WoWSQL Logo
WoWSQL

Model context protocol (MCP)

Connect your AI tools to WoWSQL using MCP

The Model Context Protocol (MCP) is a standard for connecting Large Language Models (LLMs) to platforms like WoWSQL. Once connected, your AI assistants can interact with and query your WoWSQL projects on your behalf.

HTTP-Based MCP Server: WoWSQL MCP uses HTTP transport, connecting directly to the WoWSQL API at https://api.wowsql.com/api/v1/mcp. This provides better reliability, security, and eliminates the need for local npm packages. Simply login to WoWSQL dashboard, generate an MCP token, and use it in your MCP client configuration.

Remote MCP installation

Configure your AI tool

Choose your MCP client and follow the installation instructions:

Cursor MCP Configuration

Configuration file: .cursor/mcp.json

Configuration
{
  "mcpServers": {
    "wowsql": {
      "url": "https://api.wowsql.com/api/v1/mcp",
      "transport": "http",
      "headers": {
        "Authorization": "Bearer YOUR_MCP_TOKEN_HERE",
        "Content-Type": "application/json"
      }
    }
  }
}
Setup Instructions
  1. 1
    Log in to WoWSQL dashboard and generate an MCP token (Profile → MCP Access Tokens)
  2. 2
    Open Cursor Settings → Features → MCP
  3. 3
    Or create/edit the file at ~/.cursor/mcp.json
  4. 4
    Paste the configuration above
  5. 5
    Replace YOUR_MCP_TOKEN_HERE with the token you copied from the dashboard
  6. 6
    Restart Cursor to activate the MCP server
Using Your MCP Token

After generating your MCP token from the dashboard:

  1. Copy the token from the modal (you won't see it again!)
  2. Replace YOUR_MCP_TOKEN_HERE in the configuration above
  3. The token is used in the Authorization header: Bearer YOUR_TOKEN
  4. You can revoke tokens anytime from your Profile page

Secure & Simple: Your tokens are tied to your WoWSQL account. Login however you normally do (email/password or OAuth), then generate tokens as needed.

Production Ready

WoWSQL MCP is built with enterprise-grade security and is fully production-ready. The server includes built-in rate limiting, audit logging, SQL injection protection, and comprehensive error handling. You can confidently use it in both development and production environments with proper API key management and access controls.

HTTP Transport Support

WoWSQL MCP uses HTTP transport. If your MCP client doesn't support HTTP transport yet, you may need to:

  • Check if your client has an HTTP transport option in its configuration
  • Update to the latest version of your MCP client
  • Use a bridge/adapter if available for your client
  • Contact your MCP client's support for HTTP transport roadmap

Next steps

Your AI tool is now connected to your WoWSQL project using HTTP-based MCP. Try asking the AI tool to query your database using natural language commands.

Getting Your MCP Token

Simple Token-Based Authentication

Generate MCP access tokens directly from your WoWSQL dashboard. Login with your existing account (email/password or OAuth), then generate a token for your MCP client.

Step-by-Step:

  1. 1.Log in to your WoWSQL dashboard at app.wowsql.com (use email/password or OAuth - Google/GitHub)
  2. 2.Go to your Profile page → MCP Access Tokens section
  3. 3.Click "Generate MCP Token" (optionally name your client, e.g., "Cursor" or "Claude Desktop")
  4. 4.Copy the generated token immediately (you won't see it again!)
  5. 5.Add the token to your MCP client configuration as shown below

Secure & Simple: Your MCP tokens are tied to your WoWSQL account. You can revoke them anytime from your profile page. No need to manage separate API keys or OAuth flows in your MCP client.

Security & Best Practices

WoWSQL MCP is built with security as a top priority. Our server includes comprehensive security features including SQL injection protection, rate limiting, audit logging, and robust error handling. Here's how to maximize security and get the most out of your MCP integration.

Built-in Security Features

SQL Injection Protection

All database queries are automatically sanitized and use parameterized statements to prevent SQL injection attacks.

Rate Limiting

Built-in rate limiting protects your database from excessive requests and ensures fair usage across all users.

Audit Logging

All MCP operations are logged with detailed audit trails for security monitoring and compliance.

Error Handling

Comprehensive error handling with structured error codes for better debugging and security monitoring.

Best Practices for Production

Follow these recommendations to ensure optimal security and performance in production environments:

  • API Key Management: Use environment variables to store your API keys securely. Rotate keys regularly and use different keys for development and production environments.
  • Project Scoping: Scope your MCP server to specific projects to limit access to only the resources you need. This provides better isolation and security.
  • Tool Permissions: Configure which tools are available to the LLM. Enable only the tools you need to minimize the attack surface.
  • Manual Approval: Most MCP clients support manual approval of tool calls. Keep this enabled in production to review operations before execution.
  • Monitor Audit Logs: Regularly review audit logs to track MCP usage and identify any unusual patterns or potential security issues.

Understanding Prompt Injection

Prompt injection is a technique where malicious instructions are embedded in user content to manipulate LLM behavior. WoWSQL MCP includes multiple layers of protection against this:

Protection Mechanisms

  • Input validation and sanitization for all queries
  • SQL result wrapping with security instructions
  • Structured error responses that prevent command injection
  • Rate limiting to prevent automated attacks

Combined with manual approval in MCP clients, these protections provide robust security for production use.