tokens, passwords, cookies, or authorization headers. AgentPMT checks the request against your endpoint profile, injects credentials server-side, charges the Agent Group for the allowed API call, and records the activity.
Where this guide lives
This is a setup guide, so it appears under Guides -> Agent Connections. The API Reference tab stays reserved for generated endpoint catalogs and protocol reference pages.
What You Will Need
- An AgentPMT account with at least one Agent Group
- An API endpoint reachable from AgentPMT over HTTP or HTTPS
- The credential the upstream API expects: an API key, a bearer token, or a Basic Auth username and password
- A short description of when the agent should use this API
What Gets Created
Private MCP tool
AgentPMT creates a private connector named API Access followed by your API name.
Endpoint profile
The tool stores the approved base URLs and HTTP methods that every request must match.
Product-scoped credentials
Credentials are bound only to this Connected API, then injected server-side at call time.
Agent actions
The MCP tool exposes send_request, get_base_urls, and get_instructions.
Step 1 - Create the Connected API
Open Dashboard -> Connected APIs and click Add New. This opens the builder for a credential-injection API tool.
Name the API
Enter a short name like Acme CRM, Stripe Reporting, or Internal Orders API. AgentPMT saves the final private tool as API Access Acme CRM.
Describe the tool
Write a plain-language description for operators and a short instruction block for agents. Include what the API is for, safe use cases, and any required request shape.
Choose allowed methods
Select only the HTTP methods the agent should use. For read-only access, choose GET only. For webhook-style actions, choose POST.
Step 2 - Define the Endpoint Boundary
Add one or more approved base URLs. The agent can call a relative path under an approved base URL, or an approved absolute URL, but it cannot forward requests to arbitrary hosts.
Relative paths resolve only when the tool has exactly one approved base URL. If you approve two or more base URLs, the agent must send an approved absolute URL in endpoint instead of a relative path.
Use the narrowest URL that still covers the task:
| Need | Example |
|---|---|
| One exact endpoint | https://api.example.com/v1/customers |
| A controlled API subtree | https://api.example.com/v1/customers/* |
| A webhook trigger | https://hooks.example.com/agent-order-created |
Keep the boundary narrow
Avoid approving a whole API root when the agent only needs one endpoint family. The base URL and method allowlists are the main runtime guardrails before credentials are attached.
Step 3 - Bind Authentication
Choose how the upstream API expects authentication, then bind the credential value. The agent should not know the raw secret or the exact authorization header.
The builder offers three auth types:
- API key injected into a header, query parameter, or body field. For an API with a non-standard auth header, choose the API key type and set the header name (and target) yourself.
- Bearer token injected into the
Authorizationheader asBearer <token>. - Basic Auth from a username and password, injected into the
Authorizationheader asBasic <base64(username:password)>.
When the builder saves, AgentPMT creates the private tool, stores the endpoint profile, and scopes the credential binding to that tool.
Step 4 - Make It Available to an Agent Group
The Connected API exists as a private tool. Your MCP client only sees it when the Agent Group behind its Bearer token is allowed to use private tools or has the specific tool authorized.
Open the Agent Group
Go to Dashboard -> Control Center -> Agent Groups and open the Agent Group your MCP client uses.
Authorize the private tool
In Tools Authorized, either authorize the specific API Access <name> tool or enable Private tools in the auto-approval controls when that is appropriate for the group.
Confirm credentials and credits
Keep the Connected API status set to Active, confirm the credential is bound, and make sure the Agent Group has enough credits and spend room for the API call.
Step 5 - Call It From an MCP Agent
Connect your MCP client to AgentPMT using the Agent Group Bearer token from Connection. After the client refreshes tools, the Connected API appears as a private tool with these actions:
| Action | Use |
|---|---|
get_instructions | Read the usage guidance you wrote in the builder. |
get_base_urls | Inspect allowed base URLs and methods before making a request. |
send_request | Send a request through the proxy after AgentPMT validates the endpoint and method. |
Ask the agent to use the API in task language:
Use API Access Acme CRM to fetch customer 123 and summarize open tickets.A typical send_request call looks like this:
{
"action": "send_request",
"method": "GET",
"endpoint": "/v1/customers/123/tickets",
"query": {},
"headers": {
"Accept": "application/json"
},
"body": {}
}Do not include Authorization, API keys, bearer tokens, cookies, or OAuth values in the tool input. If the request matches the endpoint profile, AgentPMT injects the configured credential and forwards the request.
Runtime Guardrails
- The request method must be in the allowlist you chose in the builder.
- The destination must match one of the approved base URLs.
- A relative
endpointresolves only when the tool has a single approved base URL; with multiple base URLs the agent must send an approved absolute URL. - Agent-supplied auth and transport headers (
Authorization,Cookie,Host, and similar) are stripped before the request is sent, then the configured credential is injected. - Auth values are injected server-side and are not returned to the agent.
- Credential bindings use product-only scope for the Connected API.
- Agent Group controls still apply: disabled tools, inactive endpoints, frozen spend, missing credits, or missing private-tool access prevent use.
- Deactivating the Connected API in the dashboard stops future calls without deleting the saved configuration.
Troubleshooting
| Symptom | Check |
|---|---|
| The tool does not appear in MCP | Confirm the MCP client is using the Bearer token for the Agent Group that has private-tool access or the specific API Access <name> tool authorized. Refresh the MCP server in the client. |
send_request is rejected before reaching the API | Check the endpoint path, approved base URL, and HTTP method allowlist. If the tool has more than one approved base URL, send an approved absolute URL instead of a relative path. |
The upstream API returns 401 or 403 | Reopen the Connected API, confirm the credential is selected, and verify the auth injection target matches the upstream API. |
| The agent includes an auth header | Update the agent instructions and remind it to omit auth material. AgentPMT strips agent-supplied auth headers (it does not reject the request) and injects the configured credential automatically. |
| Calls stop working after edits | Confirm the Connected API status is Active and the Agent Group still has private-tool access. |
Related Docs
Build it yourself, or hire AgentPMT to build it with you.
Let’s turn these ideas into reality. Dive in and build it yourself, or bring in the AgentPMT consulting team for a seamless, end-to-end implementation.
Free to start. Consulting available when you want expert implementation.