Appearance
Creating Servers
A server in Airlock represents an API or service you want to expose to AI agents through the MCP protocol.
Server Types
Airlock supports several server types:
| Type | Description | How to Create |
|---|---|---|
| Pre-built Integration | Proxy to an upstream MCP server (GitHub, Linear, Notion, etc.) | Select from the integrations list |
| Custom OpenAPI | Any REST API with an OpenAPI spec | Paste your OpenAPI spec |
| Knowledge Graph | Memgraph-backed graph database for entities and relationships | Select "Knowledge Graph" type |
| Database | Per-organization PostgreSQL database | Select "Database" type |
Creating a Server
From the Control Room
- Navigate to Servers in the sidebar
- Click Create Server
- Choose a server type
Pre-built Integrations
Select from 18+ pre-configured integrations. These come with tools already defined — no OpenAPI spec needed. See Pre-built Integrations for the full list.
Custom OpenAPI Server
For custom REST APIs:
- Enter a Name for your server
- Paste your OpenAPI Specification (YAML or JSON)
- Enter your Target URL (the base URL where Airlock sends requests)
- Click Create
OpenAPI Specification
Airlock uses OpenAPI specifications to understand your API's structure:
yaml
openapi: 3.0.0
info:
title: My API
version: 1.0.0
servers:
- url: https://api.example.com
paths:
/users:
get:
operationId: list_users
summary: List all users
responses:
'200':
description: List of users
post:
operationId: create_user
summary: Create a new user
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
email:
type: stringOperation IDs
Each operation in your OpenAPI spec must have an operationId. This becomes the tool name in MCP:
operationId: list_usersbecomes a tool calledlist_usersoperationId: create_userbecomes a tool calledcreate_user
Server Configuration
Target URL
The target URL is where Airlock sends requests. This can differ from the URL in your OpenAPI spec:
- OpenAPI
servers[0].url: Documentation/design time URL - Airlock Target URL: Runtime URL for actual requests
This allows you to:
- Use different environments (staging, production)
- Route through internal networks
- Add path prefixes
Authentication
Each user connecting to a server provides their own API credentials:
- OAuth: For services that support OAuth flows (GitHub, Google Calendar, etc.)
- API Key / Bearer Token: For services that use static credentials
See Authentication for details.
Syncing Tools
After updating an OpenAPI spec or when upstream MCP server tools change, use the Sync Tools button on the server detail page to refresh the available tools list.
Managing Servers
Editing
Click on a server to view and edit its configuration:
- Update the OpenAPI specification
- Change the target URL
- Modify policies
- Manage user credentials
Deleting
- Click on the server to open the detail page
- Scroll to the bottom of the page (admin access required)
- Click the Delete Server button
WARNING
Deleting a server removes all associated policies, access tokens, and pending requests.
Best Practices
Operation Naming
Use consistent, descriptive operation IDs:
yaml
# Good
operationId: list_orders
operationId: get_order_by_id
operationId: create_order
# Avoid
operationId: op1
operationId: getOrder # Inconsistent casingSecurity
- Never include credentials in the OpenAPI specification
- Use HTTPS for all target URLs
- Regularly rotate API credentials