Appearance
Introduction
Airlock is a secure gateway that connects AI agents to your APIs. It provides:
- MCP Protocol Support: Native integration with Claude Desktop, Augment, and other MCP clients
- Approval Workflows: Human-in-the-loop controls for sensitive operations
- Per-User Authentication: Each user connects with their own credentials
- Policy Engine: Fine-grained access control for each API operation
How It Works
AI Agent ──── MCP Protocol ────→ Airlock ────→ Your API
│
├── Policy Evaluation
├── Approval Workflow (if required)
└── Audit Logging- Create a Server: Upload an OpenAPI specification and configure the target API URL
- Set Policies: Define which operations are allowed, denied, or require approval
- Connect Users: Each user gets a unique MCP connection URL with their credentials
- AI Calls API: The AI agent calls tools, Airlock evaluates policies and routes accordingly
Key Concepts
Servers
A server in Airlock represents an API you want to expose to AI agents. It includes:
- An OpenAPI specification defining available operations
- The target API URL
- Policies controlling access
- User-specific connection credentials
Policies
Policies determine what happens when an AI agent tries to call an API operation:
- ALLOW: The operation executes immediately
- DENY: The operation is blocked
- REQUIRE_APPROVAL: The operation waits for human approval
Approval Workflows
When a policy requires approval:
- Airlock creates a pending request
- Designated approvers are notified via email
- Approvers can approve or reject from the web UI
- The AI agent receives the result and can proceed or handle the rejection
API Endpoints
Airlock exposes two APIs for AI agent communication:
| Endpoint | URL | Purpose |
|---|---|---|
| MCP HTTP | mcp.air-lock.ai | Primary MCP endpoint for AI clients |
| WebSocket | ws.air-lock.ai | Real-time bidirectional MCP communication |
Next Steps
- Quickstart - Get up and running in 5 minutes