# API To MCP Tool Conversion

> Turn an authenticated HTTP API into an MCP-callable AgentPMT tool without exposing API keys, bearer tokens, or OAuth credentials to the agent.

Content type: documentation
Source URL: https://www.agentpmt.com/docs/agent-connections/api-to-mcp-tool-conversion
Markdown URL: https://www.agentpmt.com/docs/agent-connections/api-to-mcp-tool-conversion?format=agent-md
Category: Agent Connections

---

# API To MCP Tool Conversion

Connected APIs turn a normal authenticated HTTP endpoint into a private AgentPMT tool that your MCP-connected agent can call. You define the allowed URLs, HTTP methods, credentials, and agent-facing instructions in the dashboard. AgentPMT then exposes a tool named `API Access <name>` with safe actions for the agent.

The value is the boundary: the agent can send a request, but it never sees API keys, bearer tokens, OAuth tokens, passwords, cookies, or authorization headers. AgentPMT checks the request against your endpoint profile, injects credentials server-side, charges the Agent Group for the allowed API call, and records the activity.

> INFO: Where this guide lives
>
> This is a setup guide, so it appears under **Guides -> Agent Connections**. The **API Reference** tab stays reserved for generated endpoint catalogs and protocol reference pages.

![Connected APIs dashboard list showing an active API Access tool with allowed methods and edit controls.](/marketing/credential-vault/connected-apis-list-filled.png)
*The Connected APIs dashboard tab lists the private API tools your agents can use.*

## What You Will Need

- An AgentPMT account with at least one Agent Group
- An API endpoint reachable from AgentPMT over HTTP or HTTPS
- The credential the upstream API expects: an API key, a bearer token, or a Basic Auth username and password
- A short description of when the agent should use this API

## What Gets Created

- **Private MCP tool**: AgentPMT creates a private connector named API Access followed by your API name.
  - **Endpoint profile**: The tool stores the approved base URLs and HTTP methods that every request must match.
  - **Product-scoped credentials**: Credentials are bound only to this Connected API, then injected server-side at call time.
  - **Agent actions**: The MCP tool exposes send_request, get_base_urls, and get_instructions.

## Step 1 - Create the Connected API

Open **Dashboard -> Connected APIs** and click **Add New**. This opens the builder for a credential-injection API tool.

1. **Name the API**
   Enter a short name like `Acme CRM`, `Stripe Reporting`, or `Internal Orders API`. AgentPMT saves the final private tool as `API Access Acme CRM`.

2. **Describe the tool**
   Write a plain-language description for operators and a short instruction block for agents. Include what the API is for, safe use cases, and any required request shape.

3. **Choose allowed methods**
   Select only the HTTP methods the agent should use. For read-only access, choose `GET` only. For webhook-style actions, choose `POST`.

## Step 2 - Define the Endpoint Boundary

Add one or more approved base URLs. The agent can call a relative path under an approved base URL, or an approved absolute URL, but it cannot forward requests to arbitrary hosts.

Relative paths resolve only when the tool has exactly one approved base URL. If you approve two or more base URLs, the agent must send an approved absolute URL in `endpoint` instead of a relative path.

![Connected API builder endpoint step with fields for name, description, agent instructions, base URLs, and HTTP method allowlist.](/marketing/credential-vault/builder-step-1-endpoint.png)
*Step 1 in the builder defines the agent-facing tool metadata and endpoint allowlist.*

Use the narrowest URL that still covers the task:

| Need | Example |
|---|---|
| One exact endpoint | `https://api.example.com/v1/customers` |
| A controlled API subtree | `https://api.example.com/v1/customers/*` |
| A webhook trigger | `https://hooks.example.com/agent-order-created` |

> WARNING: Keep the boundary narrow
>
> Avoid approving a whole API root when the agent only needs one endpoint family. The base URL and method allowlists are the main runtime guardrails before credentials are attached.

## Step 3 - Bind Authentication

Choose how the upstream API expects authentication, then bind the credential value. The agent should not know the raw secret or the exact authorization header.

![Connected API builder auth step with API key authentication selected and injection target fields.](/marketing/credential-vault/builder-step-2-auth.png)
*Choose the auth type and where AgentPMT should inject it.*
  ![Connected API builder credential step showing a selected credential.](/marketing/credential-vault/builder-step-3-credential.png)
*Bind the encrypted credential without exposing its value to the agent.*

The builder offers three auth types:

- **API key** injected into a header, query parameter, or body field. For an API with a non-standard auth header, choose the API key type and set the header name (and target) yourself.
- **Bearer token** injected into the `Authorization` header as `Bearer <token>`.
- **Basic Auth** from a username and password, injected into the `Authorization` header as `Basic <base64(username:password)>`.

When the builder saves, AgentPMT creates the private tool, stores the endpoint profile, and scopes the credential binding to that tool.

## Step 4 - Make It Available to an Agent Group

The Connected API exists as a private tool. Your MCP client only sees it when the Agent Group behind its Bearer token is allowed to use private tools or has the specific tool authorized.

1. **Open the Agent Group**
   Go to **Dashboard -> Control Center -> Agent Groups** and open the Agent Group your MCP client uses.

2. **Authorize the private tool**
   In **Tools Authorized**, either authorize the specific `API Access <name>` tool or enable **Private tools** in the auto-approval controls when that is appropriate for the group.

3. **Confirm credentials and credits**
   Keep the Connected API status set to **Active**, confirm the credential is bound, and make sure the Agent Group has enough credits and spend room for the API call.

![AgentPMT dashboard control center where Agent Groups, tools, credentials, spending, and activity are managed.](/marketing/orchestration/dashboard-control-center.png)
*Agent Groups control which tools the MCP Bearer token can expose to an agent.*

## Step 5 - Call It From an MCP Agent

Connect your MCP client to AgentPMT using the Agent Group Bearer token from [Connection](/docs/mcp-reference/connection). After the client refreshes tools, the Connected API appears as a private tool with these actions:

| Action | Use |
|---|---|
| `get_instructions` | Read the usage guidance you wrote in the builder. |
| `get_base_urls` | Inspect allowed base URLs and methods before making a request. |
| `send_request` | Send a request through the proxy after AgentPMT validates the endpoint and method. |

Ask the agent to use the API in task language:

```text
Use API Access Acme CRM to fetch customer 123 and summarize open tickets.
```

A typical `send_request` call looks like this:

```json
{
  "action": "send_request",
  "method": "GET",
  "endpoint": "/v1/customers/123/tickets",
  "query": {},
  "headers": {
    "Accept": "application/json"
  },
  "body": {}
}
```

Do not include `Authorization`, API keys, bearer tokens, cookies, or OAuth values in the tool input. If the request matches the endpoint profile, AgentPMT injects the configured credential and forwards the request.

## Runtime Guardrails

- The request method must be in the allowlist you chose in the builder.
- The destination must match one of the approved base URLs.
- A relative `endpoint` resolves only when the tool has a single approved base URL; with multiple base URLs the agent must send an approved absolute URL.
- Agent-supplied auth and transport headers (`Authorization`, `Cookie`, `Host`, and similar) are stripped before the request is sent, then the configured credential is injected.
- Auth values are injected server-side and are not returned to the agent.
- Credential bindings use product-only scope for the Connected API.
- Agent Group controls still apply: disabled tools, inactive endpoints, frozen spend, missing credits, or missing private-tool access prevent use.
- Deactivating the Connected API in the dashboard stops future calls without deleting the saved configuration.

## Troubleshooting

| Symptom | Check |
|---|---|
| The tool does not appear in MCP | Confirm the MCP client is using the Bearer token for the Agent Group that has private-tool access or the specific `API Access <name>` tool authorized. Refresh the MCP server in the client. |
| `send_request` is rejected before reaching the API | Check the endpoint path, approved base URL, and HTTP method allowlist. If the tool has more than one approved base URL, send an approved absolute URL instead of a relative path. |
| The upstream API returns `401` or `403` | Reopen the Connected API, confirm the credential is selected, and verify the auth injection target matches the upstream API. |
| The agent includes an auth header | Update the agent instructions and remind it to omit auth material. AgentPMT strips agent-supplied auth headers (it does not reject the request) and injects the configured credential automatically. |
| Calls stop working after edits | Confirm the Connected API status is **Active** and the Agent Group still has private-tool access. |

## Related Docs

- [Connection](/docs/mcp-reference/connection) - Connect an MCP client to an Agent Group Bearer token.
  - [Adding Tools to an Agent Group](/docs/core-concepts/adding-tools-to-an-agent-group) - Control which tools an Agent Group can use.
  - [Credentials](/docs/core-concepts/how-credentials-work) - Understand server-side credential storage and injection.
  - [Tools / Connectors](/docs/core-concepts/what-is-a-tool) - Learn how tools become available to agents.