MCP security profile
SEC Filing MCP Security Profile
A machine-readable and human-readable trust profile for the hosted SEC Filing MCP server. Public setup calls are separated from production data tools, and production tool calls require a buyer-controlled Data APIs key.
{
"name": "SEC Event Intelligence MCP Security Profile",
"product": "SEC Event Intelligence API",
"mcpUrl": "https://api.data-apis.com/mcp",
"version": "0.1.10",
"profileUrl": "https://api.data-apis.com/mcp/security",
"wellKnownUrl": "https://api.data-apis.com/.well-known/mcp-security.json",
"serverManifestUrl": "https://api.data-apis.com/server.json",
"officialRegistryName": "com.data-apis.api/sec-event-intelligence",
"officialRegistryUrl": "https://registry.modelcontextprotocol.io/v0/servers?search=com.data-apis.api%2Fsec-event-intelligence",
"transport": "streamable-http",
"authentication": {
"publicMethods": [
"initialize",
"tools/list",
"prompts/list",
"prompts/get"
],
"publicTools": [
"sec_demo_latest_filings",
"sec_subscription_info"
],
"productionToolCallsRequire": [
"x-api-key",
"Authorization: Bearer"
],
"oauthDynamicClientRegistration": false,
"credentialPlacement": "HTTP request headers only"
},
"securityControls": [
{
"name": "Public setup boundary",
"scope": "initialize, tools/list, prompts/list, prompts/get, sec_demo_latest_filings, and sec_subscription_info are available without credentials for setup checks.",
"credentialRequired": false
},
{
"name": "Production API-key boundary",
"scope": "Production SEC data-returning tools/call requests require a Data APIs key sent as x-api-key or Authorization: Bearer.",
"credentialRequired": true
},
{
"name": "Read-only public-data tools",
"scope": "Tools return public SEC EDGAR filing metadata only. The hosted server does not write filings, trade securities, move money, or modify buyer accounts.",
"credentialRequired": false
},
{
"name": "No OAuth dynamic registration",
"scope": "The hosted remote MCP server does not expose OAuth dynamic client registration. Production access uses scoped API keys.",
"credentialRequired": false
},
{
"name": "Evaluation before credentials",
"scope": "Use the evaluation workflow and curl runner to test public MCP discovery, prompt, demo, and subscription-info calls before sending production credentials.",
"credentialRequired": false
}
],
"toolBoundaries": {
"readOnly": true,
"publicDataSource": "SEC EDGAR",
"writesExternalSystems": false,
"tradesSecurities": false,
"movesMoney": false,
"modifiesBuyerAccounts": false,
"investmentAdvice": false
},
"publicEvaluation": {
"workflowUrl": "https://api.data-apis.com/downloads/sec-event-intelligence-mcp-evaluation-workflow.json",
"curlScriptUrl": "https://api.data-apis.com/downloads/sec-event-intelligence-mcp-evaluation-curl.sh",
"promptPayloadUrls": {
"promptsList": "https://api.data-apis.com/downloads/sec-event-intelligence-mcp-prompts-list.json",
"tryDemoPrompt": "https://api.data-apis.com/downloads/sec-event-intelligence-mcp-try-demo-prompt.json",
"watchlistPrompt": "https://api.data-apis.com/downloads/sec-event-intelligence-mcp-watchlist-prompt.json"
},
"recommendedOrder": [
"initialize",
"tools/list",
"prompts/list",
"prompts/get sec_mcp_try_demo",
"tools/call sec_demo_latest_filings",
"tools/call sec_subscription_info"
]
},
"buyerHandoff": {
"accessPageUrl": "https://api.data-apis.com/mcp/access",
"pricingUrl": "https://api.data-apis.com/pricing",
"rapidapiRestSubscribeUrl": "https://rapidapi.com/autoearnapi/api/sec-event-intelligence",
"hostedMcpAccessRequestUrl": "https://api.data-apis.com/subscribe",
"supportEmail": "api@data-apis.com"
},
"usageBoundary": "Data infrastructure only. The MCP server returns public SEC filing metadata and does not provide investment advice, ratings, recommendations, buy/sell signals, or personalized financial guidance."
}
Authentication boundary
MCP discovery methods and setup tools are public so clients can
verify connectivity before sending credentials. Production SEC
data tools require x-api-key or
Authorization: Bearer.
Public methodsinitialize,tools/list,prompts/list, andprompts/getPublic toolssec_demo_latest_filingsandsec_subscription_infoProduction authProductiontools/callrequests use buyer-controlled API keys in request headersNo OAuth DCRThe hosted server does not expose OAuth dynamic client registration
Tool scope
The MCP server exposes read-only data infrastructure for public SEC filing metadata. It does not trade securities, move money, write filings, modify buyer accounts, or provide investment advice.
Read-onlyAll SEC data tools return public filing metadata onlyData sourceSEC EDGAR public filing recordsNo financial actionsNo trades, buy/sell signals, ratings, or personalized financial guidancePre-credential checksUse the evaluation workflow and curl runner before adding production credentials