Skip to content

MCP Server

NSIN hosts a remote Model Context Protocol (MCP) server, so AI assistants can manage your domains, DNS records and cache in natural language — “add an A record for staging pointing at 203.0.113.7”, “purge the cache for example.com”, “how much traffic did my site get this week?”.

  • Endpoint: https://api.nsin.ir/mcp (Streamable HTTP)
  • Auth: your API key as Authorization: Bearer nsin_…
  • Nothing to install — it’s hosted by NSIN.
Terminal window
claude mcp add --transport http nsin https://api.nsin.ir/mcp \
--header "Authorization: Bearer nsin_your_key_here"

Add a custom connector in Settings → Connectors with the URL https://api.nsin.ir/mcp, and supply the Authorization: Bearer nsin_… header when prompted.

Add to .cursor/mcp.json (or the global ~/.cursor/mcp.json):

{
"mcpServers": {
"nsin": {
"url": "https://api.nsin.ir/mcp",
"headers": { "Authorization": "Bearer nsin_your_key_here" }
}
}
}
ToolRead-only keysDescription
list_domainsAll domains you can access, with status and your role
get_domainOne domain’s full details and settings
list_dns_recordsDNS records with ids, proxy status, TTLs
get_analytics_summaryTraffic, bandwidth, visitors, cache ratio for a period
run_analytics_queryRun a custom read-only SQL query over your request logs
get_ssl_statusCertificate validity, expiry, issuer, SANs
list_cache_rulesEdge cache rules
create_dns_recordCreate a DNS record
update_dns_recordChange a record’s fields
delete_dns_recordRemove a record
purge_cachePurge a domain’s entire edge cache

run_analytics_query lets an assistant answer analytics questions we don’t ship a dedicated tool for — “top 20 URIs by 5xx count over the last 7 days”, “hourly bandwidth for one subdomain”, “which ASNs sent the most bypass traffic”. You (or your AI) pass a ClickHouse SELECT over the requests table (your request log) and get back columns and rows as JSON (capped at 10,000 rows).

It is strictly sandboxed:

  • Read-only. Only a single SELECT (or WITH … SELECT) is accepted. Writes, DDL, settings changes, INTO OUTFILE/FORMAT, and table functions (url, file, remote, s3, …) are rejected.
  • Your data only. Every query is scoped by the engine to the domains your API key can access — there is no way to read another tenant’s rows, even inside a subquery.
  • Bounded. Execution time and rows read/returned are capped so a heavy query can’t run away.

Useful columns on requests: event_time, domain_id, hostname, method, uri, status, bytesIn, bytesOut, duration (ms), remoteAddr, country, asn, asnOrg, userAgent, cacheStatus (hit/miss/bypass), reqStatus (cache/proxied/direct), isWS, protocol, referer, originStatus, originAddr, error. Bucket time with toStartOfHour(event_time) or toStartOfDay(event_time).

  • The MCP server acts with exactly your account’s permissions. Domain sharing roles apply: with Viewer access to a shared domain, write tools fail on that domain even with a full-access key.
  • Every MCP action goes through the same validation, audit logging and usage metering as the REST API, and counts toward the key’s rate limit (300 requests/minute).
  • Revoking the key in the panel disconnects the assistant immediately.