apxy setup
The apxy setup command group is for external client integration helpers, including MCP client registration (apxy setup mcp).
apxy mcp runs the APXY MCP server itself. apxy setup mcp is the separate helper that previews or applies MCP client configuration.
apxy setup
Configure external client integrations
Options
-h, --help help for setupOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic
- apxy setup mcp - Configure MCP clients to use APXY
apxy setup mcp
Configure MCP clients to use APXY
Synopsis
Preview or apply MCP client setup for APXY.
Codex and Claude Code are configured through their native provider CLIs. Other supported MCP clients are shown as manual JSON snippets for the user to apply directly.
apxy setup mcp [flags]Options
--all show or apply setup for all supported providers
--client string target MCP client: codex, claude-code, claude-desktop, cursor, vscode, windsurf
-h, --help help for mcp
--scope string target scope for the selected client
--write apply provider CLI setup where automatic configuration is supportedOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy setup - Configure external client integrations
apxy certs
Generate, inspect, and trust APXY certificates
Options
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
-h, --help help for certsOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic
- apxy certs custom - Manage custom Certificate Authorities per domain
- apxy certs generate - Generate the APXY root CA certificate
- apxy certs info - Show details for the APXY root CA certificate
- apxy certs trust - Trust the APXY root CA in the system keychain
apxy certs custom
Manage custom Certificate Authorities per domain
Options
-h, --help help for customOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs - Generate, inspect, and trust APXY certificates
- apxy certs custom add - Add a custom CA for a domain pattern
- apxy certs custom info - Show details for a custom CA
- apxy certs custom list - List all custom CAs
- apxy certs custom remove - Remove a custom CA by domain pattern or all custom CAs
- apxy certs custom trust - Trust a previously added custom CA in the system keychain
apxy certs custom add
Add a custom CA for a domain pattern
Synopsis
Add a custom Certificate Authority for a specific domain pattern. The proxy will use this CA to sign certificates for matching domains instead of the default APXY CA.
Flags: —domain domain pattern, e.g. *.example.com (required) —cert path to CA certificate file, .crt or .pem (required) —key path to CA private key file, .key or .pem (required) —label optional label for this CA —no-trust skip installing the CA in the system trust store
apxy certs custom add [flags]Examples
apxy certs custom add --domain "*.example.com" --cert ./ca.crt --key ./ca.key
apxy certs custom add --domain "internal.corp" --cert ./corp-ca.pem --key ./corp-ca-key.pem --label "Corp CA" --no-trustOptions
--cert string path to CA certificate file (.crt/.pem)
--control-url string control API URL (default "http://127.0.0.1:8081")
--domain string domain pattern (e.g. *.example.com)
-h, --help help for add
--key string path to CA private key file (.key/.pem)
--label string optional label for this CA
--no-trust skip installing CA in system trust storeOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs custom - Manage custom Certificate Authorities per domain
apxy certs custom info
Show details for a custom CA
Synopsis
Show detailed information about a custom Certificate Authority, including subject, expiry, and file paths.
The —domain flag is required.
apxy certs custom info [flags]Examples
apxy certs custom info --domain "*.example.com"Options
--control-url string control API URL (default "http://127.0.0.1:8081")
--domain string domain pattern to inspect
-h, --help help for infoOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs custom - Manage custom Certificate Authorities per domain
apxy certs custom list
List all custom CAs
Synopsis
List all custom Certificate Authorities, including their domain patterns, labels, and expiry dates.
Flags: —format output format: json or toon (default: json)
apxy certs custom list [flags]Examples
apxy certs custom list
apxy certs custom list --format toonOptions
--control-url string control API URL (default "http://127.0.0.1:8081")
--format string output format: json|toon (default "json")
-h, --help help for list
-q, --quiet output only IDs, one per lineOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs custom - Manage custom Certificate Authorities per domain
apxy certs custom remove
Remove a custom CA by domain pattern or all custom CAs
Synopsis
Remove a custom Certificate Authority by its domain pattern, or remove all custom CAs with —all.
Either —domain or —all is required.
apxy certs custom remove [flags]Examples
apxy certs custom remove --domain "*.example.com"
apxy certs custom remove --allOptions
--all apply to all resources
--control-url string control API URL (default "http://127.0.0.1:8081")
--domain string domain pattern to remove
--dry-run preview what would happen without executing
-h, --help help for removeOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs custom - Manage custom Certificate Authorities per domain
apxy certs custom trust
Trust a previously added custom CA in the system keychain
Synopsis
Install a previously added custom CA certificate into the system trust store.
The —domain flag is required. On macOS this may require sudo for Keychain access.
apxy certs custom trust [flags]Examples
apxy certs custom trust --domain "*.example.com"Options
--control-url string control API URL (default "http://127.0.0.1:8081")
--domain string domain pattern whose CA to trust
-h, --help help for trustOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs custom - Manage custom Certificate Authorities per domain
apxy certs generate
Generate the APXY root CA certificate
Synopsis
Generate a new root Certificate Authority (CA) certificate and private key for HTTPS interception.
apxy certs generate [flags]Examples
apxy certs generateOptions
-h, --help help for generateOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs - Generate, inspect, and trust APXY certificates
apxy certs info
Show details for the APXY root CA certificate
Synopsis
Show subject, issuer, serial number, validity dates, and key usage for the APXY root CA certificate.
apxy certs info [flags]Examples
apxy certs infoOptions
-h, --help help for infoOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs - Generate, inspect, and trust APXY certificates
apxy certs trust
Trust the APXY root CA in the system keychain
Synopsis
Install the APXY root CA certificate into the system trust store.
On macOS this may require sudo for Keychain access.
apxy certs trust [flags]Examples
apxy certs trustOptions
-h, --help help for trustOptions inherited from parent commands
--cert-dir string directory for certificates (default "/Users/tuanquanghpvn/.apxy/certs")
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy certs - Generate, inspect, and trust APXY certificates
apxy ssl
Manage HTTPS interception rules for the running proxy
Options
-h, --help help for sslOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic
- apxy ssl disable - Disable HTTPS interception for a domain or all domains
- apxy ssl enable - Enable HTTPS interception for a domain
- apxy ssl list - List domains with HTTPS interception enabled
apxy ssl disable
Disable HTTPS interception for a domain or all domains
Synopsis
Disable HTTPS interception for a specific domain or all domains with —all. Traffic to disabled domains will pass through as opaque TLS.
Either —domain or —all is required.
apxy ssl disable [flags]Examples
apxy ssl disable --domain "api.example.com"
apxy ssl disable --allOptions
--all apply to all resources
--control-url string control API URL (default "http://127.0.0.1:8081")
--domain string domain to disable SSL interception
--dry-run preview what would happen without executing
-h, --help help for disableOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy ssl - Manage HTTPS interception rules for the running proxy
apxy ssl enable
Enable HTTPS interception for a domain
Synopsis
Enable HTTPS interception for a specific domain, allowing the proxy to decrypt and inspect TLS traffic.
The —domain flag is required.
apxy ssl enable [flags]Examples
apxy ssl enable --domain "api.example.com"Options
--control-url string control API URL (default "http://127.0.0.1:8081")
--domain string domain to enable SSL interception
-h, --help help for enableOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy ssl - Manage HTTPS interception rules for the running proxy
apxy ssl list
List domains with HTTPS interception enabled
Synopsis
List all domains that currently have HTTPS interception enabled.
Flags: —format output format: json or toon (default: json)
apxy ssl list [flags]Examples
apxy ssl list
apxy ssl list --format toonOptions
--control-url string control API URL (default "http://127.0.0.1:8081")
--format string output format: json|toon (default "json")
-h, --help help for list
-q, --quiet output only IDs, one per lineOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy ssl - Manage HTTPS interception rules for the running proxy
apxy init
Initialize a project-scoped APXY workspace
Synopsis
Creates a .apxy/ directory in the current project with isolated configuration. This enables project-scoped isolation: each project gets its own database, certificates, and mock rules.
After running init, use: apxy start —project-dir .
apxy init [flags]Options
-h, --help help for initOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic
Last updated on