Connect via MCP
Point any MCP-capable AI client at the hosted Snooplytics MCP server and drive the platform over OAuth — no token to paste.
5 min readSnooplytics runs a hosted, remote Model Context Protocol (MCP) server. Point an MCP-capable client at one URL, sign in once, and your agent can create monitoring projects, manage your organization, and run briefings through the same API the dashboard uses. The server is an OAuth 2.1 resource server — you authorize in the browser, so there is no API key to copy or store.
You need: a Snooplytics account and an MCP-capable client (Claude Desktop, Claude Code,
Cursor, VS Code, or anything that speaks MCP over HTTP). The MCP endpoint is
https://mcp.snooplytics.com.
The server URL
Add this server to your client. On first use the client opens a browser window for you to sign in and authorize — the OAuth 2.1 + PKCE handshake (discovery, dynamic registration, token exchange) happens automatically.
{
"mcpServers": {
"snooplytics": {
"url": "https://mcp.snooplytics.com"
}
}
}MCP does not accept tkn_ personal access tokens. PATs are for the REST API only (sent on the
X-Api-Key header). The MCP server authenticates with an OAuth access token that the client
obtains for you. If you put a PAT in the Authorization header, the server returns 401.
Add the server to your client
Claude (Desktop & claude.ai)
Open Settings → Connectors → Add custom connector, give it a name (e.g. Snooplytics), and
paste the server URL:
https://mcp.snooplytics.comClaude prompts you to sign in and authorize on first use. The Snooplytics tools then appear in the connector list.
Claude Code
Add the server from the CLI as a streamable-HTTP transport:
claude mcp add --transport http snooplytics https://mcp.snooplytics.comRun /mcp inside Claude Code to trigger the browser sign-in, then confirm the server shows as
connected.
Cursor
Add it to your project's .cursor/mcp.json (or the global ~/.cursor/mcp.json):
{
"mcpServers": {
"snooplytics": {
"url": "https://mcp.snooplytics.com"
}
}
}Open Settings → MCP, confirm the server is listed, and complete the sign-in when prompted.
VS Code
Register the server with the CLI:
code --add-mcp '{"name":"snooplytics","url":"https://mcp.snooplytics.com"}'Or add it to .vscode/mcp.json using the same shape as the Cursor example above.
Other clients (mcp-remote fallback)
Clients that only speak stdio can bridge to the remote server with mcp-remote:
{
"mcpServers": {
"snooplytics": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.snooplytics.com"]
}
}
}Authentication & sessions
The server implements OAuth 2.1 + PKCE with dynamic client registration (RFC 7591) and exposes protected-resource metadata (RFC 9728), so compliant clients discover everything they need from the URL alone.
- Discovery:
GET https://mcp.snooplytics.com/.well-known/oauth-protected-resourcereturns the authorization server (https://api.snooplytics.com/api/auth). - Token: the client runs the OAuth flow in your browser and sends
Authorization: Bearer <jwt>on every call. - Sessions last 1 hour. A
401always carries aWWW-Authenticate: Bearer …header pointing at the resource-metadata URL, so clients re-authorize automatically. - Request bodies are capped at 1 MB.
Available tools
The MCP server exposes the external API surface as tools, grouped below. The live, always-current
list is whatever your client's tools/list returns — treat that as the source of truth and follow
the linked references for full arguments and responses.
| Group | Example tools | Reference |
|---|---|---|
| Projects & briefings | list_user_projects, create_project, run_project_briefing, get_project_briefing | Projects |
| Organizations & members | list_user_organizations, create_organization, create_organization_invites, update_organization_member_role | Organizations |
| SSO & MFA | get_organization_sso_config, update_organization_mfa_settings, discover_sso, complete_sso_auth | Enterprise SSO |
| Billing & credits | create_checkout_session, create_credits_checkout_session, get_subscription_usage, create_billing_portal_session | Payments |
| API keys | create_api_key, list_api_keys, update_api_key, delete_api_key | API Keys |
| User & account | get_current_user, update_current_user, export_user_data, get_login_history | User |
Set organization context first. Most tools are scoped to an organization. Call
get_current_user, then list_user_organizations to pick the target org, before running
org-scoped tools — skipping this is the most common first-run error
(TENANT_CONTEXT_MISSING).
Use the Snooplytics skill
The Snooplytics product skill packages everything an agent needs to drive the platform — connection rules, org-context flow, pagination and response-envelope conventions, tool disambiguation, and step-by-step workflows. Install it alongside the MCP server for far fewer first-run mistakes.
- Download the bundle: snooplytics-skill.zip
- View the source: SKILL.md · workflows.md
To install in Claude Code, unzip into your skills directory:
mkdir -p ~/.claude/skills
unzip snooplytics-skill.zip -d ~/.claude/skills
# → ~/.claude/skills/product/SKILL.mdFor claude.ai, upload the unchanged snooplytics-skill.zip in Settings → Capabilities →
Skills.
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
401 Unauthorized | No token, expired session, or a tkn_ PAT on the MCP server | Re-run the client's sign-in; MCP needs an OAuth token, not a PAT |
TENANT_CONTEXT_MISSING / NOT_ORGANIZATION_MEMBER | Called an org-scoped tool without choosing an org | Run list_user_organizations and pass that org's id |
429 Too Many Requests | Rate limit hit | Honor Retry-After; default budget is 500 req / 15 min per IP |
| Client can't connect | Wrong URL or stdio-only client | Use https://mcp.snooplytics.com; bridge stdio clients with mcp-remote |
Best Practices
- Let the client handle OAuth: Never paste tokens into MCP config — the browser sign-in is the supported path and keeps credentials out of files.
- Pick the org once per session: Resolve the organization id early and reuse it; most failures trace back to missing org context.
- Prefer MCP for agents, REST for CI: Interactive agents authorize via OAuth; headless automation uses a scoped
tkn_PAT on the REST API. - Ship the skill with the server: The skill encodes the conventions (
offset/limitpagination, the response envelope, verify-after-checkout) that agents otherwise learn by failing.
Next Steps
- Authenticate the REST way too: Follow Quick Start to issue a PAT for headless automation.
- Choose scopes intentionally: Review Scopes & Permissions before issuing tokens.
- Browse the surface: Start at the Projects reference to see what the tools wrap.
Related Pages
Introduction
How the API is structured, how authentication works, and how multi-tenant requests are scoped
Quick Start
Sign in, issue a Personal Access Token, and make your first authenticated call
API Structure
Request headers, response envelope, pagination, and the query conventions shared by every endpoint
Error Handling
Error envelope, full code list, and the retry strategies that actually work