MCP Setup & Usage
Complete guide to setting up RESTK's MCP server and connecting AI clients for AI-assisted API testing with 47 tools, 10 resources, and 6 AI workflows.
RESTK implements a local Model Context Protocol (MCP) server that lets AI coding assistants interact with your API collections. This guide covers setup, capabilities, and real-world usage patterns. For a high-level overview of AI capabilities, see AI Integration.
Setting Up the MCP Server
Enable the MCP Server
Open RESTK Settings and navigate to the AI Integration tab. Toggle Enable MCP Server on. RESTK starts a local server that exposes your workspace to MCP-compatible clients.
Share Collections
Collections are not shared with AI by default. To give AI access to a collection, right-click it, open Settings, and enable Share with AI. Only shared collections are visible to AI clients.
Configure Your AI Client
Point your AI client to RESTK's MCP server. Configuration varies by client — see the examples below.
One-Click Setup (Recommended)
Open RESTK
Launch the RESTK app on your machine.
Go to Settings → AI Integration
Select your AI assistant from the list.
Click Setup
RESTK handles the configuration automatically. Start a new session in your AI assistant to connect.
Manual Setup — Claude Code
claude mcp add --transport stdio --scope user restk -- /Applications/Restk.app/Contents/Resources/restk-bridge
Manual Setup — Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"restk": {
"command": "/Applications/Restk.app/Contents/Resources/restk-bridge"
}
}
}
Manual Setup — Cursor
Add to ~/.cursor/mcp.json:
{
"mcpServers": {
"restk": {
"url": "http://localhost:52452/mcp"
}
}
}
No Node.js or npx required for any platform.
Local Only
The MCP server runs entirely on localhost. No data is sent to external servers through the MCP connection. Your AI client communicates directly with the RESTK app on your machine.
Connection Lifecycle
Seamless Reconnection
RESTK's connection is designed to be seamless. If you close and reopen RESTK, your AI assistant reconnects automatically — no manual steps needed. Cursor users may need to reconnect manually after RESTK restarts.
Confirmation & Approval Flow
RESTK categorizes operations by their impact level:
Read-only (no approval needed):
- Browsing collections, folders, requests, and mock servers
- Reading request details and configurations
- Accessing environment variable names and non-secret values
- Analyzing responses, performance data, and error patterns
- Searching across responses
- Generating test script previews and inferring schemas
- Exporting requests as cURL commands
- Analyzing mock server coverage
Non-destructive writes (approval required):
- Creating or updating collections, requests, folders, and environments
- Executing requests and cURL commands
- Importing collections
- Creating and configuring mock servers
- Adding mock server responses and routing rules
- Generating and saving readiness reports
- Starting and stopping mock servers
Destructive operations (always require manual approval):
- Deleting collections, requests, or folders
- Deleting mock servers, mock responses, or routing rules
When a write operation is requested, RESTK displays a confirmation dialog showing exactly what the AI wants to do. If you don't respond within the timeout window, the action is automatically denied.
Always Review Before Approving
Read the confirmation dialog carefully. It shows the affected item and what will change. Approve only if the action matches your intent.
Auto-Approve Option
For workflows where you trust the AI client and want faster iteration, you can enable auto-approve in Settings → AI Integration. When enabled, non-destructive write operations (create, update, execute) proceed without a confirmation dialog. Destructive operations (delete) always require manual approval regardless of the auto-approve setting.
What You Can Do
RESTK exposes 47 tools to AI clients. You don't need to know tool names — just describe what you want in plain English. Your AI assistant maps your request to the right capability automatically.
Browse & Read
View your API workspace without any approval required.
| What you can ask | What happens |
|---|---|
| "Show me all my collections" | Lists all AI-shared collections with folder and request counts |
| "List the requests in my Users folder" | Shows requests in a collection or folder with names, methods, and URLs |
| "Show me the details of the Login request" | Returns full request configuration — URL, method, headers, body, auth type, scripts (credentials redacted) |
| "Show me the last 10 API calls I made" | Chronological timeline of API responses, filterable by request, status, and timeframe |
| "List my mock servers" | Shows all mock servers with status, port, and route count |
Execute & Export
Run requests and export them for use outside RESTK.
| What you can ask | What happens | Approval |
|---|---|---|
| "Run the Login request" | Executes with full variable substitution, auth inheritance, and pre/post scripts | Yes |
| "Run the Login request with a 60 second timeout" | Executes with custom timeout and redirect settings | Yes |
| "Run this cURL: curl -X POST ..." | Executes any HTTP request from a cURL command | Always |
| "Re-run the Get Users request but change the page to 5" | Re-executes with parameter or header overrides | Yes |
| "Export the Create Order request as cURL" | Generates a paste-ready cURL command | No |
Create & Organize
Build and manage your API workspace.
| What you can ask | What happens |
|---|---|
| "Create a collection called Payment Gateway API" | Creates a new collection, automatically shared with AI |
| "Rename my Auth collection to Authentication" | Updates collection name, auth type, variables, or scripts |
| "Create a POST request 'Create User' with a JSON body" | Creates a request with method, URL, headers, body (JSON/form/raw/GraphQL), auth, and scripts |
| "Add a test script to Create User that verifies status 201" | Updates any request property — URL, method, headers, body, auth, or scripts |
| "Create a Users folder in my Payment Gateway collection" | Creates folders, supports nesting |
| "Rename the Auth folder to Authentication" | Updates folder name, auth, variables, or scripts |
| "Create a Development environment with baseUrl variable" | Creates, updates, or deletes environment variables (supports secret values) |
| "Import my Postman collection" | Imports from Postman, OpenAPI, Insomnia, or cURL format |
| "Delete the old test collection" | Soft-deletes collections, requests, or folders (always requires approval) |
Analyze & Debug
Inspect responses, find patterns, and diagnose issues.
| What you can ask | What happens |
|---|---|
| "Search for 'insufficient funds' across all my responses" | Searches response bodies for a text pattern with matching snippets |
| "What's the JSON schema of the Get Users response?" | Auto-detects JSON schema from recent response bodies with typed field definitions |
| "Compare the last two responses from Get Users" | Shows differences in status, headers, body structure, and timing |
| "What error patterns are happening this week?" | Groups 4xx/5xx errors by status code and URL pattern with sample messages |
| "How is the Create Order endpoint performing?" | Computes mean, median, P95, P99 response times, error rate, and trend (improving/degrading/stable) |
| "Show me a timeline of all error responses this week" | Chronological response timeline filterable by status and timeframe |
AI-Powered Analysis
Deep analysis powered by AI with deterministic fallbacks.
| What you can ask | What happens |
|---|---|
| "Analyze why the last response was a 422" | Deep analysis of a response — status classification, header analysis, body structure |
| "Write tests for the Create User endpoint" | Generates a Nova test script from response data — basic (status + type) or comprehensive (full validation) |
AI Workflows
Advanced multi-step workflows that combine multiple capabilities.
| What you can ask | What happens |
|---|---|
| "Scan this codebase and create a RESTK collection" | Instructions for scanning routes, controllers, and schemas to build a complete collection with environments, folders, requests, auth, variables, and test scripts. Supports Express, NestJS, Django, Flask, Rails, Spring, Laravel, Go |
| "Write comprehensive tests for the Create User request" | Analyzes request structure, parameters, and past responses to suggest test scenarios covering functional, edge case, security, and error handling |
| "Help me debug why the Payment Webhook is failing" | Gathers request config, recent error responses, headers, and timing to provide debugging context |
| "Do a security review of my Payment Gateway API" | Reviews endpoints for missing auth, inconsistent auth patterns, missing security headers, sensitive data in URLs, HTTP vs HTTPS. Rates findings by severity |
| "Help me speed up the List Products endpoint" | Analyzes response history for performance issues. Suggests caching, pagination, compression, field selection, and timeout tuning |
| "Score my API's quality and completeness" | Evaluates auth quality, error handling, response consistency, documentation, and security practices |
Agent Readiness
| What you can ask | What happens |
|---|---|
| "Is my API collection ready for production?" | Generates and saves a scored readiness assessment to the workspace |
Mock Server
Create and manage mock servers for testing without a live backend.
| What you can ask | What happens | Approval |
|---|---|---|
| "Create a mock server from my Payment Gateway collection" | Creates a mock server with routes generated from real endpoints | Yes |
| "Start the Payment mock server" | Starts the mock server to accept HTTP requests | Yes |
| "Stop the mock server" | Stops a running mock server | Yes |
| "Add a 404 response for GET /users/999" | Adds a custom response variant with headers, body, status code, and delay | Yes |
| "Add a rule that returns 429 when X-Test-Rate-Limit header is present" | Adds conditional routing rules that match on headers, query params, or body | Yes |
| "Generate error responses for the /orders endpoint" | Generates edge case responses — timeouts, rate limits, malformed data, auth failures | Yes |
| "Create a checkout flow scenario with sequential responses" | Generates multi-step stateful scenarios with rules and conditional logic | Yes |
| "How much of my API does this mock server cover?" | Analyzes mock coverage vs real API endpoints, shows gaps | No |
| "Delete the old test mock server" | Deletes mock servers, responses, or routing rules | Always |
Natural Language Works
You don't need to know tool names or parameters. Just describe what you want in plain English. Your AI assistant maps your request to the right capability automatically.
Available Resources
RESTK exposes 10 read-only data resources that AI clients can access for structured context without invoking tools. Resources use restk:// URIs.
| Resource | What it provides | Sub-paths |
|---|---|---|
| Collections | All shared collections and their details | Details, requests, folders, and stats for each collection |
| Requests | Full request configuration (credentials redacted) | Individual request details |
| Environments | Environments and variables (secrets redacted) | Active environment, individual environment details |
| Folders | Folder hierarchy and contents | Requests, subfolders, and full hierarchy for each folder |
| Request History | Execution history with response times and status | Individual entries, search, trends, and aggregate stats |
| Audit Logs | MCP operation logs | Logs by tool, errors, and aggregate stats |
| Workspaces | Workspace metadata and summary | Individual workspace details |
| Nova Scripting | Scripting reference for pre/post scripts and tests | Full API reference, examples, and test patterns |
| Discovery | Server capabilities overview | Available resources, tools, and capabilities |
| Mock Servers | Mock server configurations and routes | Individual servers, routes, and rules |
Resources follow the same visibility rules as tools — only AI-shared collections and their contents are accessible.
Prompts
RESTK registers 6 MCP prompts that provide guided AI workflows. Prompts are available to AI clients that support the MCP prompts capability — they surface as structured starting points for complex tasks.
| What it does | How to use it |
|---|---|
| Security Audit | "Do a security review of my API collection" |
| Performance Optimization | "Help me speed up this endpoint" |
| Codebase Scanning | "Scan this codebase and create a collection" |
| Error Debugging | "Help me debug why this request is failing" |
| Agent Readiness | "Score my API's quality and completeness" |
| Test Generation | "Write comprehensive tests for this request" |
Prompts vs Tools
Prompts and tools overlap intentionally. Prompts provide a guided experience for clients that support them; the same capabilities are also available as tools for clients that don't. Either way, you get the same result.
Quick Reference
| Capability | Count |
|---|---|
| Tools | 47 |
| Resources | 10 |
| Prompts | 6 |
| Total | 63 |
Real-World Usage Examples
Debugging a Failing Endpoint
Scenario: Your /api/orders endpoint returns 500 intermittently.
You: "The orders endpoint keeps failing. Can you check the recent responses
and find a pattern?"
AI: Reads the request details, pulls execution history, and analyzes
error patterns.
AI: "I found 12 responses in the last hour. 4 returned 500 with the message
'connection pool exhausted'. All failures happened during batch operations
with more than 50 items. The endpoint works fine for smaller payloads.
Likely a backend connection pool limit."
Building a New Integration
Scenario: You have API docs for a payment gateway and want to set up a collection fast.
You: "Create a Payment Gateway collection with endpoints for
create charge, get charge, list charges, and refund.
Base URL is https://api.payments.example.com/v1"
AI: Creates the collection, then creates four requests (with approval
for each). Sets up proper methods, URLs, headers, and placeholder bodies
based on standard REST conventions.
You: "Now generate test scripts for the create charge endpoint"
AI: Generates test assertions for status code, response structure,
and required fields (no approval needed — read-only preview).
Performance Review
Scenario: Your team wants to know which endpoints are slowest before a release.
You: "Analyze performance across my Staging API collection and
find the slowest endpoints"
AI: Runs performance analysis on the collection, then pulls detailed
timelines for the outliers.
AI: "Across 34 endpoints, average response time is 180ms. Three endpoints
exceed 1 second:
- POST /api/reports/generate — 3.2s (DNS: 12ms, Server: 3100ms)
- GET /api/search — 1.8s (DNS: 10ms, Server: 1750ms)
- POST /api/import — 1.4s (DNS: 11ms, Server: 1350ms)
All three have high server processing time. The reports endpoint
is the main bottleneck."
Mock Server for Frontend Testing
Scenario: Your frontend team needs a mock API while the backend is still in development.
You: "Create a mock server from my User API collection"
AI: Creates a mock server with routes matching your real endpoints.
Generates realistic response data based on your existing responses.
You: "Add error responses for the login endpoint — 401 for bad credentials
and 429 for rate limiting"
AI: Adds custom response variants with appropriate status codes,
headers, and body content.
You: "Start the mock server"
AI: Starts the server on a local port. Your frontend can now hit
the mock endpoints during development.
Troubleshooting
| Problem | Cause | Solution |
|---|---|---|
| AI client doesn't see RESTK tools | MCP server not enabled or client not configured | Enable MCP Server in Settings → AI Integration; use the one-click setup or follow the manual setup instructions above |
| "Connection refused" in AI client | RESTK app is not running, or server is on a different port | Launch RESTK first; check the port discovery file (see below) for the active port |
| Tools listed but calls fail | RESTK version outdated | Update to the latest version of RESTK |
| AI can't find my collection | Collection does not have AI sharing enabled | Right-click the collection → Settings → Enable Share with AI |
| Approval dialog doesn't appear | RESTK is in the background or minimized | Bring RESTK to the foreground; the approval dialog appears in the main app window |
| Action denied automatically | Approval timeout expired before you responded | Retry the action and approve promptly; keep RESTK visible during AI workflows |
Advanced Troubleshooting
Port Discovery
RESTK's MCP server defaults to port 52452. If that port is occupied, RESTK automatically selects an available port. The active port is written to a discovery file:
~/Library/Application Support/Restk/mcp.port
If your AI client cannot connect on the default port, read this file to find the actual port RESTK is using.
MCP Server Logs
If you need to diagnose connection issues, check the MCP server log in RESTK:
- Open Settings → AI Integration
- Click View MCP Logs
- Look for connection errors, initialization failures, or tool execution errors