MCP: example to use the mcp server with HTTP requests
Test the MCP server with HTTP requests.
Use case
In this case, we are going to test the MCP server with HTTP requests.
We will use the MCP server to initialize a session, list resources, read a resource, list tools and use a tool.
We will first create policies and queries to be used by the MCP server.
We will also capture a set of nodes and relationships to be used by the MCP server.
Requirements
- ServiceAccount credentials created in the IndyKite Hub for your organization.
- AppAgent credentials created in the IndyKite Hub, using the REST endpoints or using Terraform for your Project / Application.
- Access token for a Person node who can drive a vehicle according to the KBAC policy and also can be a valid subject of the CIQ policy.
Steps
1. Using the AppAgent credential as API Key (name: X-IK-ClientKey), ingest data in your IKG (IndyKite Knowledge Graph) using the script provided.
2. Using the ServiceAccount credential as Bearer token, create a CIQ Policy which designates the Subject node, the cypher and the nodes allowed to be read.
3. Using the ServiceAccount credential as Bearer token, create a CIQ Query in the context of the policy.
4. Using the ServiceAccount credential as Bearer token, create a KBAC Policy which designates the conditions to drive a car.
5. Using the AppAgent credential as API Key (name: X-IK-ClientKey), and an allowed subject Bearer token, we will initialize a session with the MCP server and call the MCP resource and tools.
Step 1
Ingest the nodes needed for this use case (replace bearer-token-sub with actual Bearer token sub).
POST https://eu.api.indykite.com/capture/v1/nodes/Json
{
"nodes": [
{
"external_id": "bearer-token-sub",
"is_identity": true,
"type": "Person",
"properties": [
{
"type": "email",
"value": "alice@email.com"
},
{
"type": "given_name",
"value": "Alice"
},
{
"type": "last_name",
"value": "Smith"
}
]
},
{
"external_id": "knightrider",
"type": "Person",
"is_identity": true,
"properties": [
{
"type": "email",
"value": "knightrider@demo.com"
},
{
"type": "name",
"value": "Michael Knight"
}
]
},
{
"external_id": "satchmo",
"type": "Person",
"is_identity": true,
"properties": [
{
"type": "email",
"value": "satchmo@demo.com"
},
{
"type": "name",
"value": "Louis Armstrong"
}
]
},
{
"external_id": "karel",
"type": "Person",
"is_identity": true,
"properties": [
{
"type": "email",
"value": "karel@demo.com"
},
{
"type": "name",
"value": "Karel Plihal"
}
]
},
{
"external_id": "kitt",
"type": "Car",
"is_identity": false,
"properties": [
{
"type": "manufacturer",
"value": "pontiac"
},
{
"type": "model",
"value": "Firebird"
}
]
},
{
"external_id": "cadillacv16",
"type": "Car",
"is_identity": false,
"properties": [
{
"type": "manufacturer",
"value": "Cadillac"
},
{
"type": "model",
"value": "V-16"
}
]
},
{
"external_id": "harmonika",
"type": "Bus",
"is_identity": false,
"properties": [
{
"type": "manufacturer",
"value": "Ikarus"
},
{
"type": "model",
"value": "280"
}
]
},
{
"external_id": "listek",
"type": "Ticket",
"is_identity": false
},
{
"external_id": "airbook-xyz",
"type": "Laptop",
"is_identity": false
},
{
"external_id": "ole",
"is_identity": true,
"type": "Person",
"properties": [
{
"type": "email",
"value": "ole@yahoo.co.uk"
},
{
"type": "given_name",
"value": "ole"
},
{
"type": "last_name",
"value": "einar"
}
]
},
{
"external_id": "cb2563",
"type": "PaymentMethod",
"properties": [
{
"type": "payment_name",
"value": "Credit Card Parking"
},
{
"type": "preference",
"value": "Pay as you go"
}
]
},
{
"external_id": "carOle",
"type": "Vehicle",
"properties": [
{
"type": "category",
"value": "Car"
},
{
"type": "is_active",
"value": true
},
{
"type": "vin",
"value": "pcfjnm78"
}
]
},
{
"external_id": "licenseOle",
"type": "LicenseNumber",
"properties": [
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "AL98745",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "licenseAlice",
"type": "LicenseNumber",
"properties": [
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "BTYUMN",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "loyalty1",
"type": "Loyalty",
"properties": [
{
"type": "name",
"value": "Parking Loyalty Plan"
}
]
},
{
"external_id": "consent1",
"type": "ConsentPayment",
"properties": [
{
"type": "name",
"value": "Consent Parking"
}
]
},
{
"external_id": "companyParking",
"type": "Company",
"properties": [
{
"type": "name",
"value": "City Parking Inc"
}
]
},
{
"external_id": "applicationParking",
"type": "Application",
"properties": [
{
"type": "name",
"value": "City Mall Parking"
}
]
}
]
}Step 2
Ingest the relationships needed for this use case (replace bearer-token-sub with actual Bearer token sub).
POST https://eu.api.indykite.com/capture/v1/relationships/Json
{
"relationships": [
{
"source": {
"external_id": "knightrider",
"type": "Person"
},
"target": {
"external_id": "kitt",
"type": "Car"
},
"type": "DRIVES"
},
{
"source": {
"external_id": "satchmo",
"type": "Person"
},
"target": {
"external_id": "cadillacv16",
"type": "Car"
},
"type": "DRIVES"
},
{
"source": {
"external_id": "karel",
"type": "Person"
},
"target": {
"external_id": "listek",
"type": "Ticket"
},
"type": "HAS"
},
{
"source": {
"external_id": "listek",
"type": "Ticket"
},
"target": {
"external_id": "harmonika",
"type": "Bus"
},
"type": "FOR"
},
{
"source": {
"external_id": "karel",
"type": "Person"
},
"target": {
"external_id": "airbook-xyz",
"type": "Laptop"
},
"type": "OWNS"
},
{
"source": {
"external_id": "bearer-token-sub",
"type": "Person"
},
"target": {
"external_id": "airbook-xyz",
"type": "Laptop"
},
"type": "OWNS"
},
{
"source": {
"external_id": "knightrider",
"type": "Person"
},
"target": {
"external_id": "kitt",
"type": "Car"
},
"type": "OWNS"
},
{
"source": {
"external_id": "bearer-token-sub",
"type": "Person"
},
"target": {
"external_id": "cadillacv16",
"type": "Car"
},
"type": "DRIVES"
},
{
"source": {
"external_id": "ole",
"type": "Person"
},
"target": {
"external_id": "cb2563",
"type": "PaymentMethod"
},
"type": "HAS"
},
{
"source": {
"external_id": "ole",
"type": "Person"
},
"target": {
"external_id": "carOle",
"type": "Car"
},
"type": "OWNS"
},
{
"source": {
"external_id": "ole",
"type": "Person"
},
"target": {
"external_id": "loyalty1",
"type": "Loyalty"
},
"type": "IS_MEMBER"
},
{
"source": {
"external_id": "bearer-token-sub",
"type": "Person"
},
"target": {
"external_id": "loyalty1",
"type": "Loyalty"
},
"type": "IS_MEMBER"
},
{
"source": {
"external_id": "ole",
"type": "Person"
},
"target": {
"external_id": "consent1",
"type": "ConsentPayment"
},
"type": "GRANTED"
},
{
"source": {
"external_id": "carOle",
"type": "Car"
},
"target": {
"external_id": "licenseOle",
"type": "LicenseNumber"
},
"type": "HAS"
},
{
"source": {
"external_id": "consent1",
"type": "ConsentPayment"
},
"target": {
"external_id": "cb2563",
"type": "PaymentMethod"
},
"type": "GRANTED"
},
{
"source": {
"external_id": "companyParking",
"type": "Company"
},
"target": {
"external_id": "applicationParking",
"type": "Application"
},
"type": "OWNS"
},
{
"source": {
"external_id": "applicationParking",
"type": "Application"
},
"target": {
"external_id": "consent1",
"type": "ConsentPayment"
},
"type": "USES"
},
{
"source": {
"external_id": "bearer-token-sub",
"type": "Person"
},
"target": {
"external_id": "cb8521",
"type": "PaymentMethod"
},
"type": "HAS"
},
{
"source": {
"external_id": "bearer-token-sub",
"type": "Person"
},
"target": {
"external_id": "carAlice",
"type": "Car"
},
"type": "OWNS"
},
{
"source": {
"external_id": "bearer-token-sub",
"type": "Person"
},
"target": {
"external_id": "consent1",
"type": "ConsentPayment"
},
"type": "GRANTED"
},
{
"source": {
"external_id": "carAlice",
"type": "Car"
},
"target": {
"external_id": "licenseAlice",
"type": "LicenseNumber"
},
"type": "HAS"
},
{
"source": {
"external_id": "consent1",
"type": "ConsentPayment"
},
"target": {
"external_id": "cb8521",
"type": "PaymentMethod"
},
"type": "GRANTED"
}
]
}Step 2
Create a CIQ Policy which designates the Subject node, the cypher and the nodes allowed to be read.
POST https://eu.api.indykite.com/configs/v1/authorization-policiesJson
{
"project_id": "your_project_gid",
"description": "description of policy",
"display_name": "policy name",
"name": "policy-name",
"policy": "{\"policy\":{\"meta\":{\"policy_version\":\"1.0-ciq\"},\"subject\":{\"type\":\"Person\"},\"condition\":{\"cypher\":\"MATCH (subject:Person) MATCH (app:Application)-[:USES]->(consentpayment:ConsentPayment)<-[:GRANTED]-(subject)-[:HAS]->(paymentmethod:PaymentMethod) MATCH (subject)-[:IS_MEMBER]->(loyalty:Loyalty) MATCH (subject)-[:OWNS]->(car:Car)-[:HAS]->(ln:LicenseNumber)\",\"filter\":[{\"operator\":\"AND\",\"operands\":[{\"attribute\":\"subject.external_id\",\"operator\":\"=\",\"value\":\"$subject_external_id\"},{\"attribute\":\"subject.property.email\",\"operator\":\"=\",\"value\":\"$subject_email\"}]}]},\"allowed_reads\":{\"nodes\":[\"ln.*\",\"app.*\",\"paymentmethod.external_id\"]}}}",
"status": "ACTIVE",
"tags": []
}Step 3
Create a CIQ Query in the context of the policy. In the description, give all the necessary information an agent would need to know to call the ciq_execute tool.
POST https://eu.api.indykite.com/configs/v1/knowledge-queriesJson
{
"project_id": "your_project_gid",
"description": "Call tool 'ciq_execute' with arguments : id: \"<this query's id>\", input_params: {subject_external_id: (required) must match Bearer token 'sub', subject_email: (required), license: (required) car license plate}. Auth: Bearer token required, token subject = subject_external_id. Returns: payment_method_external_id",
"display_name": "knowledge query name",
"name": "knowledge-query-name",
"policy_id": "your_policy_gid",
"query": "{\"nodes\":[\"paymentmethod.external_id\"],\"filter\":{\"attribute\":\"ln.property.number\",\"operator\":\"=\",\"value\":\"$license\"}}",
"status": "ACTIVE"
}Step 4
Create a KBAC Policy which designates the conditions to drive a car.
POST https://eu.api.indykite.com/configs/v1/authorization-policiesJson
{
"project_id": "your_project_gid",
"description": "description of policy",
"display_name": "policy name",
"name": "policy-name",
"policy": "{\"meta\":{\"policy_version\":\"2.0-kbac\"},\"subject\":{\"type\":\"Person\"},\"actions\":[\"CAN_DRIVE\"],\"resource\":{\"type\":\"Car\"},\"condition\":{\"cypher\":\"MATCH (subject:Person)-[:DRIVES]->(resource:Car)\"}}",
"status": "ACTIVE",
"tags": []
}Step 5
Initialize a session with the MCP server. Returns capabilities and session id.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
curl -v -i -X POST https://eu.mcp.indykite.com/mcp/v1/<project_gid> -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "X-IK-ClientKey: $API_KEY" -d '{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2025-11-25",
"capabilities": {},
"clientInfo": {
"name": "curl",
"version": "1.0"
}
}
}'Check if session is initialized with the MCP server.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
curl -v -i -X POST https://eu.mcp.indykite.com/mcp/v1/<project_gid> -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "X-IK-ClientKey: $API_KEY" -H "Mcp-Session-Id: $SESSION_ID" -d '{
"jsonrpc": "2.0",
"id": 1,
"method": "notifications/initialized",
"params": {
"protocolVersion": "2025-11-25",
"capabilities": {},
"clientInfo": {
"name": "curl",
"version": "1.0"
}
}
}'1List resources available in the MCP server.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
curl -v -i -X POST https://eu.mcp.indykite.com/mcp/v1/<project_gid> -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "X-IK-ClientKey: $API_KEY" -H "Mcp-Session-Id: $SESSION_ID" -d '{
"jsonrpc": "2.0",
"id": 2,
"method": "resources/list",
"params": {}
}'List tools available in the MCP server.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
curl -v -i -X POST https://eu.mcp.indykite.com/mcp/v1/<project_gid> -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "X-IK-ClientKey: $API_KEY" -H "Mcp-Session-Id: $SESSION_ID" -d '{
"jsonrpc": "2.0",
"id": 3,
"method": "tools/list",
"params": {}
}'List tools response.
{
"jsonrpc": "2.0",
"id": 3,
"result": {
"tools": [
{
"name": "authzen_evaluate",
"description": "Evaluate access with AuthZEN evaluation endpoint",
"inputSchema": {
"type": "object",
"required": [
"subject_type",
"subject_id",
"resource_type",
"resource_id",
"action_name"
],
"properties": {
"subject_type": {
"type": "string",
"description": "required, description: Type of subject"
},
"subject_id": {
"type": "string",
"description": "required, description: ID of subject"
},
"resource_type": {
"type": "string",
"description": "required, description: Type of resource"
},
"resource_id": {
"type": "string",
"description": "required, description: ID of resource"
},
"action_name": {
"type": "string",
"description": "required, description: Action name"
},
"context": {
"type": "object",
"description": "Optional context",
"additionalProperties": true
}
},
"additionalProperties": false
}
},
{
"name": "authzen_evaluations",
"description": "Execute multiple access evaluations in a single request",
"inputSchema": {
"type": "object",
"required": ["evaluations"],
"properties": {
"evaluations": {
"type": "array",
"description": "required, description: Evaluations",
"items": {
"type": "object",
"additionalProperties": true
}
},
"action_name": {
"type": ["null", "string"],
"description": "Default action name"
},
"resource_type": {
"type": ["null", "string"],
"description": "Default resource type"
},
"resource_id": {
"type": ["null", "string"],
"description": "Default resource ID"
},
"subject_type": {
"type": ["null", "string"],
"description": "Default subject type"
},
"subject_id": {
"type": ["null", "string"],
"description": "Default subject ID"
},
"context": {
"type": "object",
"description": "Optional context",
"additionalProperties": true
}
},
"additionalProperties": false
}
},
{
"name": "authzen_search_action",
"description": "Search for all actions a subject can perform on a resource",
"inputSchema": {
"type": "object",
"required": [
"subject_type",
"subject_id",
"resource_type",
"resource_id"
],
"properties": {
"subject_type": {
"type": "string",
"description": "required, description: Type of subject"
},
"subject_id": {
"type": "string",
"description": "required, description: ID of subject"
},
"resource_type": {
"type": "string",
"description": "required, description: Type of resource"
},
"resource_id": {
"type": "string",
"description": "required, description: ID of resource"
},
"context": {
"type": "object",
"description": "Optional context",
"additionalProperties": true
},
"page": {
"type": "object",
"description": "Pagination parameters",
"additionalProperties": true
}
},
"additionalProperties": false
}
},
{
"name": "authzen_search_resource",
"description": "Search for resources a subject can access with a specified action",
"inputSchema": {
"type": "object",
"required": [
"subject_type",
"subject_id",
"resource_type",
"action_name"
],
"properties": {
"subject_type": {
"type": "string",
"description": "required, description: Type of subject"
},
"subject_id": {
"type": "string",
"description": "required, description: ID of subject"
},
"resource_type": {
"type": "string",
"description": "required, description: Type of resource"
},
"action_name": {
"type": "string",
"description": "required, description: Action name"
},
"context": {
"type": "object",
"description": "Optional context",
"additionalProperties": true
},
"page": {
"type": "object",
"description": "Pagination parameters",
"additionalProperties": true
}
},
"additionalProperties": false
}
},
{
"name": "ciq_execute",
"description": "Execute a ContX IQ (CIQ) query by id (knowledge_query id)",
"inputSchema": {
"type": "object",
"required": ["id"],
"properties": {
"id": {
"type": "string",
"description": "required, description: Knowledge query ID"
},
"input_params": {
"type": "object",
"description": "Optional input parameters",
"additionalProperties": true
},
"page_size": {
"type": ["null", "integer"],
"description": "Optional page size (default 100)"
},
"page_token": {
"type": ["null", "integer"],
"description": "Optional pagination token"
}
},
"additionalProperties": false
}
}
]
}
}Call the knowledge-queries resource.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
curl -v -i -X POST https://eu.mcp.indykite.com/mcp/v1/<project_gid> -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "X-IK-ClientKey: $API_KEY" -H "Mcp-Session-Id: $SESSION_ID" -d '{
"jsonrpc": "2.0",
"id": 4,
"method": "resources/read",
"params": {
"uri": "indykite://knowledge-queries/"
}
}'
Call the knowledge-queries resource.
{
"jsonrpc":"2.0",
"id":4,
"result":{
"contents":[
{
"uri":"indykite://knowledge-queries/",
"mimeType":"application/json",
"text":{
"knowledge_queries": [
{
"id": "<knowledge_queries_id>",
"description": "Call tool 'ciq_execute' with arguments : id: "<this query's id>", input_params: {subject_external_id: (required) must match Bearer token 'sub', subject_email: (required), license: (required) car license plate}. Auth: Bearer token required, token subject = subject_external_id. Returns: payment_method_external_id",
"status": "STATUS_ACTIVE"
}
],
"mcp_url": "https://eu.mcp.indykite.com/mcp/v1/<project_id>>",
"total_count": 1
}
}
]
}
}
Call the authzen_evaluate tool to check if according to the KBAC policy, the subject authorized by the Bearer access token can drive the car.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
curl -v -i -X POST https://eu.mcp.indykite.com/mcp/v1/<project_gid> -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "X-IK-ClientKey: $API_KEY" -H "Mcp-Session-Id: $SESSION_ID" -H "X-IndyKite-Base-URL: https://eu.api.indykite.com" -d '{
"jsonrpc": "2.0",
"id": 5,
"method": "tools/call",
"params": {
"name": "authzen_evaluate",
"arguments": {
"subject_type": "Person",
"subject_id": <bearer-token-sub>,
"resource_type": "Car",
"resource_id": "cadillacv16",
"action_name": "CAN_DRIVE"
}
}
}'
Authzen_evaluate tool response.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
{
"jsonrpc":"2.0",
"id":5,
"result":{
"content":[
{
"type":"text",
"text": {"decision":true}
}
]
}
}
Call the ciq execute tool to get the payment method designated by the CIQ policy for the subject authorized by the Bearer access token.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
curl -v -i -X POST https://eu.mcp.indykite.com/mcp/v1/<project_gid> -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "X-IK-ClientKey: $API_KEY" -H "Mcp-Session-Id: $SESSION_ID" -H "X-IndyKite-Base-URL: https://eu.api.indykite.com" -d '{
"jsonrpc": "2.0",
"id": 9,
"method": "tools/call",
"params": {
"name": "ciq_execute",
"arguments": {
"id": "<knowledge_query_id>",
"input_params": {"license": "BTYUMN","subject_external_id": <bearer-token-sub>,"subject_email": "alice@email.com"},
"page_token": 1
}
}
}'
Ciq Execute tool response.
POST https://eu.mcp.indykite.com/mcp/v1/<project_gid>JsonRPC
{
"jsonrpc":"2.0",
"id":9,
"result":{
"content":[{
"type":"text",
"text":{
"data":[{
"nodes":{
"paymentmethod.external_id":"cb8521"
}
}]
}
}]
}
}
Tags
MCP CIQ Policy CIQ Query CIQ Execution KBAC AuthZEN
Related Resources
No related resources found.