Sift

v0.2.0-alpha.1API Keyalpha

Global ML-based fraud detection — events + scores + decisions + labels feedback. Alpha on npm — paths verified against SiftScience/sift-ruby SDK.

20 tools3 env vars🌐 GLOBALalpha — pending validation

Install

terminal

$ npm install @codespar/mcp-sift@alpha

Quickstart

Add this entry to your claude_desktop_config.json (or any MCP-compatible client config).

claude_desktop_config.json

{
  "mcpServers": {
    "sift": {
      "command": "npx",
      "args": [
        "-y",
        "@codespar/mcp-sift@alpha"
      ],
      "env": {
        "SIFT_API_KEY": "<your_sift_api_key>",
        "SIFT_ACCOUNT_ID": "<your_sift_account_id>"
      }
    }
  }
}

After restart, your agent can call any of the 20 tools below — try send_event first.

Environment variables · 3

Required to authenticate the server. Stored encrypted when using CodeSpar managed hosting.

SIFT_API_KEY

requiredsecret

Sift API key. Used in the Events API request body ($api_key) and as the HTTP Basic auth username (empty password) for Score + Decisions APIs.

SIFT_ACCOUNT_ID

required

Sift Account ID. Required for all Decisions API v3 endpoints (path segment /v3/accounts/{account_id}/...).

SIFT_BASE_URL

optional

Sift API base URL. Defaults to https://api.sift.com.

Available tools · 20

Each tool is independent — your agent loads only what it needs to reduce context and response time.

WRITEsend_event

Send a fraud signal to Sift's Events API (POST /v205/events). The `type` parameter selects the event kind ($create_order, $transaction, $login, $create_account, $update_account, $chargeback, $order_status, etc). Additional fields ($user_id, $session_id, $order_id, custom fields) are passed via `fields` and merged into the body. Use `return_score=true` to get a synchronous score in the response.

READget_user_score

Fetch the latest Sift score(s) for a user (GET /v205/users/{user_id}/score). Does NOT trigger a rescore — it returns whatever score was last computed. The score is a float in [0, 1]; higher means more fraud-like. Optionally filter by abuse_types.

READrescore_user

Force Sift to recompute a user's score right now (POST /v205/users/{user_id}/score). Use when you have externally-observed signal that should invalidate the last score (e.g. a manual decision) but have not sent a new event.

READlabel_user

Label a user as fraud or not-fraud via the legacy Labels API (POST /v205/users/{user_id}/labels). Labels are the classic supervised-learning feedback channel for Sift's ML model. Note: most new integrations use the Decisions API (apply_decision_to_user) instead — labels are kept for backward compatibility. Still supported for ongoing model feedback.

READunlabel_user

Remove any existing label on a user (DELETE /v205/users/{user_id}/labels). Optionally scope by abuse_type.

READapply_decision_to_user

Apply a workflow Decision to a user (POST /v3/accounts/{account_id}/users/{user_id}/decisions). Decisions are the modern replacement for Labels — they both classify the entity for Sift's ML and trigger any configured side effects (e.g. a Block decision on a $payment_abuse user will cause that user's future $transaction events to be blocked). Requires SIFT_ACCOUNT_ID.

READapply_decision_to_order

Apply a workflow Decision to a specific order (POST /v3/accounts/{account_id}/users/{user_id}/orders/{order_id}/decisions). Order-level decisions target a single transaction rather than the whole user (e.g. 'approve_order_payment_abuse' on a manually-reviewed high-value order). Requires SIFT_ACCOUNT_ID.

READget_user_decisions

Fetch the decisions currently applied to a user (GET /v3/accounts/{account_id}/users/{user_id}/decisions). Returns the active decision per abuse type. Requires SIFT_ACCOUNT_ID.

Compatible frameworks

MCP is a protocol — any framework that speaks it can mount this server.

Claude Agent SDKAnthropic

OpenAI AgentsOpenAI

Vercel AI SDKVercel

LangChainLangChain

LlamaIndexLlamaIndex

CrewAICrewAI

MastraMastra

Any MCP clientProtocol

Frequently asked questions

All credentials are encrypted at rest in an isolated vault scoped per organization. OAuth2 tokens are automatically refreshed before expiry. Your agent code never sees raw secrets — it receives scoped, short-lived session tokens.