API by router
Mcp
Get Api Key Context
Return bounded metadata about the calling API key.
Used by the HydraCore MCP server at startup to populate its local scope-filtering state. JWT callers receive 401 because the endpoint requires X-Api-Key by construction.
No cross-key information leaks: the response describes ONLY
the key making this request (read from request.state after
get_current_user_from_api_key has stamped it).
Header Parameters
X-Api-Key?X-Api-Key
Response Body
curl -X GET "https://loading/v1/mcp/api-key-context" \ -H "X-Api-Key: string"{
"api_key_id": "string",
"customer_id": "string",
"hash_version": "string",
"needs_reissue": true,
"rate_limit_per_hour": 0,
"rate_limit_per_minute": 0,
"scopes": [
"string"
],
"tenant_id": "string",
"user_id": "string"
}{
"detail": [
{
"loc": [
"string"
],
"msg": "string",
"type": "string"
}
]
}Emit Mcp Call Log
Persist one MCP call_tool invocation to mcp_call_log.
Server-stamped from request.state (after auth):
- id (uuid4)
- ts (now())
- scope_kind = 'api_key' (only path that reaches here today)
- api_key_id, user_id, tenant_id, customer_id
Body-controlled (validated by Pydantic + DB CHECK):
- tool_name, scope_tag, status, http_status, latency_ms, error_class, request_id
Returns 204 No Content. The MCP emit hook is fire-and-forget; the body is never read.
Header Parameters
X-Api-Key?X-Api-Key
error_class?Error Class
http_status?Http Status
latency_ms?Latency Ms
request_id?Request Id
scope_tag?Scope Tag
statusStatus
Value in
"allow" | "deny_scope" | "deny_jwt_only" | "upstream_4xx" | "upstream_5xx" | "network_error" | "exception"tool_nameTool Name
Match
^[a-z][a-z0-9_]+$Length
length <= 64Response Body
curl -X POST "https://loading/v1/mcp/audit-log" \ -H "X-Api-Key: string" \ -H "Content-Type: application/json" \ -d '{ "status": "allow", "tool_name": "string" }'Empty
{
"detail": [
{
"loc": [
"string"
],
"msg": "string",
"type": "string"
}
]
}