Skip to main content

The #1 agentic semantic tool search: 91.6% first-try accuracy on S1 Search Bench Explore Tool Discovery

Live 64 Actions

Ironclad MCP Server
for AI Agents

Connect your AI agent to StackOne's Ironclad MCP server and give it 64 MCP tools out of the box. Auth, tool execution, and security all managed.

Start Free Book Demo Read Docs →
Ironclad logo
Ironclad MCP Server
Built by StackOne StackOne
DrataGPLocalyzeFlipMindtoolsScreenloop

Coverage

64 Agent Actions

Create, read, update, and delete across Ironclad — and extend your agent's capabilities with custom actions.

MCP Actions → Build Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your Ironclad MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every Ironclad tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Ironclad call.

Tools Discovery →

What is the Ironclad MCP Server?

A Ironclad MCP server lets AI agents read and write Ironclad data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Ironclad MCP server ships with 64 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, observability, and agent execution runtime. Connect it from MCP clients like Claude Desktop, Claude Code, Cursor, Goose, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All Ironclad MCP Tools

Every action from Ironclad's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

A Records

  • Create A Record

    Create a Record

  • Retrieve A Record

    Retrieve a Record

  • Delete A Record

    Delete a Record

An Attachment On A Records

  • Create An Attachment On A Record

    Create an Attachment on a Record

  • Retrieve An Attachment On A Record

    Retrieve an Attachment on a Record

  • Delete An Attachment On A Record

    Delete an Attachment on a Record

A Webhooks

  • Create A Webhook

    Create a Webhook

  • Retrieve A Webhook

    Retrieve a Webhook

  • Update A Webhook

    Update a Webhook

  • Delete A Webhook

    Delete a Webhook

An Entitys

  • Create An Entity

    Create an Entity

  • Retrieve An Entity

    Retrieve an Entity

  • Update An Entity

    Update an Entity

  • Delete An Entity

    Delete an Entity

An Obligations

  • Create An Obligation

    Create an Obligation

  • Retrieve An Obligation

    Retrieve an Obligation

  • Update An Obligation

    Update an Obligation

Other (47)

  • Create A Workflow Synchronously

    Create a Workflow Synchronously

  • Send Signature Request

    Send Signature Request

  • Create A Comment On A Workflow

    Create a Comment on a Workflow

  • List All Workflows

    List All Workflows

  • Retrieve A Workflow

    Retrieve a Workflow

  • List All Workflow Approvals

    List All Workflow Approvals

  • Retrieve The Turn History On A Workflow

    Retrieve the Turn History on a Workflow

  • Retrieve Sign Step Status

    Retrieve Sign Step Status

  • List All Workflow Signers

    List All Workflow Signers

  • List All Workflow Participants

    List All Workflow Participants

  • List All Comments On A Workflow

    List all Comments on a Workflow

  • List A Comment From A Specified Workflow

    List a Comment from a Specified Workflow

  • Retrieve Documents From A Workflow

    Retrieve Documents from a Workflow

  • Retrieve A Workflow Document

    Retrieve a Workflow Document

  • List All Workflow Schemas

    List All Workflow Schemas

  • Retrieve A Workflow Schema

    Retrieve a Workflow Schema

  • List All Records

    List All Records

  • Retrieve Records Schema

    Retrieve Records Schema

  • List All Webhooks

    List All Webhooks

  • Retrieve Webhook Verification Key

    Retrieve Webhook Verification Key

  • Get All Entity Relationship Types

    Get All Entity Relationship Types

  • List All Entities

    List All Entities

  • List All Obligations

    List All Obligations

  • Download Data Export File

    Download Data Export File

  • Update Approval Status On A Workflow

    Update Approval Status on a Workflow

  • Update Workflow Metadata

    Update Workflow Metadata

  • Update Record Metadata

    Update Record Metadata

  • Cancel Signature Request

    Cancel Signature Request

  • Cancel A Workflow

    Cancel a Workflow

  • Pause A Workflow

    Pause a Workflow

  • Resume A Workflow

    Resume a Workflow

  • Replace A Record

    Replace a Record

  • Run An Action On A Record

    Run an Action on a Record

  • Submit A Request To Generate A New Data Export

    Submit a request to generate a new data export

  • Check Data Export Job Status

    Check Data Export Job Status

  • Workflow Launched

    Triggered when an Ironclad workflow is launched (e.g. via the launch_a_new_workflow action). Retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Workflow Completed

    Triggered when an Ironclad workflow reaches completion. payload.recordIDs lists the records created from the workflow; retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Workflow Cancelled

    Triggered when an Ironclad workflow is cancelled (e.g. via the cancel_a_workflow action). Retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Workflow Paused

    Triggered when an Ironclad workflow is paused (e.g. via the pause_a_workflow action). Retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Workflow Resumed

    Triggered when an Ironclad workflow is resumed (e.g. via the resume_a_workflow action). Retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Workflow Approval Status Changed

    Triggered when the approval status of an Ironclad workflow changes (e.g. via the update_workflow_approval action). Retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Workflow Attribute Updated

    Triggered when workflow attributes are modified (e.g. via the update_workflow_metadata action). payload.changedAttributes lists the changed fields; retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Workflow Comment Added

    Triggered when a comment is added to an Ironclad workflow (e.g. via the create_comment_on_a_workflow action). payload.commentID identifies the comment; retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Signature Packet Sent

    Triggered when a signature packet is sent out for signature (e.g. via the send_signature_request action). Retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Signature Packet Cancelled

    Triggered when a signature request is cancelled (e.g. via the cancel_signature_request action). payload.cause holds the cancellation reason; retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Signature Packet Fully Signed

    Triggered when all signers have signed the signature packet on an Ironclad workflow. Retrieve the workflow with get_workflow using the eventId (payload.workflowID).

  • Contract Status Changed

    Triggered when the contract status of an Ironclad repository record changes (e.g. via the run_an_action_on_a_record or replace_record action). payload.status holds the new status; retrieve the record with get_record using the eventId (payload.recordID). Subscribe via record_contract_status_changed; Ironclad delivers it with payload.event = contract_status_changed.

Set Up Your Ironclad MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to Ironclad in under 10 lines of code.

MCP Clients

Claude Desktop setup guide
Claude Code setup guide
Cursor setup guide
Goose setup guide

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

Check More eSignature MCP Servers

Dropbox Sign

69+ actions

DocuSign

63+ actions

All eSignature MCP Servers →

Platform Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

MCP vs A2A: Architecture, Security, and When to Use Each

MCP vs A2A: what each protocol standardizes, how they differ, their shared security risks including indirect prompt injection, and when to use one, both, or a hybrid architecture.

12 min

MCP vs API: What 200+ Connector Builds Taught Us

MCP wraps APIs, it doesn't replace them. After building 200+ connectors that serve both, here's when each approach wins.

14 min read

Ironclad MCP Server FAQ

Does StackOne have a Ironclad MCP server?
Yes. StackOne offers a hosted Ironclad MCP server with 64 pre-built actions, and every action is tested and QA'd by StackOne. Connect it to Claude, Cursor, and any other MCP client, or to any agent framework through the AI Action SDK. It ships with managed agent authentication, prompt injection defense, and tool discovery with server-side execution that preserve your agent's context window and keep reasoning performance.
Ironclad MCP server vs direct API integration — what's the difference?
A Ironclad MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Ironclad. A Ironclad MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Ironclad at runtime. StackOne provides both.
How does Ironclad authentication work for AI agents?
Ironclad authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Ironclad account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are Ironclad MCP tools vulnerable to prompt injection?
Yes — Ironclad MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Ironclad agent and how do I avoid it?
Context bloat happens when Ironclad tool schemas and API responses eat your Ironclad agent's memory, preventing it from reasoning effectively. A single Ironclad query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Ironclad agent can access?
Yes — you can limit which actions your Ironclad agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Ironclad MCP server?
Yes — you can create custom agent actions for your Ironclad MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Ironclad's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Ironclad MCP server?
Skip a Ironclad MCP server if your integration is purely software-to-software — direct Ironclad API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Ironclad actions at runtime.
What AI frameworks and AI clients does the StackOne Ironclad MCP server support?
The StackOne Ironclad MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo