FAQ

FAQ & Troubleshooting

This page provides answers to frequently asked questions and basic troubleshooting tips for using the SigilAI Cloud MCP Server.

Frequently Asked Questions (FAQ)

Q1: How do I get an API key to use the SigilAI MCP Server? A1: You can obtain a free API key by sending a message to https://t.me/SigilAIBot

Q2: What is the main endpoint for the SigilAI MCP Server? A2: The primary endpoint for MCP communication is https://mcp.sigilai.io/sse. However, always refer to the endpoint URL provided in your SigilAI account dashboard as this may vary or be specific to your account/region.

Q3: What tools are available through the MCP server? A3: The primary tools are scan_url for URL security analysis and scan_file (or a similar name like "SigilAI Code Scanner") for source code vulnerability scanning. Diagnostic tools may also be available. Refer to the API Reference for details.

Q4: Are there different features or limits for different subscription tiers? A4: Yes. Free/Open Beta tiers typically offer basic functionality (e.g., single URL/file scans) with lower rate limits. Pro and Enterprise tiers provide advanced features like batch scanning, repository scanning, higher rate limits, and more comprehensive analysis.

Q5: How is authentication handled? A5: Authentication is typically done using Bearer Token Authentication. You need to include your API key in the Authorization header of your requests. Example: Authorization: Bearer YOUR_API_KEY. See the API Reference for specifics.

Q6: What programming languages are supported by the File Scanner? A6: The File Scanner primarily focuses on JavaScript and TypeScript. Support for other languages is part of our ongoing development roadmap.

Q7: Can I scan an entire code repository? A7: Scanning entire code repositories is an advanced feature typically available under Enterprise subscription plans. The Free/Open Beta and Pro tiers usually support single file or batch file scanning.

Basic Troubleshooting

Problem: Connection refused or timeout when trying to connect to the MCP endpoint.

  • Check Endpoint URL: Ensure you are using the correct MCP Server Endpoint URL provided in your SigilAI dashboard.

  • Network Connectivity: Verify that your client machine or server has outbound internet access and can reach https://mcp.sigilai.io (or your specific endpoint) on port 443 (HTTPS). Check firewalls or proxy settings.

  • Service Status: Check the SigilAI status page (if available, e.g., status.sigilai.io) for any ongoing service disruptions.

Problem: Receiving HTTP 401 Unauthorized or 403 Forbidden errors.

  • API Key: Double-check that your API key is correct and has not expired.

  • Authentication Header: Ensure the API key is correctly formatted in the Authorization header (e.g., Bearer YOUR_API_KEY).

  • Permissions: Your API key might not have the necessary permissions for the requested tool or feature, possibly due to your subscription tier. Check your plan details.

Problem: Receiving HTTP 429 Too Many Requests errors.

  • Rate Limits: You have exceeded the API request rate limits for your subscription tier.

  • Solution: Implement retry logic in your client with exponential backoff. Consider upgrading your plan if you consistently hit rate limits. Refer to your dashboard for specific rate limit information.

Problem: Tool calls result in an MCP error message.

  • Invalid Parameters: The message field in the error response often indicates which parameters are incorrect or missing. Carefully review the tool's parameter requirements in the API Reference.

  • File Size/Content Issues: For scan_file, ensure the file content is properly encoded (usually UTF-8) and within any size limits for your tier.

  • Server-Side Issue: If the error message is generic (e.g., "Internal Server Error" or "Tool execution failed"), and you've verified your request is correct, there might be a temporary issue on the server. Try again after a short period. If the problem persists, contact SigilAI support.

Problem: Scan results seem incomplete or not as expected.

  • Analysis Depth/Profile: Some tools might offer different analysis depths or profiles (e.g., "quick_scan" vs "deep_analysis"). Ensure you are using the appropriate settings for your needs (may be tier-dependent).

  • Tier Limitations: Free or lower-tier plans might use a more limited set of detection rules or threat intelligence feeds compared to Pro/Enterprise tiers.

  • File Type Support: For scan_file, confirm that the language or file type you are scanning is fully supported.

Key Best Practices for Integration

  1. Secure API Key Management: Store your SigilAI API key securely. Do not embed it in client-side code or commit it to version control. Use environment variables or a secrets management system.

  2. Idempotency: If making critical calls, design your client to handle retries safely, especially if network issues cause uncertainty about whether a previous call succeeded. (Note: SigilAI tools are generally read-only/analysis tools, making idempotency less critical than for state-changing APIs, but good practice nonetheless).

  3. Client-Side Validation: Perform basic validation of inputs (e.g., URL format, file existence) on your client side before calling SigilAI tools to save API calls and get faster feedback.

  4. Asynchronous Handling: Be prepared for scan operations (especially file or repository scans) to take some time. Design your application to handle these asynchronous operations without blocking user interaction.

  5. Monitor Usage: Keep an eye on your API usage through the SigilAI dashboard to stay within your plan's limits and to understand your consumption patterns.

Contacting Support

If you encounter issues not covered here or require further assistance:

  • Check the main SigilAI help center or knowledge base at sigilai.io/support.

  • Contact SigilAI support through the channels provided in your account dashboard or service agreement. Provide as much detail as possible, including request IDs, timestamps, and error messages.

This concludes the SigilAI MCP Documentation.

PreviousAPI ReferenceNextInstallation

Last updated