APISIX-MCP

Overview Schema Related Servers Score Discussions

get_credential

Retrieve all credentials or a specific credential for a consumer linked to the APISIX-MCP server by providing the username and optional credential ID.

Instructions

Get all credentials or a specific credential for a consumer

Input Schema

TableJSON Schema

Name	Required	Description	Default
`id`	No	credential id
`username`	Yes	consumer username

Implementation Reference

src/tools/consumer.ts:15-20 (registration)

Registers the 'get_credential' tool with inline handler function that retrieves consumer credentials (all or specific by id) using the makeAdminAPIRequest helper.

server.tool("get_credential", "Get all credentials or a specific credential for a consumer", GetCredentialSchema.shape, async (args) => {
  if (args.id) {
    return await makeAdminAPIRequest(`/consumers/${args.username}/credentials/${args.id}`, "GET");
  }
  return await makeAdminAPIRequest(`/consumers/${args.username}/credentials`, "GET");
});

src/schemas/consumer.ts:34-37 (schema)

Zod input schema for get_credential tool: requires username, optional id for specific credential.

export const GetCredentialSchema = z.object({
  username: ConsumerSchema.shape.username,
  id: z.string().optional().describe("credential id"),
});

src/utils/adminAPI.ts:11-80 (helper)

Helper utility function that makes HTTP requests to the APISIX admin API using axios, with authentication via X-API-KEY, returns formatted CallToolResult; used by get_credential handler.

export async function makeAdminAPIRequest(
  path: string,
  method: string = "GET",
  data?: object
): Promise<CallToolResult> {
  const baseUrl = `${APISIX_SERVER_HOST}:${APISIX_ADMIN_API_PORT}${APISIX_ADMIN_API_PREFIX}`;
  const url = `${baseUrl}${path}`;

  try {
    const response = await axios({
      method,
      url,
      data,
      headers: {
        "X-API-KEY": APISIX_ADMIN_KEY,
        "Content-Type": "application/json",
      },
    });

    return {
      content: [
        {
          type: "text",
          text: JSON.stringify(response.data, null, 2),
        },
      ],
    };
  } catch (error) {
    if (axios.isAxiosError(error)) {
      console.error(`Request failed: ${method} ${url}`);
      console.error(
        `Status: ${error.response?.status}, Error: ${error.message}`
      );

      if (error.response?.data) {
        try {
          const stringifiedData = JSON.stringify(error.response.data);
          console.error(`Response data: ${stringifiedData}`);
        } catch {
          console.error(`Response data: [Cannot parse as JSON]`);
        }
      }

      return {
        isError: true,
        content: [
          {
            type: "text",
            text: JSON.stringify(
              `Status: ${error.response?.status}\nMessage: ${error.message}
Data:\n${JSON.stringify(error.response?.data || {}, null, 2)}`,
              null,
              2
            ),
          },
        ],
      };
    } else {
      return {
        isError: true,
        content: [
          {
            type: "text",
            text: JSON.stringify(error, null, 2),
          },
        ],
      };
    }
  }
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It states the tool retrieves data ('Get'), implying it's a read operation, but doesn't disclose behavioral traits like authentication requirements, rate limits, pagination for 'all credentials', error conditions, or what happens if 'id' is omitted. For a tool with no annotation coverage, this leaves significant gaps in understanding its behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core functionality ('Get all credentials or a specific credential for a consumer'). There is no wasted verbiage or redundancy, making it easy to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no annotations, no output schema, and 2 parameters, the description is incomplete. It doesn't explain return values (e.g., format of credentials list), error handling, or behavioral constraints. For a tool that could return multiple items or require specific inputs, more context is needed to guide the agent effectively.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents both parameters ('id' and 'username') with basic descriptions. The description adds marginal value by implying 'id' is optional (for 'a specific credential') and 'username' is required (for 'a consumer'), but doesn't provide additional context like format examples or relationships between parameters beyond what the schema specifies.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('Get') and resource ('credentials'), specifying it can retrieve either 'all credentials or a specific credential for a consumer'. This distinguishes it from sibling tools like 'create_or_update_credential' and 'delete_credential' by focusing on retrieval rather than modification. However, it doesn't explicitly differentiate from other get_* tools like 'get_resource' or 'get_secret_by_id' in terms of scope.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing a consumer username), exclusions, or compare it to similar tools like 'get_resource' or 'get_secret_by_id'. The agent must infer usage solely from the tool name and parameters.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Related Tools

create_or_update_credentialC
@api7/apisix-mcp
delete_credentialC
@api7/apisix-mcp
get_credential_by_id
@jupiterbak/AYX-MCP-Wrapper
get_all_credentials
@jupiterbak/AYX-MCP-Wrapper
get_viewer
@jaipandya/producthunt-mcp-server
get_my_own_detailsC
@Kashyap-AI-ML-Solutions/webex-messaging-mcp-server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/api7/apisix-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server