Janee
Secure API proxy for agents. Stores credentials encrypted, injects auth server-side. You call execute() and get data without ever seeing raw keys.
For installation and setup: https://github.com/rsdouglas/janee
MCP Tools
list_services
No parameters. Returns available capabilities (name, service, ttl, rules). Call this first to see what APIs are configured.
execute
- •capability (required) — name from list_services
- •method (required) — GET, POST, PUT, DELETE, PATCH
- •path (required) — API path, e.g. /v1/customers
- •body (optional) — JSON string
- •headers (optional) — additional headers object
- •reason (optional) — required if capability has requiresReason
Returns: { status, body }
reload_config
No parameters. Reloads config from disk after adding/removing services.
Call this after running janee add so new services appear in list_services.
Making API Calls
- •Call list_services to see available capabilities
- •Call execute with the capability name, HTTP method, and path
- •Janee injects auth and proxies the request — you never touch the key
Note: execute takes a capability name (from list_services), not a service name. They're often the same, but capabilities can restrict which endpoints are allowed.
Examples
Check Stripe balance:
execute(capability="stripe", method="GET", path="/v1/balance")
List GitHub repos:
execute(capability="github", method="GET", path="/user/repos")
Create a customer:
execute(capability="stripe", method="POST", path="/v1/customers",
body='{"email": "user@example.com"}')
Adding New Services
When you encounter a new API key or the user wants to connect a new service:
For known services (GitHub, Stripe, OpenAI, etc. — Janee has 22 built-in templates):
janee add <name> --key-from-env ENV_VAR_NAME janee add <name> -k "the-api-key"
For other APIs:
janee add <name> -u https://api.example.com --key-from-env ENV_VAR_NAME
After adding, call reload_config so the new service appears in list_services.
Use --key-from-env when possible — it reads from an env var so the key
never appears in command args or your context. Use -k / --key for direct input.
Templates set a default auth type. Pass --auth-type to override it if needed.
For HMAC auth (crypto exchanges):
janee add bybit --key-from-env KEY --secret-from-env SECRET
For Google service accounts:
janee add analytics --auth-type service-account --credentials-file path.json \ --scope https://www.googleapis.com/auth/analytics.readonly
Migrating Existing Keys
If you see API keys in the user's environment (.env files, shell config, etc.):
- •Offer to move them into Janee
- •Use
janee addwith--key-from-envto read from the existing env var - •After adding, the user can remove the plaintext key from their config
Troubleshooting
execute returns error status:
- •401/403: Auth credentials may be expired or wrong. Ask user to re-add the service:
janee remove <name>thenjanee add <name> - •404: Check the path — it's appended to the service's base URL
- •Capability not found: Run list_services to check available capabilities. If the service was just added, call reload_config first.