MCP (any client)

STACK is an MCP server. Any MCP-spec-compliant client (Claude Code, Cursor, ChatGPT Workspace Agents, the Anthropic Agent SDK, the OpenAI Agents SDK, custom clients) can connect with one registration and get the full STACK tool surface, around 80 tools across passports, proxy, audit, revocation, drop-offs, skills, identity, services, and team management.

For the broader why-this-matters framing — including how to route your own MCP server through STACK for credential, audit, and revocation — read /with/mcp. This page is the technical guide.

1. The endpoint

https://mcp.getstack.run/mcp

Streamable HTTP transport. OAuth 2.1 metadata is published at https://api.getstack.run/.well-known/oauth-authorization-server, with Dynamic Client Registration (RFC 7591) at /oauth/register. Compliant clients discover and register automatically; you only have to approve scopes in your browser the first time.

2. OAuth flow (what your client does for you)

• Client GETs /.well-known/oauth-authorization-server and reads authorization_endpoint, token_endpoint, registration_endpoint.
• Client POSTs to /oauth/register with its name and redirect_uris; receives a client_id back (no secret needed for PKCE).
• Client opens authorization_endpoint in the browser with a PKCE challenge and the requested scopes.
• User logs in to STACK and approves the scopes; authorization_endpoint redirects back to the client with a code.
• Client exchanges the code for an access token at token_endpoint.
• Subsequent MCP calls use the access token as a Bearer credential.

If your client doesn't do OAuth, you can fall back to passing a STACK API key (or member key, or short-lived passport) as the Bearer token. Most modern MCP clients do OAuth.

3. Bearer-token mode (programmatic clients)

If your client is a script or backend that won't do an interactive OAuth dance:

Authorization: Bearer <STACK_API_KEY_or_passport_token>

Use a short-lived passport instead of an admin key when the agent should be scoped to a specific intent. See /docs/concepts/passports.

4. The tool list

After the MCP handshake, the client calls tools/list and discovers all STACK tools. Categories:

• Agents — register, list, grant access, revoke.
• Passports — issue, refresh, revoke (single, all, per-agent), verify, list active.
• Services — list, connect (OAuth + custom), verify connection, list templates.
• Credentials — get (with passport), list (admin scope).
• Proxy — proxy_request, scan, scan usage.
• Drop-offs — create, deposit, collect, expire, list, get status.
• Skills — browse, find matching, get, allow, disallow, invoke, check invocation, post request, list requests, publish, suggest composition.
• Identity — get / update settings, send verification code, get passport report, check trust level.
• Audit — list, chain head, verify chain, list security events, resolve.
• Detectors — list configs, get config, upsert, reset, agent permissions.
• Team — list members, invite, update, revoke, list intents.
• Notifications — list / create / update / delete rules, list / add / verify / delete delivery methods, test.
• Checkpoints — checkpoint, list pending reviews, decide review.
• Billing — checkout, proxy usage.

Full reference at /docs/mcp-tools.

5. Build your own MCP server on STACK

If you're building a service-specific MCP server (your team's internal tools wrapped as MCP, or a public MCP server you'll publish), the pattern is to keep your MCP server thin and route the production-grade layers through STACK:

• Connect the upstream service to STACK at https://getstack.run/services (OAuth or custom credential).
• In your MCP server tool handlers, call STACK's stack_proxy_request with the appropriate scope. STACK injects the credential server-side.
• For audit, the call is automatically recorded in the operator's hash-chained audit log. No extra wiring.
• For revocation, the operator can kill any agent's passport from the STACK dashboard; the next call from your MCP server fails.
• Your MCP server stays a thin wrapper. STACK holds the credentials, audit, detectors, and revocation underneath.

Next

• /with/mcp — why this matters and the patterns it unlocks.
• Security: MCP setup — the security posture per client (OAuth vs Bearer).
• MCP tool reference — every tool, signature, and required scope.
• Concepts: passports — short-lived, narrow-only, the right unit of agent identity.