Everything that ships with ApexMCP

18 connector types, enterprise-grade security, immutable audit logs, and MCP versioning — all live, no "coming soon".

Start free trial See pricing

Connector library

18 connector types. All expose as MCP tools on your org endpoint. Schema-discovering connectors auto-build tool schemas from your data.

Databases

  • PostgreSQL
    Schema discovery
  • MySQL
    Schema discovery
  • SQL Server
    Schema discovery
  • Oracle
  • Snowflake
  • Databricks
  • Hadoop
  • MongoDB
    Schema discovery

REST & GraphQL APIs

  • REST API (API Key)
    Schema discovery
  • REST API (Basic auth)
  • REST API (OAuth2)
  • REST API (HS256 JWT)
  • GraphQL
    Schema discovery

Cloud Storage & SaaS

  • AWS S3 / S3-compatible
  • Google Cloud Storage
  • Google Sheets

Platform & Proxy

  • Inbound Webhooks
    Collect & replay
  • External MCP Server
    Proxy & namespace

Security & identity

Enterprise auth controls that most MCP setups bolt on late. ApexMCP ships them on day one.

HashiCorp Vault credentials

AES-256-GCM encryption at rest. Credentials fetched at runtime, never stored in plaintext. Read-only enforcement per connector.

IP allowlisting

Restrict dashboard and MCP gateway access to approved CIDR ranges. Applied at the gateway before any request reaches your connectors.

MFA enforcement

Org-wide MFA enforcement validated against Zitadel AMR claims. Returns 401 for any session without a verified MFA factor.

Session timeout

Per-org configurable timeout (15–480 minutes). UI countdown timer with amber/red warnings. Gateway-enforced on every request.

5-role RBAC

Superadmin, Admin, Finance, Contributor, and Pending roles. Soft-delete revocation prevents re-onboarding loops on next login.

BYOIDP agent auth

RS256 JWT verification against your JWKS endpoint. Works with Okta, Entra ID, Auth0, Cognito, Keycloak, and Google Workspace.

MCP system capabilities

The full lifecycle — provision, scope, version, rotate, and rollback — from one dashboard.

Single org-scoped endpoint

One /mcp/{orgSlug} URL exposes all your connectors as MCP tools. Works with Claude Desktop, Cursor, Windsurf, and any MCP client.

Per-tool enable/disable

Toggle individual tools on or off without reprovisioning. Granular control over what agents can see and call.

Versioning & rollback

Full provisioning history captured on every change. One-click rollback to any previous working configuration.

API key auto-rotation

Named keys with 30/60/90/180-day rotation schedules. Rotation runs automatically; every event is audited.

Per-key tool scoping

Scope each API key to specific connectors. Limit blast radius — a compromised key only reaches what you allowed.

OAuth2 client credentials

Issue HS256 JWT tokens (1h TTL) for agent auth via standard client_credentials grant. No session cookies needed.

Audit & compliance

Built for enterprise buyers who need to answer security questionnaires — not tack on compliance after launch.

Immutable hash chain

Every tool call, login, and admin action generates an audit record. Each record stores a SHA-256 hash of the previous — tamper attempts are detectable.

SIEM forwarding

Forward audit events to your SIEM in real time. Per-org configuration in security settings.

Usage metering

Per-org request logs with daily charts. Quota enforcement gates tool calls before they reach connectors. Rate limiting at 10–100 rps by tier.

GDPR compliance

Right to erasure: account deletion purges all personal data within 30 days. Data portability export via API. PII redaction on audit log export.

Ready to connect your agents?

Start your 14-day trial. No credit card required.

Start for free Compare plans