Skip to main content
POST
Begin connecting an external MCP server

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

Body for POST /mcp-connections. Names the external MCP server to connect and the alias its tools will be exposed under inside an agent run.

url
string<uri>
required

Absolute http(s) URL of the external MCP server. The server must advertise OAuth protected-resource metadata, an authorization server that supports Dynamic Client Registration (RFC 7591), and the S256 PKCE method. Servers that only support pre-registered clients cannot be connected this way.

Example:

"https://huggingface.co/mcp"

alias
string
required

Short routing prefix for this server's tools. 1–64 characters of [A-Za-z0-9_] — no dashes (the dash is the {alias}-{tool} routing separator used at tool-call time).

Maximum string length: 64
Pattern: ^[A-Za-z0-9_]+$
Example:

"huggingface"

Response

Pending connection created. Returns the connection_id and the authorization_url the user must visit to authorize.

Response for POST /mcp-connections. The connection is persisted in pending status; the user must visit authorization_url in a browser to grant access. On consent the external authorization server redirects back to GET /mcp-connections/callback, which finishes the exchange and flips the connection to connected.

connection_id
string<uuid>
required

Id of the pending connection. Reference it from an agent run once it is connected.

Example:

"b3f1c2a4-5d6e-47f8-9a0b-1c2d3e4f5a6b"

authorization_url
string<uri>
required

The external authorization server's consent URL, with client_id, redirect_uri, state, the PKCE code_challenge (S256), and the resource indicator already applied. Open it in a browser to authorize the connection.

Example:

"https://huggingface.co/oauth/authorize?response_type=code&client_id=...&code_challenge_method=S256&state=..."