Where is the Bippsi API documented?

The full machine-readable spec is at /openapi.json (OpenAPI 3.1). This page renders that spec interactively with Redoc. Bearer API keys (bas_*, bak_*) authorize most endpoints.

How do AI agents connect to Bippsi directly?

Agents use the Model Context Protocol (MCP) at /api/v1/mcp. MCP is JSON-RPC 2.0 over HTTPS. Call initialize, then tools/list, then tools/call with scan_site, list_pages, get_certification_status, or get_api_endpoints. The manifest is at /.well-known/mcp.json.

Do I need an API key?

Most REST endpoints require a Bearer API key (bas_ for server use, bak_ for AI access). MCP tool calls work anonymously with lower rate limits; adding Authorization: Bearer lifts the anonymous scan_site throttle.

For agents and developers

API Reference and MCP

Everything Bippsi exposes to machines, on one page. REST endpoints for integrations, Model Context Protocol for AI agents, and a signed OpenAPI spec so you never have to guess.

Model Context Protocol

MCP endpoint

JSON-RPC 2.0 for AI agents

Machine-readable spec

Policy

AGENTS.md

Agent access policy

Model Context Protocol (MCP)

MCP is the standard way for AI agents to talk to a service without scraping HTML. Bippsi's MCP server exposes four tools: run a compliance scan, discover a site's pages, check certification status, and enumerate our own API endpoints. Connect over HTTPS + JSON-RPC 2.0.

Endpoint

POST https://bippsi.com/api/v1/mcp

Short alias

POST https://bippsi.com/mcp

Manifest

GET /.well-known/mcp.json

Quick facts

Protocol: 2024-11-05
Transport: HTTP + JSON-RPC 2.0
Auth: Optional Bearer API key
Rate limit: 60 calls/hr per IP
scan_site limit: 3/hr anonymous, unlimited with key

Available tools

scan_site rate-limited

Run the 2-phase A.I. Certified compliance scan on a URL. Returns an overall score (0–100), per-category breakdown across 15 scoring categories, detected platform, and the top failing checks. Samples 25 pages (homepage + 24 random).

list_pages cheap

Discover a site's page list via sitemap.xml, WordPress REST API, or a 1-hop homepage crawl. Returns count + URLs. Use this before scan_site or when you just need a page inventory.

get_certification_status cheap

Look up a site's current A.I. Certified status and last known score from Bippsi's public directory. No scan is performed.

get_api_endpoints cheap

Return the machine-readable summary of Bippsi's own public API endpoints. Useful when deciding between REST and MCP.

Example: initialize, list tools, run a scan

Standard MCP handshake. Agents following the spec will handle this flow automatically; raw curl is shown for clarity.

# 1. Handshake
curl -sX POST https://bippsi.com/api/v1/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"my-agent","version":"1.0"}}}'

# 2. Discover tools
curl -sX POST https://bippsi.com/api/v1/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list"}'

# 3. Scan a site
curl -sX POST https://bippsi.com/api/v1/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"scan_site","arguments":{"url":"https://example.com"}}}'

Using Claude Desktop or another MCP-aware client? Point it at https://bippsi.com/api/v1/mcp — no key needed for anonymous rate limits. For higher throughput, include your Bippsi API key as Authorization: Bearer <key>.

REST API

Full OpenAPI 3.1 reference below, rendered from /openapi.json. Most endpoints authenticate with a Bearer API key; see AGENTS.md for the full access policy.

Redoc requires JavaScript. The raw spec is available at /openapi.json.

API Reference and MCP

Model Context Protocol (MCP)

Available tools

Example: initialize, list tools, run a scan

REST API

What is Bippsi?

How does Agent Initiative certify a website?

Where can AI agents find Bippsi's access policy?