Hal (http Api Layer)
@DeanWard
About Hal (http Api Layer)
HAL is a Model Context Protocol (MCP) server that provides HTTP API capabilities to Large Language Models. It allows LLMs to make HTTP requests and interact with web APIs through a secure, controlled interface. HAL can also automatically generate tools from OpenAPI/Swagger specif
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"hal": {
"command": "npx",
"args": [
"hal-mcp"
]
}
}
}Tools
8Make an HTTP GET request to a specified URL. Supports secret substitution using {secrets.key} syntax where 'key' corresponds to HAL_SECRET_KEY environment variables.
Make an HTTP POST request to a specified URL with optional body and headers. Supports secret substitution using {secrets.key} syntax in URL, headers, and body where 'key' corresponds to HAL_SECRET_KEY environment variables.
Make an HTTP PUT request to a specified URL with optional body and headers. Supports secret substitution using {secrets.key} syntax in URL, headers, and body where 'key' corresponds to HAL_SECRET_KEY environment variables.
Make an HTTP PATCH request to a specified URL with optional body and headers. Supports secret substitution using {secrets.key} syntax in URL, headers, and body where 'key' corresponds to HAL_SECRET_KEY environment variables.
Make an HTTP DELETE request to a specified URL with optional headers. Supports secret substitution using {secrets.key} syntax in URL and headers where 'key' corresponds to HAL_SECRET_KEY environment variables.
Make an HTTP HEAD request to a specified URL with optional headers (returns only headers, no body). Supports secret substitution using {secrets.key} syntax in URL and headers where 'key' corresponds to HAL_SECRET_KEY environment variables.
Make an HTTP OPTIONS request to a specified URL to check available methods and headers. Supports secret substitution using {secrets.key} syntax in URL and headers where 'key' corresponds to HAL_SECRET_KEY environment variables.
Get a list of available secret keys that can be used with {secrets.key} syntax. Only shows the key names, never the actual secret values.
Overview
What is Hal (http Api Layer)?
Hal (http Api Layer) is a Model Context Protocol (MCP) server that gives Large Language Models the ability to make HTTP requests and interact with web APIs through a secure, controlled interface. It supports common HTTP methods, includes built-in secret management using environment variables, and can automatically generate tools from OpenAPI/Swagger specifications.
How to use Hal (http Api Layer)?
Install Hal globally via npm install -g hal-mcp or run it on demand with npx hal-mcp. Configure it in MCP-compatible clients (e.g., Claude Desktop) by adding an entry to the mcpServers configuration object. Optionally set environment variables like HAL_SWAGGER_FILE and HAL_SECRET_* to enable Swagger integration and secure token management.
Key features of Hal (http Api Layer)
- Supports GET, POST, PUT, PATCH, DELETE, OPTIONS, and HEAD requests.
- Automatically generates tools from OpenAPI/Swagger specifications.
- Secure secret management with
{secrets.key}template substitution. - Organizes secrets into namespaces with URL restrictions.
- Built-in tools like
list-secrets,http-get, andhttp-post. - Runs in an isolated environment for controlled access.
Use cases of Hal (http Api Layer)
- Let an LLM fetch data from external REST APIs during a conversation.
- Enable an LLM to submit data to web services (e.g., create records, send messages).
- Integrate with existing OpenAPI-defined APIs without writing custom code.
- Securely expose API keys and tokens to the AI without revealing their values.
FAQ from Hal (http Api Layer)
How do I install Hal (http Api Layer)?
The recommended method is npx hal-mcp. Alternatively, install globally with npm install -g hal-mcp and then run hal-mcp.
How does secret management work?
Define secrets as environment variables with the HAL_SECRET_ prefix (e.g., HAL_SECRET_API_KEY=abc). In HTTP requests, use {secrets.api_key} as a placeholder. The AI never sees the actual secret; it is substituted at request time.
Can Hal automatically generate tools from an OpenAPI spec?
Yes. Set the HAL_SWAGGER_FILE environment variable to the path of your OpenAPI/Swagger file (JSON or YAML). Optionally override the base URL with HAL_API_BASE_URL. Hal will then create tools for each endpoint.
How do I restrict a secret to only work with certain URLs?
Use namespaces and HAL_ALLOW_* environment variables. For example, HAL_SECRET_MICROSOFT_API_KEY=key and HAL_ALLOW_MICROSOFT="https://azure.microsoft.com/*" ensures that secret is only substituted in requests matching those patterns.
What HTTP methods does Hal support?
Hal provides tools for GET, POST, PUT, PATCH, DELETE, OPTIONS, and HEAD requests through built-in tools like http-get and http-post.
More Developer Tools MCP servers
Burp Suite MCP Server Extension
PortSwiggerMCP Server for Burp
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.
test
prysmaticlabsGo implementation of Ethereum proof of stake
OpenSumi
opensumiA framework helps you quickly build AI Native IDE products. MCP Client, supports Model Context Protocol (MCP) tools via MCP server.
Comments