Begin connecting an external MCP server
Starts the OAuth connection flow for an external (non-Narrative) MCP server and returns the URL the user must visit to grant access.
What this endpoint actually does
- Discovers the server’s OAuth protected-resource + authorization-server metadata.
- Verifies the authorization server supports the
S256PKCE method (400 otherwise). - Dynamically registers a client with the authorization server (RFC 7591). Servers that don’t advertise a registration endpoint return 400 — they can’t be connected this way.
- Persists a
pendingconnection (one row percompany_id+user_id+url; re-connecting the same server replaces the previous row) and builds the authorization URL with PKCE and a one-timestate.
No tokens exist yet. The user opens authorization_url, consents, and the authorization server
redirects their browser to GET /mcp-connections/callback, which completes the exchange and
flips the connection to connected.
Once connected, reference the connection by connection_id from an agent run’s
mcp_servers[].connection_id to have the platform attach the (server-side, auto-refreshed)
bearer to that server’s tool calls.
Permission
agent_conversations resource with write verb.
Example
{
"url": "https://huggingface.co/mcp",
"alias": "huggingface"
}
Common 400 errors
| Cause | Detail |
|---|---|
| Invalid server URL | url is not an absolute http(s) URL |
| Invalid alias | alias is empty, over 64 chars, or contains a dash / other non-[A-Za-z0-9_] char |
| Unsupported PKCE method | the authorization server advertises PKCE methods but not S256 |
| Dynamic client registration unsupported | the server advertises no registration endpoint |
| External MCP OAuth error | discovery / registration against the external server failed |
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
Body for POST /mcp-connections. Names the external MCP server to connect and the alias its
tools will be exposed under inside an agent run.
Absolute http(s) URL of the external MCP server. The server must advertise OAuth
protected-resource metadata, an authorization server that supports Dynamic Client
Registration (RFC 7591), and the S256 PKCE method. Servers that only support
pre-registered clients cannot be connected this way.
"https://huggingface.co/mcp"
Short routing prefix for this server's tools. 1–64 characters of [A-Za-z0-9_] — no
dashes (the dash is the {alias}-{tool} routing separator used at tool-call time).
64^[A-Za-z0-9_]+$"huggingface"
Response
Pending connection created. Returns the connection_id and the authorization_url the
user must visit to authorize.
Response for POST /mcp-connections. The connection is persisted in pending status; the
user must visit authorization_url in a browser to grant access. On consent the external
authorization server redirects back to GET /mcp-connections/callback, which finishes the
exchange and flips the connection to connected.
Id of the pending connection. Reference it from an agent run once it is connected.
"b3f1c2a4-5d6e-47f8-9a0b-1c2d3e4f5a6b"
The external authorization server's consent URL, with client_id, redirect_uri,
state, the PKCE code_challenge (S256), and the resource indicator already applied.
Open it in a browser to authorize the connection.
"https://huggingface.co/oauth/authorize?response_type=code&client_id=...&code_challenge_method=S256&state=..."

