Skip to main content
Configure your MCP client to connect to Prowler MCP Server.

Step 1: Get Your API Key

Authentication is optional: Prowler Hub and Prowler Documentation features work without authentication. An API key is only required for Prowler Cloud and Prowler App (Self-Managed) features.
To use Prowler Cloud or Prowler App (Self-Managed) features. To get the API key, please refer to the API Keys guide.
Keep the API key secure. Never share it publicly or commit it to version control.

Step 2: Configure Your MCP Host/Client

Choose the configuration based on your deployment:
  • HTTP Mode: Prowler Cloud MCP Server or self-hosted Prowler MCP Server.
  • STDIO Mode: Local installation only (runs as subprocess of your MCP client).

HTTP Mode

  • Generic Native HTTP Support
  • Generic without Native HTTP Support
  • Claude Desktop
  • Claude Code
  • Cursor
Configuration:
{
  "mcpServers": {
    "prowler": {
      "url": "https://mcp.prowler.com/mcp", // or your self-hosted Prowler MCP Server URL
      "headers": {
        "Authorization": "Bearer <your-api-key-here>"
      }
    }
  }
}

STDIO Mode

STDIO mode is only available when running the MCP server locally.
  • Generic uvx installation
  • Generic Docker installation
Run from source or local installation
{
  "mcpServers": {
    "prowler": {
      "command": "uvx",
      "args": ["/absolute/path/to/prowler/mcp_server/"],
      "env": {
        "PROWLER_APP_API_KEY": "<your-api-key-here>",
        "PROWLER_API_BASE_URL": "https://api.prowler.com"
      }
    }
  }
}
Replace /absolute/path/to/prowler/mcp_server/ with the actual path. The PROWLER_API_BASE_URL is optional and defaults to Prowler Cloud API.

Step 3: Start Using Prowler MCP

Restart your MCP client and start asking questions:
  • “Show me all critical findings from my AWS accounts”
  • “What does the S3 bucket public access check do?”
  • “Onboard this new AWS account in my Prowler Organization”

Authentication Methods

Prowler MCP Server supports two authentication methods to connect to Prowler Cloud or Prowler App (Self-Managed): Use your Prowler API key directly in the Bearer token: 
Authorization: Bearer <your-api-key-here>
This is the recommended method for most users.

JWT Token

Alternatively, obtain a JWT token from Prowler: 
curl -X POST https://api.prowler.com/api/v1/tokens \
  -H "Content-Type: application/vnd.api+json" \
  -H "Accept: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "tokens",
      "attributes": {
        "email": "your-email@example.com",
        "password": "your-password"
      }
    }
  }'
Use the returned JWT token in place of the API key: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
JWT tokens are only valid for 30 minutes. You need to generate a new token if you want to continue using the MCP server.

Troubleshooting

Server Not Detected

  • Restart your MCP client after configuration changes
  • Check the configuration file syntax (valid JSON)
  • Review client logs for specific error messages
  • Verify the server URL is correct

Authentication Failures

Error: Unauthorized (401)
  • Verify your API key is correct
  • Ensure the key hasn’t expired
  • Check you’re using the right API endpoint

Connection Issues

Cannot Reach Server:
  • Verify the server URL is correct
  • Check network connectivity
  • For local servers, ensure the server is running
  • Check firewall settings

Security Best Practices

  1. Protect Your API Key
    • Never commit API keys to version control.
    • Use environment variables or secure vaults.
    • Rotate keys regularly.
  2. Network Security
    • Use HTTPS for production deployments.
    • Restrict network access to the MCP server.
    • Consider VPN for remote access.
  3. Least Privilege
    • API key gives the permission of the user who created the key, make sure to use the key with the minimal required permissions.
    • Review the tools that are gonna be used and how they are gonna be used to avoid prompt injections or unintended behavior.

Next Steps

Now that your MCP server is configured:

Tools Reference

Explore all available tools

Getting Help

Need assistance with configuration?