MCP Server Integration
The AIdenID MCP (Model Context Protocol) server lets LLMs use supporting identity, extraction, and lifecycle tools. MCP is useful for issuer and demo workflows; it does not sit on the per-request clearance hot path.
What is MCP?
The Model Context Protocol is a standard for giving LLMs access to external tools. When you configure an MCP server, the LLM can call AIdenID functions as part of its reasoning loop — no custom integration code required.
Setup
Add the AIdenID MCP server to your LLM configuration. The exact configuration depends on your client, but the pattern is the same:
Claude Desktop / Claude Code
{
"mcpServers": {
"aidenid": {
"command": "npx",
"args": ["-y", "@aidenid/mcp-server"],
"env": {
"AIDENID_API_KEY": "aid_your_api_key",
"AIDENID_ORG_ID": "org_abc123",
"AIDENID_PROJECT_ID": "proj_def456"
}
}
}
}Environment variables
| Variable | Required | Description |
|---|---|---|
AIDENID_API_KEY | Yes | Your AIdenID API key |
AIDENID_ORG_ID | Yes | Your organization identifier |
AIDENID_PROJECT_ID | Yes | The project to scope operations to |
AIDENID_API_BASE | No | API base URL (defaults to https://api.aidenid.com) |
Available tools
Once configured, the LLM has access to the following tools:
create_identity
Provision a new disposable email identity.
| Parameter | Type | Required | Description |
|---|---|---|---|
label | string | Yes | Human-readable label |
ttl_hours | integer | No | Time-to-live in hours (default: 24) |
domain | string | No | Custom domain for the inbox |
get_identity
Retrieve identity details including status, email, and metadata.
| Parameter | Type | Required | Description |
|---|---|---|---|
identity_id | string | Yes | The identity ID to retrieve |
list_identities
List identities in the current project with optional filtering.
| Parameter | Type | Required | Description |
|---|---|---|---|
status | string | No | Filter by status |
limit | integer | No | Max results (default: 20) |
get_latest_extraction
Get the most recent extraction result for an identity.
| Parameter | Type | Required | Description |
|---|---|---|---|
identity_id | string | Yes | The identity to check for extractions |
extend_identity
Extend the TTL of an active identity.
| Parameter | Type | Required | Description |
|---|---|---|---|
identity_id | string | Yes | The identity to extend |
additional_hours | integer | Yes | Hours to add |
squash_identity
Revoke an identity and deactivate its inbox.
| Parameter | Type | Required | Description |
|---|---|---|---|
identity_id | string | Yes | The identity to squash |
create_webhook
Register a webhook endpoint for event delivery.
| Parameter | Type | Required | Description |
|---|---|---|---|
url | string | Yes | HTTPS endpoint URL |
events | string[] | Yes | Event types to subscribe to |
test_auth_flow
Run an auth flow reliability test against a target URL.
| Parameter | Type | Required | Description |
|---|---|---|---|
flow_type | string | Yes | password_reset or invite |
target_url | string | Yes | URL to test |
identity_id | string | Yes | Identity to use for the test |
Example conversation
Here is how an LLM might use AIdenID tools in a conversation:
User: Run the authorized signup test on example.com using a disposable email.
LLM: I'll create a disposable identity for the authorized test flow.
[Tool call: create_identity]
label: "example-signup"
ttl_hours: 1
[Tool result]
id: "ident_a1b2c3d4e5"
email: "a1b2c3d4e5@inbox.aidenid.com"
LLM: I've created the identity. Let me use the email in the test flow...
Now I'll check whether extraction evidence is ready.
[Tool call: get_latest_extraction]
identity_id: "ident_a1b2c3d4e5"
[Tool result]
type: "otp"
has_secret: true
redacted_value: "***"
confidence: 0.99
LLM: Extraction evidence is ready. The raw secret must stay in the secure
server-side runtime path. Let me clean up the identity.
[Tool call: squash_identity]
identity_id: "ident_a1b2c3d4e5"Security considerations
- API key access. The MCP server has full access to your API key scopes. Use a key with minimal permissions.
- Environment isolation. Use a separate project for MCP-driven operations so they do not interfere with production identities.
- TTL hygiene. Set short TTLs when using MCP tools to minimize active identity window.
- No token passthrough. Do not pass raw OTPs, magic links, or upstream bearer credentials through LLM-visible context.