Tines MCP Server
Turn Tines storyboard workflows into AI-callable tools with built-in credential management, access control, and audit trails.
Tines is a no-code automation platform widely used by security and IT operations teams. The Tines MCP server is built directly into the platform: you drag an "MCP Server" action template onto a storyboard, attach existing Tines tools (templates, send-to-story actions, or custom action groups), and Tines exposes them as a remote MCP server reachable by any AI client that speaks the Streamable HTTP protocol.
Because the server runs inside Tines, it inherits the platform's governance model. Credentials attached to the underlying actions are never exposed to the MCP client, every invocation is recorded in the Tines event log for audit, and access can be locked down with webhook secrets, Tines API keys, or restricted to specific teams or the whole tenant. The MCP server template is available on every Tines plan including the free Community Edition, does not consume AI credits, and supports unlimited tools per server.
This makes Tines a useful way to give LLMs like Claude, ChatGPT, Cursor, GitHub Copilot, and Windsurf controlled access to enterprise APIs (VirusTotal, Elastic, AWS, Okta, ServiceNow, etc.) without writing or hosting a custom MCP server, while keeping security teams in control of what the model can actually do.
Tools
| Tool | Description |
|---|---|
Template tools |
Expose any Tines public or private action template (pre-built integrations for products like VirusTotal, Elastic, AWS, Okta, etc.) as an MCP tool. Tool name, description, and arguments are derived from the template. |
Send-to-story tools |
Route an MCP call into an existing Tines story and return its output. Lets you wrap any multi-step workflow as a single tool. |
Custom tools |
User-defined tools built from a group of Tines actions. All actions in the group execute in parallel and return a single unified output to the MCP client. |
Tines hosts the MCP server for you. There is nothing to install on your machine, you just point your MCP client at a Tines tenant URL.
Prerequisites
- A Tines tenant (any plan, including free Community Edition)
- The workflows or API integrations you want to expose as tools, already built in Tines
Build the server in Tines
- Open a storyboard in Tines
- In the Templates panel on the left, search for "MCP" and drag the MCP Server template onto the canvas
- Add Tools to the MCP Server action: Template tools, Send-to-story tools, or Custom tools
- Make sure each underlying tool has its Credentials configured
- Under the action's "+ Option" menu, set Access Control. Options: Public, Secret, Tines API key (team), or Tines API key (tenant)
- Copy the server URL and auth value from the action's Summary tab
Connect a Streamable HTTP MCP client
{
"mcpServers": {
"tines": {
"url": "https://<tenant>.tines.com/mcp/<mcp-path>",
"headers": {
"Authorization": "Bearer <webhook-secret-or-api-key>"
}
}
}
}
Connect a stdio-only client (e.g. Claude Desktop)
Use mcp-remote as a local proxy. Requires Node.js.
{
"mcpServers": {
"tines": {
"command": "npx",
"args": [
"mcp-remote",
"https://<tenant>.tines.com/mcp/<mcp-path>",
"--header",
"Authorization: Bearer <webhook-secret-or-api-key>"
]
}
}
}
Limits
- 30 second maximum response time per tool call
- 100 concurrent requests per tenant (1,000 for dedicated tenants)
- Protocol: primary support for MCP
2025-06-18, partial support for2025-03-26 - Unsupported: prompts, resources, OAuth in the MCP flow, notifications, sessions, pagination, JSON-RPC batching
- Expose a SOC triage workflow (VirusTotal lookup, EDR isolation, ticket creation) as a single MCP tool an analyst can invoke from Claude or ChatGPT
- Give an AI assistant read-only access to enrichment APIs (WHOIS, IPinfo, Have I Been Pwned) through Tines templates so the LLM can investigate alerts without holding the credentials
- Wrap an Okta or Active Directory user-lookup story as a send-to-story tool so agents can answer access questions while every call is audited in Tines
- Build internal "ask the runbook" assistants where a custom tool runs a parallel group of actions (pull logs from Elastic, query AWS, fetch ServiceNow ticket) and returns a consolidated response
- Standardize AI tool surfaces across an org: security defines the MCP server, devs in Cursor and Copilot all hit the same governed endpoints
- "Use the Tines server to enrich this IP with VirusTotal and IPinfo, then summarize the risk."
- "Look up user jane@acme.com in Okta and tell me which groups she's in."
- "Run the phishing-triage story on this email header block and report what it found."
- "Create a ServiceNow incident for the failed login spike I just analyzed."
- "List the AWS IAM users that haven't rotated keys in 90 days using the Tines tool."
- Built and hosted by Tines, no infrastructure to run and no community fork to vet
- Credentials stay inside Tines: the MCP client never sees the underlying API keys
- Strong governance fit, every tool call is logged in the Tines event stream and access control supports per-team or tenant-wide restrictions
- Available on all plans including the free Community Edition and does not consume AI credits
- Only useful if you already use Tines, you have to model your tools as Tines actions or stories first
- 30 second response timeout and 100 concurrent request cap (1,000 on dedicated tenants) limit long-running or high-volume workloads
- Several MCP protocol features are unsupported: prompts, resources, OAuth in the MCP flow, notifications, sessions, pagination, and JSON-RPC batching
- The server is one-way, Tines cannot itself act as an MCP client and call out to other MCP servers
- n8n MCP integration for exposing n8n workflows to AI clients
- Zapier MCP for turning Zapier Zaps into AI-callable tools
- Self-hosted FastMCP or the official modelcontextprotocol/servers reference servers if you want to build and host your own