Remote MCP setup
Connect MCP-compatible clients to AWF Cloud via the remote MCP gateway using streamable HTTP transport.
You must have an organization and project configured before connecting. Create or select a project from the account settings page.
MCP endpoint
The MCP gateway exposes a single endpoint that supports both discovery (GET) and JSON-RPC (POST) over streamable HTTP transport.
<api-base-url>/v1/orgs/{org_id}/projects/{project_id}/mcpReplace {org_id} and {project_id} with your organization and project identifiers.
Protocol details
- Transport
- streamable_http
- Protocol version
- 2025-03-26
- HTTP methods
- GET, POST
- Scopes supported
- mcp:read, mcp:write, org:read, project:read, workspace:read
OAuth discovery
MCP clients discover OAuth endpoints via RFC 8414 authorization server metadata and RFC 9728 protected resource metadata.
Authorization server:
<<api-base-url>/.well-known/oauth-authorization-server/v1/orgs/{org_id}/projects/{project_id}>Protected resource:
<<api-base-url>/.well-known/oauth-protected-resource/v1/orgs/{org_id}/projects/{project_id}/mcp>local dev onlyDynamic client registration (DCR) is only available in local development. In hosted/production deployments, use API key authentication instead.
Authentication
MCP connections support two authentication methods:
- OAuth (local dev only) — The client performs dynamic client registration (DCR) against the authorization server metadata endpoint, then follows the authorization code flow with PKCE. This method requires DCR to be enabled and is not available in hosted deployments.
- API key — Send a
Bearertoken in theAuthorizationheader. Create keys from the/accountAPI Keys tab. Scopes required:mcp:readand at least one domain read scope (e.g.workspace:read) to expose tools.
Client configuration example
{
"mcpServers": {
"awf-cloud": {
"type": "http",
"url": "<api-base-url>/v1/orgs/{org_id}/projects/{project_id}/mcp",
"headers": {
"Authorization": "Bearer <your-api-key>"
}
}
}
}