Mcp

Not supported (no server-initiated stream)

GET/mcp

This server offers no server-initiated SSE stream, which the streamable-HTTP spec allows. Always returns 405 with Allow: POST, DELETE.

X-Api-Key<token>

Issued to you when your integration is provisioned. Determines which catalogue resources are visible and which AI tools are available.

In: header

Response Body

application/json

curl -X GET "https://example.com/mcp"

{  "success": false,  "status": "fail",  "message": "API key is required",  "error": {    "code": "NO_API_KEY",    "message": "API key is required"  }}

Empty

Terminate an MCP session DELETE

Explicitly end the session named in the `Mcp-Session-Id` header. Returns **204** when the owning key deletes its own session, **404** for an unknown or foreign session.

MCP streamable-HTTP endpoint (JSON-RPC 2.0) POST

Model Context Protocol (MCP) gateway. This is a single **opaque JSON-RPC 2.0** endpoint over MCP streamable-HTTP — the request and response bodies are JSON-RPC envelopes, not a REST resource. Drive it with an MCP client (Claude Code, the MCP Inspector, the official SDKs) rather than by hand; the shapes below are documented for completeness. Responses are always `application/json` (this server never upgrades a POST to Server-Sent Events, which the streamable-HTTP spec permits). **Handshake & sessions.** Call `initialize` first; the response carries an `Mcp-Session-Id` header that every subsequent request must echo back in an `Mcp-Session-Id` request header. The session is bound to the api key that created it (a session from one key cannot be resumed by another) and has a rolling TTL. A missing/expired/foreign session returns **404** with JSON-RPC error `-32001` so clients transparently re-initialize. **Methods.** `initialize`, `notifications/initialized` (→ 202, no body), `ping`, `tools/list`, `tools/call`. **Per-tool scopes.** The curated tools require the `read`, `write` or `ai` scope. `tools/list` returns only the tools your key's scopes allow; `tools/call` re-checks and returns JSON-RPC error `-32002` if the key lacks the tool's scope. The linked user's own permission walls apply underneath. Tool execution failures (not-found, validation) come back as in-band results with `isError: true`, not JSON-RPC errors.