Skip to main content
MCP (Model Context Protocol) servers add organization-managed tools that chats and agents can enable. Registration and management are dashboard-user operations.
These management endpoints use a signed-in [User] session, not an API key. Write operations require an administrative role; organization members with read access can list servers and inspect tools.

Endpoints

MethodPathDescriptionAuth
POST/mcp/serversRegister an MCP server[User]
GET/mcp/serversList organization MCP servers[User]
GET/mcp/servers/:id/toolsRead the discovered tool manifest[User]
POST/mcp/servers/:id/oauth/startStart server OAuth[User]
GET/mcp/servers/oauth/callbackComplete server OAuth[Public callback]
DELETE/mcp/servers/:idDelete a registration[User]

Register a server

POST /mcp/servers?org_id=ORG_ID
org_id
string
required
Organization that will own the registration.
name
string
required
Display name, up to 255 characters.
url
string
required
HTTP or HTTPS server URL. Production registrations must use HTTPS and cannot target private, loopback, or link-local addresses.
credentials
string
Optional credential value. AutoSage stores it encrypted and does not return it.
curl -X POST "$AUTOSAGE_URL/mcp/servers?org_id=ORG_ID" \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "name": "Internal tools",
    "url": "https://tools.example.com/mcp"
  }'
The response confirms registration. Tool discovery then runs asynchronously, so the tool manifest may be empty briefly after creation.

List servers

GET /mcp/servers?org_id=ORG_ID Returns the organization’s registrations without stored credentials.

Inspect discovered tools

GET /mcp/servers/:id/tools?org_id=ORG_ID Returns server_id, server_name, the cached tools manifest, and manifest_refreshed_at.

Configure OAuth

POST /mcp/servers/:id/oauth/start?org_id=ORG_ID Accepts an optional scope string and returns an authorization_url. Redirect the signed-in user to that URL. The provider returns through GET /mcp/servers/oauth/callback, where AutoSage exchanges the authorization code and refreshes tool discovery.
The callback is part of the browser authorization flow. Applications should start OAuth through the authenticated endpoint and follow the returned URL rather than constructing callback parameters themselves.

Delete a server

DELETE /mcp/servers/:id?org_id=ORG_ID Deletes the organization registration. Agents and chats can only enable server IDs that remain registered in the same organization.
MCP manifests and OAuth behavior vary by server. Use /swagger for current response schemas and the server provider’s documentation for its protocol details.

Next steps

Configure agents

Select registered MCP servers for an agent.

Chats API

Enable organization MCP servers on a chat.