Static API Key + API Secret Key — no OAuth, no token refresh. The default account key is read-only; the Pro write tools need a user-based key with the matching permission.
Free is 55 read-only tools. Pro and Business unlock the full 92-tool surface — agent isolation, remediation approvals, escalation & incident resolution, org / membership / ITDR-rule management, SIEM queries, and reseller writes.
All plans include 3 StackJack Meta tools · Reads use the default key; writes need a user-based key · cursor-paginated (max 500 / page)
Pro and Business expose the identical 92-tool set — Huntress uses a static API Key + Secret (no OAuth / per-user attribution), so Business is purely a higher call quota (50K/mo). Write tools additionally require a user-based (non-read-only) Huntress key.
Generate an API Key + API Secret Key pair under Account → API Credentials. The default account key is read-only — it calls every Free read tool but none of the writes. To use the Pro write tools (isolate, uninstall, approve remediations, resolve escalations, manage orgs / memberships / ITDR rules, SIEM queries), generate a user-based key that carries the matching write permission; a read-only key calling a write returns an authorization error. Huntress reveals the Secret Key once at generation — copy it immediately. No OAuth / token refresh, so all calls are attributed to the single integration key. Confirm what a key can do with huntress_get_actor.
A standard account key calls every flat tool — your own agents, identities, incident reports, and organizations, no account ID needed. Reseller-level credentials add Managed Accounts (huntress_*_managed_account_* — read and act on any downstream account by accountId, discovered via huntress_list_managed_accounts) and Reseller Billing (huntress_*_reseller_* — invoices, per-account and per-organization usage line items, and subscriptions). With a standard key, those calls return an authorization error — stick to the flat tools.
Treat these as you would a destructive action in the Huntress dashboard — there is no undo: huntress_uninstall_agent, huntress_delete_organization, huntress_delete_membership, huntress_delete_unwanted_access_rule, and the managed-account equivalents — plus huntress_disable_managed_account, which permanently disables a reseller-managed account and uninstalls ALL its agents after 10 days. Every write tool requires a Pro plan and a user-based key with the matching permission — a 403 means the key lacks the permission, not that it is invalid. Use StackJack per-user tool allow-lists to keep destructive tools off unattended agents.
Free is the 55 read-only surface across all 15 groups. Pro adds 37 write/action tools: agent isolation & uninstall, remediation approve/reject, incident & escalation resolution, org / membership / ITDR-rule CRUD, SIEM queries, and reseller account & subscription management.
Drive Huntress end-to-end — read SOC incident reports, escalations, agents, identities, External Recon, and signals, then take the response action: isolate, remediate, resolve, run SIEM queries, and manage orgs and reseller accounts.
For application builders and vendors embedding StackJack. Unlimited tool calls, dedicated support, SLA, and custom tool development.
Hand Claude your Huntress tenant. Surface critical SOC incident reports, isolate compromised hosts, approve remediations, resolve escalations, run SIEM queries, and manage reseller accounts through MCP. Start free with 55 read tools and 100 calls.