MCP integration
AllyProof runs a hosted Model Context Protocol (MCP) server, so AI agents like Cursor, Claude Code, and Claude Desktop can scan pages and work with your accessibility data without leaving the editor. The endpoint is https://allyproof.com/api/mcp (Streamable HTTP transport).
What your agent can do
The tool surface expands once you add an API key. Without a key, the public scan_url tool is available to anyone; with a key, your agent also gets tools scoped to your own organization.
| Tool | Needs key? | What it does |
|---|---|---|
scan_url | No | Scan any single URL for WCAG 2.2 AA violations. Returns a score, severity breakdown, and up to 20 violations with WCAG criteria and fix guidance. |
list_sites | Yes | List the sites registered in your organization. |
scan_site | Yes | Start a full multi-page scan (a crawl) of one of your registered sites, by site_id or url. |
list_violations | Yes | List your open violations with their WCAG criteria, affected pages, and AI-generated fix suggestions. Filter by site_id and impact. |
Get an API key
Create a key at Settings → API Keys. It's shown once at creation — copy it before closing the dialog. The account-scoped tools require a plan with API access; the public scan_url tool works with no key.
Connect your agent
Claude Code (CLI)
claude mcp add --transport http allyproof https://allyproof.com/api/mcp \
--header "x-api-key: ap_live_..."Omit the --header flag for scan-only (public) access.
Cursor / Claude Desktop (config file)
Add AllyProof to the mcpServersblock of your client's MCP config:
{
"mcpServers": {
"allyproof": {
"type": "http",
"url": "https://allyproof.com/api/mcp",
"headers": { "x-api-key": "ap_live_..." }
}
}
}You can also generate these snippets pre-filled with your key from Settings → Integrations.
Try it
Once connected, ask your agent things like:
- “Scan https://example.com/pricing for accessibility issues.”
- “List my sites, then start a scan of the marketing site.”
- “What are my open critical violations and how do I fix them?”
Limits & scope
scan_urlis a single-page scan, rate-limited per IP and cached for 24h. For a full-site crawl, usescan_site(with a key) or the REST API.- Account-scoped tools read and write only your organization's data, scoped by the API key — exactly like the v1 REST API and CLI.
- Automated scanning covers ~57-70% of WCAG criteria; full conformance also needs manual review. No tool can guarantee legal compliance.
Next steps
- Prefer scripting? See the CLI and REST API.
- Gate your builds with the CI/CD guide.