Skip to main content
Connect an MCP client to SEC API when you want filing, company, and research tools available inside that client. Authenticate once, then confirm that the client can return a specific SEC filing before using it in a larger workflow.

Set the API key

Create an API key in the signed-in dashboard, then expose it only to the MCP client process:
export SECAPI_API_KEY="secapi_..."
SEC API serves MCP at https://api.secapi.ai/mcp. GET /mcp returns public connection metadata. MCP requests use JSON-RPC over an authenticated POST /mcp request with the key in x-api-key.

Add the server

For Claude Code, add the hosted server with the API key header:
claude mcp add --transport http secapi https://api.secapi.ai/mcp \
  --header "x-api-key: $SECAPI_API_KEY"
For another MCP client, use its HTTP-server configuration with the same URL and header. A typical configuration looks like this:
{
  "mcpServers": {
    "secapi": {
      "url": "https://api.secapi.ai/mcp",
      "headers": {
        "x-api-key": "${SECAPI_API_KEY}"
      }
    }
  }
}
Use the environment-variable syntax required by your client. Do not put an API key directly in a checked-in configuration file.

Verify a filing workflow

Restart or reload the client after adding the server. Then give it a bounded request that requires source fields in the answer:
A successful result identifies one filing and gives you fields to retain with any downstream analysis. Filing details change as new reports arrive, so do not compare the result to a fixed accession number.

Discover tools before calling them

The server exposes its current tool catalog through the MCP protocol. Ask the client to list tools, or use tools.search to find a capability and tools.describe to inspect its input schema before calling it. This avoids relying on an old local catalog or a copied prompt.

Troubleshoot a connection

If the client cannot list tools, confirm the URL, reload the configuration, and verify that SECAPI_API_KEY is present in the process environment. If a tool call fails, retain the HTTP status or JSON-RPC error, requestId, and any trace context before retrying. Read MCP workflows for task patterns and Troubleshooting for error-specific guidance.