How It Works

The architecture behind secure agent-to-API communication.

The Problem

When AI agents need to call APIs, the typical approach is to paste API keys directly into the prompt or system message. This means:

  • Secrets in context — API keys visible to the model, logged in conversations, potentially leaked in outputs
  • No access control — the agent has the same permissions as the key owner
  • No audit trail — you can't see what the agent actually requested

The Janee Approach

Janee sits between the agent and the API as an MCP server. The agent never sees the actual credentials — it just describes what it wants, and Janee handles authentication.

┌─────────────┐ MCP (stdio) ┌──────────┐ HTTPS ┌───────────┐ │ MCP Client │ ──────────────────→ │ Janee │ ────────────→ │ API │ │ (Claude, │ "GET /repos/x/y" │ Proxy │ + Bearer │ (GitHub) │ │ Cursor) │ ←────────────────── │ │ ←──────────── │ │ └─────────────┘ response └──────────┘ response └───────────┘ │ reads secrets from env vars (never exposed)

Request Flow

  1. Agent calls http_request tool — specifies the provider name, HTTP method, path, and optional body
  2. Janee validates the request — checks the path against configured allow/deny policies
  3. Janee injects credentials — reads the secret from environment variables and adds the appropriate auth header
  4. Janee forwards the request — makes the actual HTTPS call to the upstream API
  5. Response returned — the API response is passed back to the agent through MCP

At no point does the agent see the API key, token, or any credential material.

MCP Protocol

Janee implements the Model Context Protocol (MCP), the open standard for connecting AI agents to tools and data sources. This means it works with any MCP-compatible client:

  • Claude Desktop
  • Cursor
  • Windsurf
  • Continue
  • Any custom MCP client

Provider Configuration

Each provider in your config defines a base URL, authentication method, and access policies:

{
  "providers": {
    "github": {
      "type": "openapi",
      "url": "https://api.github.com",
      "auth": {
        "type": "bearer",
        "token": "${GITHUB_TOKEN}"
      },
      "allow": ["GET /repos/**", "GET /user"],
      "deny": ["DELETE /**"]
    }
  }
}

The allow and deny lists use glob patterns to control which endpoints the agent can access. See Policies & Scoping for details.

Authentication Methods

Janee supports multiple auth types per provider:

  • bearer — Authorization: Bearer header (GitHub, Notion, most REST APIs)
  • basic — HTTP Basic auth (Jira, some legacy APIs)
  • header — Custom header injection (X-API-Key, etc.)
  • query — Secret appended as a query parameter
← MCP Integration Security Model →