diff --git a/docs/docs.json b/docs/docs.json
index 5d345be..610af36 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -34,7 +34,8 @@
"sdk/python",
"sdk/go",
"sdk/cli",
- "sdk/mcp"
+ "sdk/mcp",
+ "sdk/api-mcp"
]
},
{
diff --git a/docs/sdk/api-mcp.mdx b/docs/sdk/api-mcp.mdx
new file mode 100644
index 0000000..dff999c
--- /dev/null
+++ b/docs/sdk/api-mcp.mdx
@@ -0,0 +1,149 @@
+---
+title: "API MCP (beta)"
+---
+
+
+ The Flare API MCP server is still in beta and is subject to change.
+ {/* TODO Specify beta quota adjustements */}
+
+
+Flare provides a
+[Model Context Protocol](https://modelcontextprotocol.io/) (MCP) server that
+exposes Flare's search and platform APIs to any MCP-capable client. It lets
+agents query Flare's threat-intel dataset, inspect a tenant's monitored
+events, look up event-type schemas, and read the current user's profile —
+without writing any code against the REST API directly.
+
+For a documentation-only companion server (search across the Flare API docs
+themselves), see the
+[Documentation MCP ](/sdk/mcp).
+
+## Available Tools
+
+| Tool | Description |
+| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
+| `search_search` | Global Search — execute a Lucene query against the entire Flare threat-intel dataset. |
+| `search_tenant` | Tenant Search — execute a Lucene query scoped to events matching the caller's monitored identifiers. |
+| `validate_search_query` | Validate that a Lucene query complies with Flare's search rules before running it. Useful when composing or debugging a query. |
+| `get_event_type` | Return the documentation and searchable field list for a given event type (e.g. `chat_message`, `forum_post`, `stealer_log`). |
+| `profile_get` | Return the current user's profile, including tenants, permissions, feature flags, and default tenant id. |
+
+### Search Parameters
+
+The `search_search` (Global) and `search_tenant` (Tenant) tools accept the
+same parameters:
+
+
+ Lucene query string.
+
+
+
+ Time window to restrict results to. Either a preset (`last_24h`, `last_7d`,
+ `last_1m`, …) or a `{ begin_at, end_at }` object with ISO-8601 datetimes.
+
+
+
+ List of event types to scope the search.
+
+
+
+ Number of results to return. Between `1` and `10`.
+
+
+
+ Opaque pagination cursor from a previous response.
+
+
+### Prompt Examples
+
+- `What has Flare picked up on our monitored domain scatterholt.com in the last 24 hours?`
+- `Search the whole Flare dataset for chat messages mentioning "acme-corp" in the last 7 days.`
+- `Validate this query for me: author_name:/some_username_\d+/`
+- `What fields can I search on the stealer_log event type?`
+- `Which tenants do I currently have access to?`
+
+## MCP Server Configuration
+
+The MCP server is available at the following URL:
+
+- `https://api.flare.io/mcp`
+
+For a copy-pasteable example that wires everything below into a client, see
+[Client Setup](#client-setup).
+
+#### Authentication
+
+Every MCP request must include a Flare API key in the `Authorization`
+header. Follow the
+[Authentication Guide ](/concepts/authentication)
+to generate one.
+
+#### Targeting a specific tenant
+
+Requests default to your account's default tenant. To scope MCP tool calls
+to a specific tenant, set the `X-Flare-Tenant-Id` header on the MCP
+connection to the target tenant id. You can find your tenant ids on the
+[Profile page](https://app.flare.io/#/profile) under the "Tenants" section
+(also documented in the
+[Authentication Guide ](/concepts/authentication#finding-tenant-ids)).
+
+## Client Setup
+
+### Claude Code
+
+[Claude Code](https://docs.claude.com/en/docs/claude-code/overview) reads
+MCP servers from an `.mcp.json` file at the root of your project. Create the
+file with the snippet below, replacing `` with a Flare API key
+obtained from the
+[Authentication Guide ](/concepts/authentication).
+
+```json .mcp.json
+{
+ "mcpServers": {
+ "flare": {
+ "type": "http",
+ "url": "https://api.flare.io/mcp",
+ "headers": {
+ "Authorization": "",
+ "X-Flare-Tenant-Id": ""
+ }
+ }
+ }
+}
+```
+
+Restart Claude Code once the file is in place. The Flare tools will appear
+under the `flare` server in the `/mcp` command output, and Claude will call
+them automatically when your prompts match their descriptions.
+
+
+ Store the API key outside version control. Claude Code also supports
+ reading headers from environment variables — see the
+ [Claude Code MCP docs](https://code.claude.com/docs/en/mcp#environment-variable-expansion-in-mcp-json)
+ for details.
+
+
+### Claude Desktop
+
+Claude Desktop can connect to the Flare MCP server as a remote **Custom
+Connector**. Follow the official walkthrough:
+
+- [Getting started with custom connectors using remote MCP](https://support.claude.com/en/articles/11175166-get-started-with-custom-connectors-using-remote-mcp#h_3d1a65aded)
+
+When prompted for the server URL, use `https://api.flare.io/mcp`, and set
+the `Authorization` header to your Flare API key.
+
+### Other Clients
+
+- **Cursor** —
+ [Using `mcp.json`](https://cursor.com/docs/mcp).
+ The same JSON shape shown above for Claude Code applies.
+
+## Quotas & Rate Limits
+
+- Calls to `search` (Global Search) consume the tenant's monthly Global
+ Search quota. See
+ [Rate Limits and Quotas ](/concepts/rate-limits-and-quotas).
+- `tenant`, `validate_search_query`, `get_event_type`, and `get` (profile) do
+ not consume the Global Search quota.
+- Standard API rate limits apply to all tools.