Skip to main content
Glama
eludden35

HIPAA Guardian MCP Server

by eludden35
OverviewSchemaRelated ServersScoreDiscussions
TypeScript

getApiSecurityChecklist

Generate a comprehensive API security checklist to help healthcare application developers implement HIPAA-compliant security measures for protecting protected health information (PHI).

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
schemaYes

Implementation Reference

  • server.ts:304-322 (handler)
    The handler function that executes the tool logic, returning a static text response containing the OWASP-based API security checklist.
    async () => { return { content: [{ type: 'text', text: ` # General API Security Checklist (OWASP Based) 1. **Authentication:** Implement a standard, strong authentication mechanism (e.g., OAuth 2.0, JWT). Do not roll your own. 2. **Authorization:** Enforce authorization at every endpoint. Check that the authenticated user has the correct permissions to perform the requested action on the requested resource (e.g., User A cannot access User B's data). 3. **Input Validation:** Validate all incoming data for type, format, and length. Reject any invalid data. This protects against injection attacks. 4. **Rate Limiting:** Implement rate limiting to protect against denial-of-service (DoS) and brute-force attacks. 5. **Use HTTPS Everywhere:** All API endpoints must enforce TLS 1.2 or higher. 6. **Proper Error Handling:** Return generic error messages. Do not leak sensitive information like stack traces or internal function names. 7. **Security Headers:** Use security headers like Content-Security-Policy, Strict-Transport-Security, and X-Content-Type-Options. 8. **Logging and Monitoring:** Log all API requests and monitor for suspicious activity, such as high error rates or access attempts from unusual locations. ` }] }; }
  • server.ts:302-302 (schema)
    The Zod schema for the tool input, defined as an empty object indicating no parameters are required.
    schema: z.object({}),
  • server.ts:298-323 (registration)
    The server.tool() call that registers the 'getApiSecurityChecklist' tool, including its description, schema, and inline handler function.
    server.tool( 'getApiSecurityChecklist', { description: 'Provides a general-purpose checklist for securing backend APIs, based on OWASP best practices.', schema: z.object({}), }, async () => { return { content: [{ type: 'text', text: ` # General API Security Checklist (OWASP Based) 1. **Authentication:** Implement a standard, strong authentication mechanism (e.g., OAuth 2.0, JWT). Do not roll your own. 2. **Authorization:** Enforce authorization at every endpoint. Check that the authenticated user has the correct permissions to perform the requested action on the requested resource (e.g., User A cannot access User B's data). 3. **Input Validation:** Validate all incoming data for type, format, and length. Reject any invalid data. This protects against injection attacks. 4. **Rate Limiting:** Implement rate limiting to protect against denial-of-service (DoS) and brute-force attacks. 5. **Use HTTPS Everywhere:** All API endpoints must enforce TLS 1.2 or higher. 6. **Proper Error Handling:** Return generic error messages. Do not leak sensitive information like stack traces or internal function names. 7. **Security Headers:** Use security headers like Content-Security-Policy, Strict-Transport-Security, and X-Content-Type-Options. 8. **Logging and Monitoring:** Log all API requests and monitor for suspicious activity, such as high error rates or access attempts from unusual locations. ` }] }; } );
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/eludden35/hipaa-guardian-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server