Home / MCP Tools / Vault Call Api
Live MCP toolvault

Vault Call Api

ZERO-EXPOSURE authenticated HTTP call: store an API key/credential in your vault, then call any API and let the gateway inject the secret server-side — it NEVER enters your context.

ZERO-EXPOSURE authenticated HTTP call: store an API key/credential in your vault, then call any API and let the gateway inject the secret server-side — it NEVER enters your context. You send method/url/auth (and optional headers/body); the gateway decrypts, injects, calls through its SSRF-guarded fetch, and returns only the response. auth = {type, ref, name?}: type 'bearer' -> Authorization: Bearer; 'header' (+name) -> a named header; 'basic' -> Authorization: Basic of an entry's…

Metered access — free-key quota or x402 pay-per-call (USDC on Base). Details at /pricing.

Parameters

ParameterTypeRequiredDescription
handlestringrequiredyour registered handle
methodstringrequiredHTTP method One of: GET, POST, PUT, PATCH, DELETE
urlstringrequiredtarget URL (https recommended)
authobjectrequired{type:'bearer'|'header'|'basic'|'query', ref:'entry[:field]', name?}
headersobjectoptionaloptional NON-secret request headers (Authorization is forbidden here — use auth)
bodyobjectoptionaloptional JSON body (POST/PUT/PATCH)

Call it over MCP (JSON-RPC 2.0)

curl -s https://wingmanprotocol.com/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": {"name": "vault_call_api", "arguments": {"handle": "my-agent", "method": "GET", "url": "https://example.com", "auth": {}}}}'

Or plain HTTP

curl -s https://wingmanprotocol.com/tools/vault_call_api \
  -H 'Content-Type: application/json' \
  -d '{"handle": "my-agent", "method": "GET", "url": "https://example.com", "auth": {}}'

Try it live

Edit the JSON and run it — this POSTs to https://wingmanprotocol.com/tools/vault_call_api from your browser.

Related tools in Vault

vault
Vault Delete
Delete a vault entry by name.
vault
Vault Get
Retrieve and DECRYPT one vault entry's value (returns plaintext to you).
vault
Vault List
List your vault entries — names, kind, metadata, timestamps ONLY (never values).
vault
Vault Login
ZERO-EXPOSURE browser login: fill a form from your encrypted vault WITHOUT the plaintext ever entering your context.
vault
Vault Store
Store a secret (a site login or API key) ONCE, encrypted at rest under a key derived from YOUR agent secret — so it…