> ## Documentation Index
> Fetch the complete documentation index at: https://docs.narrative.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Begin connecting an external MCP server

> Starts the OAuth connection flow for an external (non-Narrative) MCP server and returns the
URL the user must visit to grant access.

## What this endpoint actually does

1. Discovers the server's OAuth protected-resource + authorization-server metadata.
2. Verifies the authorization server supports the `S256` PKCE method (400 otherwise).
3. Dynamically registers a client with the authorization server (RFC 7591). Servers that don't
   advertise a registration endpoint return 400 — they can't be connected this way.
4. Persists a `pending` connection (one row per `company_id` + `user_id` + `url`; re-connecting
   the same server replaces the previous row) and builds the authorization URL with PKCE and a
   one-time `state`.

No tokens exist yet. The user opens `authorization_url`, consents, and the authorization server
redirects their browser to `GET /mcp-connections/callback`, which completes the exchange and
flips the connection to `connected`.

Once `connected`, reference the connection by `connection_id` from an agent run's
`mcp_servers[].connection_id` to have the platform attach the (server-side, auto-refreshed)
bearer to that server's tool calls.

## Permission

`agent_conversations` resource with `write` verb.

## Example

```json
{
  "url": "https://huggingface.co/mcp",
  "alias": "huggingface"
}
```

## Common 400 errors

| Cause | Detail |
|---|---|
| Invalid server URL | `url` is not an absolute `http(s)` URL |
| Invalid alias | `alias` is empty, over 64 chars, or contains a dash / other non-`[A-Za-z0-9_]` char |
| Unsupported PKCE method | the authorization server advertises PKCE methods but not `S256` |
| Dynamic client registration unsupported | the server advertises no registration endpoint |
| External MCP OAuth error | discovery / registration against the external server failed |



## OpenAPI

````yaml https://docs-cdn.narrative.io/api-reference/main/openapi.json post /mcp-connections
openapi: 3.1.1
info:
  contact:
    email: support@narrative.io
    name: Narrative Support
    url: https://www.narrative.io
  termsOfService: https://www.narrative.io/legal/terms-of-service
  x-logo:
    url: >-
      https://cdn.narrative.io/images/company-logos/prod/narrative-logo-text-white.svg
    backgroundColor: rgb(9, 34, 166)
    altText: Narrative Logo
  description: >-
    The [Narrative Data Collaboration Platform](https://app.narrative.io) API is
    organized around REST. Our API has predictable resource-oriented URLs,
    accepts form-encoded request bodies, returns JSON-encoded responses, and
    uses standard HTTP response codes, authentication, and verbs.



    The current version is a pre-release beta.  It may result in unexpected
    behavior and there may be breaking changes in future releases up to the 1.0
    release.
  title: Narrative Data Collaboration Platform API
  version: 2.4.x
servers:
  - url: https://api-dev.narrative.io
  - url: https://api.narrative.io
security: []
tags:
  - name: Access Rules
    description: >-
      Access rules let data providers control who can purchase their data and
      the terms of purchase.


      The `access-rules` API allows you to manage access rules for your
      datasets.


      Related guides:
        - [What is an access rule?](https://kb.narrative.io/access-rules)
  - name: Agent Conversations
    description: >-
      Build LLM-driven workflows that can call MCP tools, ask the caller for
      input, and return structured answers.


      A conversation pins a model, a system prompt, and a tool catalog. Each run
      sends the model a user message (or

      a batch of tool outputs from a previously-paused run); the model decides
      whether to answer directly, call a

      server-side tool (resolved by the platform via Model Context Protocol), or
      call a client-side tool (which pauses

      the run with `requires_action` and waits for the caller to reply).


      Related guides:
        - [Agent Conversations Reference](https://docs.narrative.io/reference/architecture/agent-conversations)
        - [Error catalog](https://docs.narrative.io/reference/architecture/agent-conversations/errors/conversation-not-found)
  - name: MCP Connections
    description: >-
      Connect external (non-Narrative) MCP servers so agent runs can call their
      tools with the

      calling user's own OAuth authorization.


      A connection is created interactively: `POST /mcp-connections` runs OAuth
      discovery and

      Dynamic Client Registration against the server and returns a consent URL;
      the user authorizes

      in a browser; the authorization server redirects to `GET
      /mcp-connections/callback`, which

      finishes the token exchange and marks the connection `connected`. Tokens
      are stored encrypted

      and used server-side — they are never returned by the API. Once connected,
      reference the

      connection by id from an agent run's `mcp_servers[].connection_id`.
  - name: App Invites
    description: >-
      App invites allow applications to create one-time, shareable links on
      behalf of their users. These links

      enable users to invite third parties who do not have a Narrative account
      to perform actions within the

      application.


      For example, a Narrative user can send an invite link to a third party who
      then completes a Pinterest

      OAuth flow and creates a connector profile in the inviter's account,
      allowing the inviter to deliver

      audience data to the third party's Pinterest account without the third
      party needing a Narrative account.


      This API is intended to be used by applications (via app client
      credentials) to create and manage invites

      on behalf of their users, which can then be shared with invitees.
  - name: Apps
    description: >-
      Apps are applications bundled with a UI that can perform various actions
      on behalf of a user utilizing the Narrative API.

      Related guides:
        - [Building a Narrative Native App](https://www.narrative.io/knowledge-base/how-to-guides/building-a-narrative-native-app)
  - name: Access Tokens
    description: API Access Token management
  - name: Attributes
    description: >-
      An attribute models a standardized data point available for sale on the
      Narrative marketplace.


      Narrative automatically turns data points from provider datasets into
      attributes so that buyers can purchase well-formed, standardized data from
      any supplier on the marketplace.
  - name: Auth
    description: >-
      API token is a crucial step for developers to securely authenticate
      requests to the Narrative API

      Related guides:
        - [How to Create an API Token](https://www.narrative.io/knowledge-base/how-to-guides/understanding-narratives-apis/create-an-api-token)
  - name: Authentication
    description: User login and registration
  - name: Billings
    description: Used by Narrative internally to bill customers
  - name: Companies
    description: A collection of employees
  - name: Company Marketing Information
    description: Useful information related to companies
  - name: Compute Pools
    description: >-
      Compute pools represent compute resources (e.g. Snowflake warehouses)
      provisioned within a data plane.

      Companies can manage and share compute pools, assign them to jobs, and set
      a default compute pool on data planes.
  - name: Connections
    description: Associations between connectors and datasets
  - name: Data Shops
    description: |-
      Self-hosted website to sell your data
      Related guides:
        - [Setting up your datashop](https://www.narrative.io/knowledge-base/how-to-guides/shop-builder/settting-up-your-data-shop)
  - name: Data Streams
    description: >-
      The `data-stream` API endpoints allows one to create and update
      data-streams. Additionally the endpoints allow

      finding data-streams using free text search. A few of the endpoints are
      behind authorization.


      Update endpoint allows a client to post an edited data-stream document as
      is, without having to change its shape.

      The API ensures that only certain fields are allowed to be modified.
      Attempts to modify fields not up for client

      modifications are ignored.


      Related guides:
        - [What is a data stream?](https://kb.narrative.io/what-is-a-data-stream)
  - name: Contracts
    description: Contracts related APIs
  - name: Datasets
    description: >-
      Any kind of data, in any schema, can be pushed into the Narrative Data
      Collaboration Platform as a dataset exactly as it is stored in your own
      system.


      The `datasets` API allows you to manage your datasets.
  - name: Destinations
    description: >-
      Destinations associate a subscription to a profile. Optionally, ad-hoc
      quick settings can be configured to a destination.

      Those quick settings have to match the format defined on the app manifest.
  - name: Installations
    description: Installations of Applications for a profile
  - name: Jobs
    description: >-
      Jobs represent an operation done on a given data plane. All jobs today are
      tied to a query that represents a forecast or a materialized view.


      The jobs API provides an interface for interacting with the jobs table,
      which stores various operations involving reading or writing data. This
      API allows users to retrieve detailed information about specific jobs,
      including cost forecasts, data forecasts, NQL forecasts and materialized
      views.
  - name: Mappings
    description: >-
      A mapping is a transformation from a dataset to an attribute. Defining a
      mapping between a dataset and an attribute makes the dataset eligible to
      participate in subscriptions where a buyer is purchasing the target
      attribute.
  - name: Model Inference
    description: Model Inference
  - name: Models
    description: >-
      Machine learning models for training and inference.


      Models can be stored in HuggingFace or Narrative repositories and have
      configurable

      collaborator permissions for training and inference access.


      The `models` API allows you to list, retrieve, and update models
      accessible to your company.
  - name: NQL
    description: >-
      Narrative Query Language (NQL) is a specialized, SQL-inspired language
      designed to query and manipulate data within the Narrative platform. While
      it looks and feels much like standard SQL, it offers extended
      functionality and syntax that let you leverage platform-specific
      features—such as referencing datasets by their IDs, creating materialized
      views, or generating forecasts—without having to manage the complexities
      of different query engines behind the scenes. NQL queries can ultimately
      compile down to multiple underlying engines (e.g., Snowflake, Spark) to
      execute your requests efficiently in the Narrative ecosystem.
  - name: Payment Methods
    description: Payment methods used to purchase data
  - name: Products
    description: Internal routes used to offer datastream as products
  - name: Profiles
    description: >-
      App profiles are associated with an installation. They represent a
      reference to a configuration that the app can use to save confidential
      information outside of Narrative's control.

      Profiles are currently used to configure settings for connector apps.
  - name: Resources
    description: >-
      Narrative gives you access to managed resources, like your own AWS S3
      bucket, so that you can effortlessly buy and sell data on the platform.


      The `resources` API allows you to manage your resources.
  - name: Schema Inference
    description: >-
      The `schema-inference` API analyzes submitted files to automatically infer
      and return their structure as a dataset schema.
  - name: Schema Presets
    description: >-
      The `schema-presets` API allows you to list the available schema presets,
      get detailed information about a specific one and manage its life cycle.


      You can create a schema preset from scratch or create one based on an
      existing one, administrators can create platform wide available (public)
      schema preset.
  - name: Subscriptions
    description: >-
      In the Narrative Data Collaboration Platform a subscription represents a
      set of rules dictating the commercial terms related to the licensing of
      data.


      The `subscriptions` API allows you to set and get information about
      `subscription` objects owned by the authenticated account.
  - name: Uploads
    description: >-
      The `uploads` API allows you to send files to Narrative and use them to
      perform tasks like creating a list or adding data to a dataset.
  - name: Usage
    description: >-
      The `usage` API enables the recording of usage events associated with a
      product.
  - name: Workflows
    description: >-
      The `workflows` API allows you to create, schedule, trigger, and archive
      workflows.

      Workflows are defined using a serverlessworkflow YAML specification.
paths:
  /mcp-connections:
    post:
      tags:
        - MCP Connections
      summary: Begin connecting an external MCP server
      description: >-
        Starts the OAuth connection flow for an external (non-Narrative) MCP
        server and returns the

        URL the user must visit to grant access.


        ## What this endpoint actually does


        1. Discovers the server's OAuth protected-resource +
        authorization-server metadata.

        2. Verifies the authorization server supports the `S256` PKCE method
        (400 otherwise).

        3. Dynamically registers a client with the authorization server (RFC
        7591). Servers that don't
           advertise a registration endpoint return 400 — they can't be connected this way.
        4. Persists a `pending` connection (one row per `company_id` + `user_id`
        + `url`; re-connecting
           the same server replaces the previous row) and builds the authorization URL with PKCE and a
           one-time `state`.

        No tokens exist yet. The user opens `authorization_url`, consents, and
        the authorization server

        redirects their browser to `GET /mcp-connections/callback`, which
        completes the exchange and

        flips the connection to `connected`.


        Once `connected`, reference the connection by `connection_id` from an
        agent run's

        `mcp_servers[].connection_id` to have the platform attach the
        (server-side, auto-refreshed)

        bearer to that server's tool calls.


        ## Permission


        `agent_conversations` resource with `write` verb.


        ## Example


        ```json

        {
          "url": "https://huggingface.co/mcp",
          "alias": "huggingface"
        }

        ```


        ## Common 400 errors


        | Cause | Detail |

        |---|---|

        | Invalid server URL | `url` is not an absolute `http(s)` URL |

        | Invalid alias | `alias` is empty, over 64 chars, or contains a dash /
        other non-`[A-Za-z0-9_]` char |

        | Unsupported PKCE method | the authorization server advertises PKCE
        methods but not `S256` |

        | Dynamic client registration unsupported | the server advertises no
        registration endpoint |

        | External MCP OAuth error | discovery / registration against the
        external server failed |
      operationId: createMcpConnection
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateMcpConnectionRequest'
      responses:
        '201':
          description: >-
            Pending connection created. Returns the `connection_id` and the
            `authorization_url` the

            user must visit to authorize.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpConnectionCreatedResponse'
        '400':
          description: >-
            Invalid request or the server can't be connected via DCR. See the
            common-causes table

            above.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RFCError'
        '401':
          description: Missing or invalid bearer token.
        '403':
          description: Token does not have `agent_conversations:write` permission.
      security:
        - BearerAuth: []
components:
  schemas:
    CreateMcpConnectionRequest:
      description: >-
        Body for `POST /mcp-connections`. Names the external MCP server to
        connect and the alias its

        tools will be exposed under inside an agent run.
      type: object
      required:
        - url
        - alias
      properties:
        url:
          type: string
          format: uri
          description: >-
            Absolute `http(s)` URL of the external MCP server. The server must
            advertise OAuth

            protected-resource metadata, an authorization server that supports
            Dynamic Client

            Registration (RFC 7591), and the `S256` PKCE method. Servers that
            only support

            pre-registered clients cannot be connected this way.
          example: https://huggingface.co/mcp
        alias:
          type: string
          maxLength: 64
          pattern: ^[A-Za-z0-9_]+$
          description: >-
            Short routing prefix for this server's tools. 1–64 characters of
            `[A-Za-z0-9_]` — no

            dashes (the dash is the `{alias}-{tool}` routing separator used at
            tool-call time).
          example: huggingface
    McpConnectionCreatedResponse:
      description: >-
        Response for `POST /mcp-connections`. The connection is persisted in
        `pending` status; the

        user must visit `authorization_url` in a browser to grant access. On
        consent the external

        authorization server redirects back to `GET /mcp-connections/callback`,
        which finishes the

        exchange and flips the connection to `connected`.
      type: object
      required:
        - connection_id
        - authorization_url
      properties:
        connection_id:
          type: string
          format: uuid
          description: >-
            Id of the pending connection. Reference it from an agent run once it
            is `connected`.
          example: b3f1c2a4-5d6e-47f8-9a0b-1c2d3e4f5a6b
        authorization_url:
          type: string
          format: uri
          description: >-
            The external authorization server's consent URL, with `client_id`,
            `redirect_uri`,

            `state`, the PKCE `code_challenge` (S256), and the `resource`
            indicator already applied.

            Open it in a browser to authorize the connection.
          example: >-
            https://huggingface.co/oauth/authorize?response_type=code&client_id=...&code_challenge_method=S256&state=...
    RFCError:
      description: >-
        RFC 7807 Problem Details. Returned with `Content-Type: application/json`
        for every

        4xx/5xx response on `/agents/*`.


        **Field semantics:**


        - `type` — stable URL to the docs page describing this error class.
        Treat it as the
          machine-readable identifier; the same URL is referenced by `RunError.docs_url` on
          failed runs. Optional on 500 errors that don't map to a documented class.
        - `title` — short human-readable summary.

        - `status` — HTTP status code echoed in the body (so clients that read
        only the body
          can still dispatch on status).
        - `detail` — request-specific detail. Includes which alias was
        malformed, which
          `tool_use_id` was missing, etc.
        - `instance` — the API surface group (`/agents` for all agent
        endpoints). Stable —
          it's the prefix you call, not the full path.
        - `log_id` — UUID correlated with server logs. Always include this when
        reporting an
          issue to support.
        - `debug` — usually `null`. Reserved for richer payloads in specific
        failure modes.


        Common error pages indexed by `type`:


        | HTTP | Common cause | Docs page |

        |------|--------------|-----------|

        | 400 | Bad request body, validation failure | various — see `type` |

        | 404 | Resource not found, or owned by a different company |
        `/conversation-not-found`, `/agent-run-not-found` |

        | 409 | Conversation version moved while you were preparing the run |
        `/version-conflict` |

        | 500 | Internal error (schema drift, workflow start failure) |
        `/invalid-stored-field`, `/workflow-start-failed` |
      type: object
      required:
        - title
        - status
        - log_id
      properties:
        type:
          type:
            - string
            - 'null'
          format: uri
          example: >-
            https://docs.narrative.io/reference/architecture/agent-conversations/errors/invalid-tool-alias
        title:
          type: string
          example: Invalid Tool Alias
        status:
          type: integer
          example: 400
        detail:
          type: string
          example: >-
            invalid tool aliases (must match ^[a-zA-Z][a-zA-Z0-9]{0,7}$):
            with_underscore
        instance:
          type: string
          example: /agents
        log_id:
          type: string
          format: uuid
          example: 1f6e5d4c-3b2a-1098-7654-3210fedcba98
        debug:
          type:
            - object
            - 'null'
      example:
        type: >-
          https://docs.narrative.io/reference/architecture/agent-conversations/errors/invalid-tool-alias
        title: Invalid Tool Alias
        status: 400
        detail: >-
          invalid tool aliases (must match ^[a-zA-Z][a-zA-Z0-9]{0,7}$):
          with_underscore
        instance: /agents
        log_id: 1f6e5d4c-3b2a-1098-7654-3210fedcba98
        debug: null
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer

````