Everything your AI assistants need
A comprehensive MCP gateway with enterprise security and organization management — so your team can connect tools once and expose them everywhere.
One Gateway, Every Tool
Ferrule exposes a single MCP endpoint per organization, aggregating every connected integration into one unified interface that AI assistants can discover and call.
Unified Endpoint
A single MCP gateway aggregates every connected integration per organization. One endpoint, all your tools.
Dual Authentication
OAuth 2.1 with PKCE for interactive clients and API keys for programmatic access — choose what fits your workflow.
Method Registry
15 integrations with a built-in describe_method introspection tool. AI assistants discover available tools dynamically.
jq Response Projection
Apply jq expressions via the select parameter to filter API responses, reducing token usage and focusing on what matters.
Automatic Token Refresh
Encrypted token storage with transparent refresh on every request. Per-request client creation keeps credentials isolated.
Example MCP Request
POST /api/mcpContent-Type: application/jsonAuthorization: Bearer frl_... { "method": "tools/call", "params": { "name": "practicepanther_list_contacts", "arguments": { "limit": 10 } }}
Security at Every Layer
From encrypted storage to strict authentication, every layer of Ferrule is designed to keep your credentials and data safe.
Encryption at Rest
AES-256-GCM encryption for all OAuth tokens and API credentials with a 32-byte key, 12-byte IV, and 16-byte auth tag.
Multi-Factor Authentication
TOTP with 6-digit codes, WebAuthn passkeys with resident key verification, and encrypted backup codes for recovery.
API Key Security
SHA-256 hashed keys stored in the database with configurable expiry, instant revocation, and usage tracking.
Rate Limiting
Redis-backed sliding window enforcement via Lua scripts with automatic in-memory fallback. Configurable per endpoint.
TLS Everywhere
All connections encrypted in transit. Cookies set with secure, httpOnly, and sameSite attributes by default.
OAuth 2.1 Compliance
PKCE required on every flow, dynamic client registration, scoped 1-hour access tokens, and 7-day refresh tokens.
Built for Teams
Manage your organization with role-based access, secure invitations, and scoped resources — all from a single dashboard.
Role-Based Access Control
Owner, admin, and member roles with granular permissions. Organization creators are automatically assigned the owner role.
Team Onboarding
Secure email invitations with SHA-256 hashed tokens and configurable expiration per organization.
Scoped Resources
Integration connections, API keys, and enabled APIs are all scoped per organization for strict resource isolation.
Organization Dashboard
A centralized view to manage connected integrations, API keys, and team members across your organization.
Personal Integrations
Individual team members connect their own Google Drive, Calendar, Docs, Sheets, and Box accounts. Personal integrations are scoped to the user — their data stays private while org integrations remain shared.