Developer Documentation
Connect an AI assistant to your Secureframe workspace and query or update your compliance data through the Model Context Protocol (MCP).
The Secureframe MCP server allows you to access and manage your Secureframe data — controls, tests, vendors, frameworks, risks, and more — as Model Context Protocol tools. Any MCP-capable client (Claude Code, Claude Desktop, Cursor, and others) can connect, letting you ask an assistant to look things up and take actions on your behalf.
Every request runs as the API key's user and respects that user's existing permissions — the assistant can only see and do what you can.
Use the URL that matches your Secureframe data region:
| Region | MCP URL |
|---|---|
| United States | https://mcp.secureframe.com/ |
| United Kingdom | https://mcp-uk.secureframe.com/ |
The examples below use the US URL — substitute your regional URL if applicable.
Authenticate with your Secureframe REST API key and secret. Generate a key in
Secureframe → Company Settings → API keys. Each request must include an Authorization
header containing the key and secret, separated by a space:
Authorization: <API_KEY> <API_SECRET>
export SECUREFRAME_API_KEY="your-api-key"
export SECUREFRAME_API_SECRET="your-api-secret"
Then reference those variables when you connect, as shown below.
Add the server with a single command, using the environment variables from above:
claude mcp add --transport http secureframe https://mcp.secureframe.com/ \
--header "Authorization: ${SECUREFRAME_API_KEY} ${SECUREFRAME_API_SECRET}"
--transport http is required — without it, the CLI treats the argument as a local command to launch.
--scope is optional: it controls where the config is saved — the default (local) applies to the current
project only, while --scope user makes the server available across all your projects.
For clients configured with JSON (Claude Desktop, Cursor, etc.), point an HTTP MCP server at the endpoint and pass the same header:
{
"mcpServers": {
"secureframe": {
"type": "http",
"url": "https://mcp.secureframe.com/",
"headers": {
"Authorization": "<YOUR_API_KEY> <YOUR_API_SECRET>"
}
}
}
}
These tools wrap the Secureframe REST API. Any query filters and parameters available on an API endpoint are also available on its matching tool — see the full API documentation for details. Connected MCP clients receive each tool's parameter schema automatically, so your assistant knows what inputs a tool accepts without any extra setup.
Get a Cloud Resource
List Cloud Resources
Update a Cloud Resource
Create Framework Asset Scope
List Framework Asset Scopes
Create a Comment
Delete a Comment
Get a Comment
List Comments
Update a Comment
Get a Control
List Controls
Publish data
Get a Device
List Devices
Create Framework Asset Scope
List Framework Asset Scopes
Get an Evidence
Get a Framework
List Frameworks
Get a Framework Requirement
List Framework Requirements
Archive an Integration Connection
Get an Integration Connection
List Integration Connections
Create a Knowledge Base Answer
Delete a Knowledge Base Answer
Get a Knowledge Base Answer
Update a Knowledge Base Answer
Create a Knowledge Base Question
Delete a Knowledge Base Question
Get a Knowledge Base Question
Update a Knowledge Base Question
Create a POA&M item
Discard a POA&M item
Get a POA&M item
List POA&M items
Update a POA&M item
Get a Repository
List Repositories
Update a Repository
Create Framework Asset Scope
List Framework Asset Scopes
Get a Risk
List Risks
Create an SSP Duty
Delete an SSP Duty
Get an SSP Duty
List SSP Duties
Update an SSP Duty
Create an SSP Duty Role
Delete an SSP Duty Role
Get an SSP Duty Role
List SSP Duty Roles
Create an SSP Policy
Delete an SSP Policy
Get an SSP Policy
List SSP Policies
Update an SSP Policy
Create an SSP Report
Get an SSP Report
List SSP Reports
Get an SSP Report Assessment Objective
List SSP Report Assessment Objectives
Update an SSP Report Assessment Objective
Get an SSP Report Section
List SSP Report Sections
Update an SSP Report Section
Get an SSP Report Section Block
List SSP Report Section Blocks
Update an SSP Report Section Block
Create a SSP Role
Delete a SSP Role
Get a SSP Role
List SSP Roles
Update a SSP Role
Create an SSP Vendor
Delete an SSP Vendor
Get an SSP Vendor
List SSP Vendors
Update an SSP Vendor
Create a Security Questionnaire
Get a Test
List Tests
Update a Test
Create Test Evidence
Create a Test Export
Get a Test Export
Archive a Third Party Risk Management Vendor.
Get a Third Party Risk Management Vendor.
List Third Party Risk Management Vendors
Get a Trust Center Request
List Trust Center Requests
Update a Trust Center Request
Get a User
List Users
Update a User
Get a User Account
Link a User Account
List User Accounts
Create User Evidence
Get user security settings
Archive a Vendor
Get a Vendor
List Vendors