io.github.gatefareio/mcp-server
Marketplace of paid HTTP APIs. USDC micropayments via x402 on Base. Non-custodial.
Ask AI about io.github.gatefareio/mcp-server
Powered by Claude Β· Grounded in docs
I know everything about io.github.gatefareio/mcp-server. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
@gatefare/mcp
Give your AI agent a wallet and a marketplace.
@gatefare/mcpis a Model Context Protocol server that connects Claude Desktop, Cursor, or any MCP-compatible agent to the Gatefare catalog of paid HTTP APIs. Payments settle as USDC on Base via the open x402 standard β no SaaS keys, no subscriptions, no escrow. Non-custodial: signing happens locally; the private key never leaves your machine.
βββββββββββββββ ββββββββββββββββ βββββββββββββββββββ
β Claude / β MCP stdio β @gatefare/mcpβ HTTP + x402 β gatefare.io β
β Cursor / β ββββββββββββββΊ β (this repo)β ββββββββββββββΊ β proxy + β
β your agent β β β β catalog β
βββββββββββββββ ββββββββ¬ββββββββ βββββββββββββββββββ
β
β EIP-3009 sign
βΌ
βββββββββββββββ
β Base USDC β
βββββββββββββββ
Quick start
1. Drop into your client
Claude Desktop β ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"gatefare": {
"command": "npx",
"args": ["-y", "@gatefare/mcp"]
}
}
}
Cursor β ~/.cursor/mcp.json or project-level .cursor/mcp.json:
{
"mcpServers": {
"gatefare": {
"command": "npx",
"args": ["-y", "@gatefare/mcp"]
}
}
}
Restart the client. The agent now has 5 read-only tools β discovery + safety. Try:
"Search Gatefare for weather APIs."
2. Add a wallet to make paid calls
Add env to the same config:
{
"mcpServers": {
"gatefare": {
"command": "npx",
"args": ["-y", "@gatefare/mcp"],
"env": {
"WALLET_PRIVATE_KEY": "0xYOUR_KEY",
"WALLET_BUDGET_USD": "5.00"
}
}
}
}
Buyer tools (call_api, get_wallet_balance, estimate_cost) become available. The
WALLET_BUDGET_USD cap is a runtime safety net β for a hard cap, fund the wallet with
only what you're willing to spend.
"What's London's weather right now? Spend up to $0.001."
3. (Optional) Publish your own APIs
Get a PAT at gatefare.io/dashboard/tokens and add:
"env": {
"GATEFARE_PAT": "gfpat_..."
}
Publisher tools (register_api, list_my_apis, update_api, get_revenue,
distribute) appear.
"Publish my API at https://api.example.com/sentiment for $0.001 per call."
Tools
13 tools across 4 domains. Tools auto-register based on which env vars are set β the agent never sees a tool it can't use.
Discovery β always available
| Tool | Description |
|---|---|
gatefare.search_apis | Full-text search the catalog with filters (price, category, sort) |
gatefare.get_api | Full details for one API by slug or handle/urlName |
gatefare.list_categories | All categories with API counts |
gatefare.suggest | Autocomplete suggestions for a query string |
Buyer β needs WALLET_PRIVATE_KEY
| Tool | Description |
|---|---|
gatefare.call_api | Make a paid call. Handles 402 β sign β retry automatically |
gatefare.get_wallet_balance | USDC + ETH on Base, plus remaining runtime budget |
gatefare.estimate_cost | Project total cost for N planned calls |
Publisher β needs GATEFARE_PAT
| Tool | Description |
|---|---|
gatefare.register_api | Publish a new paid API |
gatefare.list_my_apis | Your published APIs with stats |
gatefare.update_api | Edit metadata, price, target URL |
gatefare.get_revenue | Revenue time series + totals |
gatefare.distribute | Trigger on-chain distribute() payout (destructive) |
Safety β always available
| Tool | Description |
|---|---|
gatefare.report_abuse | Report a malicious / stolen API (DMCA, fraud, malwareβ¦) |
Configuration
| Var | Default | Required for |
|---|---|---|
GATEFARE_BASE_URL | https://gatefare.io | β (override for self-hosted) |
WALLET_PRIVATE_KEY | β | Any buyer tool |
WALLET_BUDGET_USD | unlimited | Optional spend cap |
WALLET_NETWORK | eip155:8453 | eip155:84532 for Sepolia testnet |
GATEFARE_PAT | β | Any publisher tool |
LOG_LEVEL | info | debug for verbose stderr |
Examples
Discover & buy in one breath (Claude Desktop)
You: Find me a sub-$0.001 weather API and call it for "Tokyo".
Claude: Calling
gatefare.search_apiswithmax_price: 0.001β¦
Founddemo-weatherby @alice at $0.001/call.
Callinggatefare.call_apiwithslug: "demo-weather",query: {city: "Tokyo"}β¦
Tokyo is 22Β°C, partly cloudy. Paid 0.001 USDC. Receipt:settled-tx-0x9aβ¦
Programmatic β Python agent
from mcp import ClientSession, StdioServerParameters
from mcp.client.stdio import stdio_client
server = StdioServerParameters(
command="npx",
args=["-y", "@gatefare/mcp"],
env={"WALLET_PRIVATE_KEY": "0x...", "WALLET_BUDGET_USD": "1.00"},
)
async with stdio_client(server) as (r, w):
async with ClientSession(r, w) as s:
await s.initialize()
result = await s.call_tool(
"gatefare.call_api",
arguments={"slug": "demo-weather", "query": {"city": "Tokyo"}},
)
print(result.content[0].text)
See examples/ for runnable variants: Claude Desktop, Cursor, Python,
TypeScript, and a pure-discovery walkthrough.
Not building an AI agent? Picking the right tool
If you want to pay for x402 APIs from a backend (no agent), use Coinbase's
official x402 SDKs β x402-python (PyPI), coinbase/x402/go, β¦/java, or
@x402/fetch. They handle the
payment flow; you don't need this MCP server.
If you want to browse the Gatefare catalog from any language, hit the
REST API directly: gatefare.io/api/catalog
(OpenAPI 3.1 spec).
Full breakdown of which tool fits which use case in
docs/integrations.md.
Direct CLI (for debugging)
# Run the server in foreground; talks JSON-RPC over stdio.
npx -y @gatefare/mcp
# In another terminal, send a frame:
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | \
npx -y @gatefare/mcp
Errors
Tool results include isError: true and a structured body
{ error: <code>, message: <human>, details?: <any> }. Codes are stable β
agents can switch on them for retry / surfacing logic.
| Code | Meaning |
|---|---|
INVALID_INPUT | Input failed zod validation |
WALLET_NOT_CONFIGURED | Set WALLET_PRIVATE_KEY for buyer tools |
PAT_NOT_CONFIGURED | Set GATEFARE_PAT for publisher tools |
BUDGET_EXHAUSTED | Runtime budget cap hit |
INSUFFICIENT_BALANCE | Wallet doesn't have enough USDC |
PRICE_TOO_HIGH | Server's price exceeds your max_price |
API_NOT_FOUND | Slug doesn't exist or is suspended |
UPSTREAM_ERROR | Paid API returned non-2xx, or its 402 was malformed |
RATE_LIMITED | Gatefare rate-limited the request |
NETWORK_ERROR | Could not reach Gatefare |
GATEFARE_API_ERROR | Gatefare returned a 4xx / 5xx |
How it works (the 30-second version)
- The agent calls
gatefare.call_api { slug: "demo-weather", β¦ }. - We
GET https://gatefare.io/p/demo-weather(no payment yet). - The Gatefare proxy returns 402 Payment Required with
accepts: [{network, payTo, maxAmountRequired, β¦}]. - We sign an EIP-3009
transferWithAuthorizationfor that exact amount and recipient on the configured network. - We retry the request with the signed
X-Paymentheader (base64-encoded JSON, x402 v2). - Gatefare verifies the signature, settles the USDC transfer, and proxies the call to the upstream API.
- We hand the upstream response (and a payment receipt) back to the agent.
The signature is single-use, time-bounded, and never leaves your machine for any
purpose other than this exact transfer to this exact payTo. The private key
is never logged.
Security
- Non-custodial. Private keys live in your env, signing happens locally, no Gatefare service ever sees them.
- Network confusion-resistant. A malicious gateway returning Sepolia-only requirements to a mainnet user is rejected β we never sign for a chain the user didn't configure.
- Cryptographically random nonces. No
Date.now()-based collisions. - Validity window clamped to 1 hour even if the server requests more.
- Strict input validation. Slugs are
^[a-z0-9_-]+$and URL-encoded; no path traversal.targetUrlblocksfile://,localhost, cloud metadata IPs,.local, and.internalhosts at registration time. - Secret hygiene. Tests assert that the private key and PAT never appear in stderr / stdout, ever.
Development
git clone https://github.com/gatefareio/mcp-server.git
cd mcp-server
npm install
npm run typecheck
npm test # 138 unit tests
npm run test:e2e # 10 e2e tests against live gatefare.io (set GATEFARE_E2E=1)
npm run build
To use a local checkout in your client config:
npm link
# in claude_desktop_config.json:
# "command": "gatefare-mcp"
Architecture
src/
βββ index.ts # entry β wires stdio transport
βββ server.ts # McpServer instance + tool registration
βββ config.ts # env parsing, capability detection
βββ client.ts # REST client (wraps fetch)
βββ x402.ts # 402 parsing + EIP-3009 signing
βββ types.ts # shared types + GatefareError
βββ tools/
βββ discovery.ts # search_apis, get_api, list_categories, suggest
βββ buyer.ts # call_api, get_wallet_balance, estimate_cost
βββ publisher.ts # register_api, list_my_apis, update_api, get_revenue, distribute
βββ safety.ts # report_abuse
Test layout
tests/
βββ config.test.ts # env parsing edges
βββ client.test.ts # HTTP client error mapping
βββ x402.test.ts # signing + parsing primitives
βββ x402-flow.test.ts # full 402 β sign β retry handshake (mocked fetch)
βββ server.test.ts # capability-driven tool registration
βββ init.test.ts # subprocess: bootstrap, env crashes, secret leakage
βββ stdio-protocol.test.ts # stdout pollution + recovery from tool errors
βββ stability.test.ts # 100 concurrent calls, memory baseline, ReDoS
βββ tools/
β βββ discovery.test.ts
β βββ buyer.test.ts
β βββ buyer-flow.test.ts
β βββ publisher.test.ts
β βββ safety.test.ts
βββ integration/
βββ e2e.test.ts # real gatefare.io, gated by GATEFARE_E2E=1
Contributing
Issues and PRs welcome. See CONTRIBUTING.md for the workflow, style guide, and how to add a new tool.
License
MIT Β© Gatefare
Links
- π Marketplace: gatefare.io
- π API docs: gatefare.io/docs
- π€ LLM context (single file): gatefare.io/llms-full.txt
- π OpenAPI spec: gatefare.io/openapi.json
- π¦ Twitter: @Gatefareio
- π Model Context Protocol: modelcontextprotocol.io
- πΈ x402 standard: x402.org