Help center

API & MCP access

Use the Routescore public API and the @routescore/mcp server from Claude, Cursor, and your own agents — get a key, wire up the MCP server, or call the REST endpoints directly.

Routescore's modeled DeFi decision-support is available to agents and code two ways: as an MCP server you drop into Claude, Cursor, or any MCP-capable client, and as a keyed REST API you call from your own backend. Both speak the same endpoints and return the same trust envelope.

Who this is for

API & MCP access is included with the Power plan (and higher). If your key reports a lower tier, upgrade on the pricing page. Everything here is read-only decision support — it never custodies assets, executes trades, or needs a private key or seed phrase.

Step 1 — Get an API key

  1. Open Account → Developer → API & MCP access at /account.
  2. Generate a key. Keys look like rs_live_… and are shown once — copy it immediately and store it somewhere safe (a password manager or your platform's secret store).
  3. Treat the key like a password. It carries your plan's quota; anyone with it can spend against your limits. Never commit it to source control or paste it into a public config.

Step 2, option A — Use it as an MCP server

The published @routescore/mcp package is a thin, stateless wrapper around the API — nothing is stored locally. Add it to your client config and set your key in the env block.

Claude Desktop (claude_desktop_config.json) or Cursor (.cursor/mcp.json):

{
  "mcpServers": {
    "routescore": {
      "command": "npx",
      "args": ["-y", "@routescore/mcp"],
      "env": {
        "ROUTESCORE_API_KEY": "rs_live_your_key_here"
      }
    }
  }
}

Claude Code (CLI):

claude mcp add routescore --env ROUTESCORE_API_KEY=rs_live_... -- npx -y @routescore/mcp

Restart the client. You should see the Routescore tools appear. Ask the agent to run whoami first — it confirms the key works and reports your plan tier.

Point at a local API for development

Set ROUTESCORE_API_URL in the same env block to override the base URL (default https://www.routescore.io). For local development against a dev server, use http://localhost:3000.

The tools

ToolWhat it does
quote_mev_coverModeled premium estimate for MEV-sandwich exposure on a swap (modeled premium, expected/CVaR loss).
quote_bridge_refundModeled premium estimate for cross-chain bridge execution failure vs a modeled SLA expectation.
quote_lrt_slashingModeled premium estimate for slashing risk on an LRT position given AVS exposure.
simulate_scenarioWhat-if Monte Carlo: modeled expected premium vs refund/loss over a horizon.
check_swapPre-trade check before an agent signs: modeled route quality, price-impact / slippage band, modeled MEV/execution exposure where observable, and a registry-recognized-vs-unverified token read, as a clear / caution / unsupported verdict. Supports Ethereum (1) and Robinhood Chain (4663). Recognition is not safety, sellability, redemption, rights, liquidity, or investment-quality verification.
get_detector_manifestLatest public MEV-detector run manifest (version hash + universe).
whoamiConfirm the key works and report its plan tier.

All quote_* results are modeled, point-in-time premium estimates — decision support only, not a live cover, insurance, refund, or premium-acceptance offer. Routescore does not underwrite risk.

Step 2, option B — Call the REST API directly

Prefer to call from a script or backend? Every tool maps to one endpoint under https://www.routescore.io/api/public/v1. Authenticate with a bearer token.

Verify your key with GET /me:

curl https://www.routescore.io/api/public/v1/me \
  -H "Authorization: Bearer rs_live_your_key_here"
{
  "authenticated": true,
  "tier": "power",
  "plan_includes_api": true,
  "score_state": "valid"
}

Request a modeled MEV estimate with POST /quote/mev — this returns a modeled, point-in-time premium estimate for MEV-sandwich exposure, not a live cover offer:

curl -X POST https://www.routescore.io/api/public/v1/quote/mev \
  -H "Authorization: Bearer rs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{ "notional_usd": 25000, "asset_pair": "USDC/ETH", "route": "uniswap-v3" }'

The MCP tools map to these endpoints one-to-one:

MCP toolMethodEndpoint
quote_mev_coverPOST/quote/mev
quote_bridge_refundPOST/quote/bridge
quote_lrt_slashingPOST/quote/lrt
simulate_scenarioPOST/scenario/simulate
check_swapPOST/check/swap
get_detector_manifestGET/benchmark/manifest
whoamiGET/me

Run a pre-sign check with POST /check/swap before an agent asks a user to sign. This example scopes the check to Robinhood Chain (4663) and a tokenized asset; the result remains decision support only and the token registry read does not verify sellability, redemption, shareholder rights, custody, dividends, or jurisdiction eligibility. For RHC tokenized stocks/ETFs, pass the Routescore registry contract address; symbol-only checks are treated as unverified because they are not contract verification:

curl -X POST https://www.routescore.io/api/public/v1/check/swap \
  -H "Authorization: Bearer rs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "notional_usd": 10000,
    "chain_id": 4663,
    "route": "uniswap-v3-rho",
    "token_in": "USDG",
    "token_out": "0xaF3D76f1834A1d425780943C99Ea8A608f8a93f9",
    "slippage_allowance_bps": 75
  }'

The complete, machine-readable schema for every endpoint — inputs, outputs, and defaults — lives at /api/public/v1/openapi.json. Point your OpenAPI tooling or codegen at it.

What the responses tell you

Every check_swap, quote, and scenario response carries a trust envelope so agents and dashboards never have to guess how much to trust a number. Render these fields by default. Abbreviated example:

{
  "score_state": "partial",
  "source_freshness": {
    "state": "partial",
    "checked_at": "2026-06-21T00:00:00.000Z",
    "sources": [
      { "name": "routescore_backend", "freshness_state": "fresh" },
      { "name": "bridge_risk_labels", "freshness_state": "unknown" }
    ]
  },
  "methodology_version": "routescore.public_api.v1",
  "confidence_band": { "low": null, "high": null, "unit": "bps" },
  "caveats": [
    "Modeled, point-in-time decision support. Not an execution guarantee.",
    "Unsupported or stale inputs widen uncertainty instead of hiding risk."
  ],
  "commercial_disclosure": {
    "paid_placement": false,
    "score_influenced_by_partner": false
  }
}
  • score_statevalid, partial, or degraded. partial means some inputs were stale or unsupported; the estimate widens its uncertainty rather than hiding the gap.
  • source_freshness — per-source freshness so you can see exactly which inputs were fresh, stale, or unknown at request time.
  • confidence_band — the modeled uncertainty around the estimate, in bps.
  • caveats and commercial_disclosure — plain-language limits, plus an explicit statement that estimates are not paid placements or partner-influenced.

Rate limits

Limits apply per key and scale with your plan. Every response carries X-RateLimit-* headers reporting your remaining quota — read them and back off before you hit a limit.

Decision support, not execution or advice

Routescore's API and MCP tools return modeled, point-in-time decision support — they are not a live cover, insurance, refund, or premium-acceptance offer, and not investment, legal, or tax advice. Routescore does not underwrite risk, custody assets, execute transactions, or guarantee outcomes. See how the Routescore is produced for the scoring methodology.