# DarkStrata > DarkStrata is a stolen-credential monitoring and dark-web surveillance platform. It detects compromised credentials in infostealer logs, notifies affected employees privately, and helps organisations remediate. AI agents can drive the full platform over the Model Context Protocol (MCP) or the REST API. ## MCP Server DarkStrata exposes its capabilities to AI agents through a hosted MCP server over Streamable HTTP. Connect any MCP-compatible client (Claude Desktop, Claude Code, Cursor) to it. - Endpoint: `https://mcp.darkstrata.io/mcp` (Streamable HTTP transport) - Auth: `Authorization: Bearer ` - Capabilities: 40+ tools, live resources, and guided investigation prompts across alerts, assets, credential check, data intelligence, groups, incident response, Lens, organisations, STIX/TAXII, and usage. Client config (Claude Code / Claude Desktop / Cursor): ```json { "mcpServers": { "darkstrata": { "url": "https://mcp.darkstrata.io/mcp", "headers": { "Authorization": "Bearer " } } } } ``` ## Endpoints - REST API base: `https://api.darkstrata.io` — full OpenAPI-documented REST surface. - MCP server: `https://mcp.darkstrata.io/mcp` — same capabilities for AI agents. - `POST /v1/credential-check` — check a credential against breach data using k-anonymity (no plaintext leaves the client). - `GET /v1/alerts` — list security alerts with severity/status filtering. - `GET /v1/data-intelligence` — query credential exposure data across monitored domains. See the full, authoritative endpoint reference at https://docs.darkstrata.io. ## Authentication All API and MCP requests authenticate with a Bearer API key. Generate one from your account at https://app.darkstrata.io/integrations/api-keys and send it as `Authorization: Bearer `. ## Docs - [API Reference](https://docs.darkstrata.io) — every REST endpoint with parameters and schemas. - [SDKs](https://github.com/darkstrata/darkstrata-sdks) — official client libraries. - [MCP Server](https://darkstrata.io/en/mcp/) — connect AI agents to DarkStrata. - [Credential Check APIs](https://darkstrata.io/en/credential-check-apis/) — k-anonymity breach lookups. - [SIEM Integrations](https://darkstrata.io/en/siem-integrations/) — STIX/TAXII, CEF, and LEEF feeds. - [Stolen Data Monitoring](https://darkstrata.io/en/stolen-data-monitoring/) — what DarkStrata monitors and why. ## Guides - [What Are Infostealers?](https://darkstrata.io/en/what-are-infostealers/) — how infostealer malware harvests credentials and how to defend against it. - [Data Breach Response](https://darkstrata.io/en/guides/data-breach-response/) — UK incident-response guide, from first-hour actions to the ICO's 72-hour reporting rule. - [Red Team Intelligence](https://darkstrata.io/en/red-team-intelligence/) — using exposed-credential data in offensive security engagements. - [Blog](https://darkstrata.io/en/blog/) — threat intelligence and credential-security analysis. - [RSS feed](https://darkstrata.io/rss.xml) — subscribe to new posts. ## Examples Query the MCP server for a security posture overview (any MCP client): > use the darkstrata security-posture-overview tool Check a credential exposure over REST: curl https://api.darkstrata.io/v1/data-intelligence \ -H "Authorization: Bearer $DARKSTRATA_API_KEY" \ -G --data-urlencode "hostname=acme-corp.io" List active critical alerts: curl "https://api.darkstrata.io/v1/alerts?severity=CRITICAL&status=ACTIVE" \ -H "Authorization: Bearer $DARKSTRATA_API_KEY"