morningstar.com
Morningstar provides investment data, research, analytics, and credit ratings products for financial institutions and developers. Its offerings include Direct Web Services for market and portfolio data, a DBRS credit ratings data API, and AI integrations through an MCP server.
Morningstar exposes REST APIs for Direct Web Services and Morningstar DBRS, plus an OAuth-protected Morningstar MCP server at `https://mcp.morningstar.com/mcp`.
- Morningstar MCP Serverdetected
- Morningstar Direct Web Services APIsdiscovered
- Morningstar Authentication APIdiscovered
- Morningstar DBRS Data APIdiscovered
Request access to Direct Web Services via Morningstar Contact Us or through your Morningstar account representative. Once your licensed account is provisioned, use the issued username and password to call the Authentication API and mint bearer tokens.
Use your Direct Web Services account credentials to POST to /token/oauth on your regional base URL (for example https://www.us-api.morningstar.com/token/oauth) with Authorization: Basic {Base64(username:password)} as described in the Authentication API overview. The response contains access_token, which you send as Authorization: Bearer {access_token} on subsequent API calls. Tokens are valid for 60 minutes.
Point your MCP client at the server URL and approve access in the browser. The server accepts a Client ID Metadata Document (CIMD), so the client authenticates with its own hosted URL as the client_id — nothing to register.
After receiving your DBRS client identifier and client secret, call GET https://api.dbrs.io/auth/v1/token with headers x-clientid and x-clientsecret as shown in the DBRS Developer Portal. The auth service returns a JWT token, which the portal says is required for access to the vast majority of service endpoints.
conventions · 0/8 published
- integrations.json✗
/.well-known/integrations.json - llms.txt✗
/llms.txt - API catalog✗
/.well-known/api-catalog - OpenAPI document✗
/api/schema/, /openapi.json, /swagger.json, /api/openapi.json, or /v1/openapi.json - MCP server card✗
/.well-known/mcp/server-card.json - OAuth protected resource✗
/.well-known/oauth-protected-resource - Agent card✗
/.well-known/agent-card.json - Agent skills✗
/.well-known/agent-skills/index.json
Publish these signals → /publishing