Skip to main content
Glama
cUDGk

http-mcp

by cUDGk

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
HTTP_TIMEOUTNoPer-hop timeout in ms. Each redirect hop gets its own timeout. Total wall-clock budget = HTTP_TIMEOUT × (max_redirects + 1).30000
HTTP_MAX_BODYNoMaximum response body size in bytes (default 2 MiB).2097152
HTTP_USER_AGENTNoDefault User-Agent header value.http-mcp/<package version>
HTTP_SESSION_MAXNoMaximum number of concurrent sessions.256
HTTP_SESSION_TTLNoSession idle TTL in ms. Sessions older than this are automatically evicted.3600000
HTTP_DOWNLOAD_MAXNoMaximum download size in bytes (default 1 GiB). Separate from HTTP_MAX_BODY.1073741824
HTTP_ALLOW_PRIVATENoSet to '1' to disable SSRF guard and allow private IPs (loopback, 10/8, 172.16/12, 192.168/16, 169.254/16, IPv6 ULA, localhost, *.internal, etc.).
HTTP_DOWNLOAD_ROOTNoAllowed directory for download output. If not set, the download action will fail.
HTTP_ALLOW_INSECURE_TLSNoSet to '1' to respect reject_unauthorized: false. Otherwise, TLS verification is enforced.
HTTP_ALLOW_INSECURE_OAUTHNoSet to '1' to allow HTTP URLs for OAuth2 token/device authorization endpoints (not recommended except for testing).

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}

Tools

Functions exposed to the LLM to take actions

NameDescription
httpA

HTTP client for LLMs. curl-equivalent + OAuth2 + sessions + retry.

Response bodies: textual types decoded with charset awareness; binary types base64-encoded; capped at HTTP_MAX_BODY (default 2 MiB) with body_truncated flag. status >= 400 sets MCP isError.

BODY SELECTION (choose one per request): json | form | body | body_base64.

AUTH: basic_auth | bearer | oauth2_* flows that cache tokens and can feed into 'bearer' of a subsequent request.

SESSIONS: cookie jars keyed by session id. Pass 'session' on request/get/post/etc to send and store cookies per domain. Manage with session_create / session_list / session_close. Caller-supplied ids are hashed; idle sessions evicted after HTTP_SESSION_TTL ms.

RETRY: retry={max, on_status, backoff_ms, max_backoff_ms}. Exponential backoff on transient 5xx by default.

SECURITY: SSRF guard blocks loopback / private networks unless HTTP_ALLOW_PRIVATE=1. reject_unauthorized=false ignored unless HTTP_ALLOW_INSECURE_TLS=1. download requires HTTP_DOWNLOAD_ROOT.

Actions:

  • request / get / post / put / delete / patch / head: HTTP requests.

  • download: GET + stream to output_path (must be under HTTP_DOWNLOAD_ROOT).

  • as_curl: convert a request spec to a cURL command string. shell = bash | cmd | powershell. Output may include plaintext credentials; warning lines are prepended.

  • session_create / session_close / session_list: cookie jar lifecycle.

  • oauth2_client_credentials: machine-to-machine. Returns {access_token, expires_in, ...}. Caches by (token_url, client_id, secret_fingerprint, scope, audience).

  • oauth2_refresh: refresh_token grant.

  • oauth2_device_start: start device authorization flow.

  • oauth2_device_poll: poll token endpoint. status=pending is NOT an error — caller should retry with the same device_code; status=expired/denied/error are isError.

  • oauth2_list_tokens / oauth2_clear_cache.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cUDGk/http-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server