Skip to main content
Back to Use cases

AI agents & API access

Let AI tools use your APIs with the same credentials and security as your existing apps. One gateway, one audit trail.

Practical use cases

Concrete ways teams use Zerq for this scenario.

  • Let an AI assistant in an IDE discover and call your APIs

    Developers or support staff use an MCP-compatible client (e.g. in an IDE) that lists your API collections and endpoints and can execute requests. The client uses the same credentials as your apps; every call is logged and rate-limited like REST traffic.

  • Chatbots that answer questions using live API data

    Internal or partner-facing chatbots call your APIs (e.g. order status, account balance) so users get real answers. All traffic goes through the gateway so you keep one place for auth, quotas, and audit—no separate “AI endpoint.”

  • One gateway for mobile app, partners, and AI

    Your mobile app, a partner integration, and an AI agent all use the same gateway and credentials. You don’t run a separate AI gateway or maintain a second set of keys; one config, one audit trail, one place to see who called what.

Outcomes

  • AI and automation use the same gateway as REST—one control plane, one set of credentials.
  • Ops and automation can manage the platform with the same identity and role-based access as the admin UI.
  • No separate identity or deployment for AI; same access control, rate limits, and audit for all access.

How Zerq helps

  • Gateway auth (X-Client-ID, X-Profile-ID, Authorization) applies to both REST and MCP; AuthenticateForMeta protects the MCP route and sets client/profile context.
  • MCP handler exposes list_collections, list_endpoints, endpoint_details, execute_endpoint; uses ClientService and CollectionService for discovery; execute_endpoint calls the gateway with request headers.
  • Management MCP lets platform engineers and automation manage collections, proxies, and workflows via MCP with the same OIDC and RBAC as the admin UI—one auth model for both UI and MCP.
  • Single deployment: MCP is an additional route on the same app; no duplicate meta API or auth logic.
  • Full audit and metrics: MCP tool calls and execute requests flow through the same logging and Prometheus as REST.
For architects & evaluators (technical context, requirements)

Technical context

Organizations want AI agents and automation tools to call their APIs using the same security and governance as traditional REST clients. The Model Context Protocol (MCP) provides a standard way for AI clients to discover and invoke tools. Exposing the gateway via MCP—with the same client ID, profile ID, and auth as REST—means one identity, one audit trail, and one deployment. The gateway remains the single enforcement point for RBAC, rate limits, and logging.

Technical requirements

  • Same credentials for REST and MCP; no separate MCP identity or key management.
  • MCP tools: list collections, list endpoints, endpoint details, execute (gateway request).
  • HTTP-only MCP endpoint (e.g. Streamable HTTP); path configurable; no stdio.
  • Execute calls go through the same gateway path (RBAC, logging, rate limits, audit).

Request Enterprise Demo