MCP JSON-RPC endpoint
A single endpoint speaking JSON-RPC 2.0 (one request envelope per
call; batch payloads are rejected). It exposes MCP tools grouped as
analytics.*, flows.*, and connections.*. Authenticated by a scoped
personal access token (Bearer cfp_…); each tool is gated by the
intersection of the user’s ACL, the token’s mcp:* scopes, and tenant
row-level security.
Negotiate the protocol revision with the MCP-Protocol-Version request
header (echoed on the response). A request without an id is a
notification and receives an empty 202. JSON-RPC application errors are
returned as a normal 200 carrying an error member.
This page documents only the transport envelope. For the full method and tool catalog see the MCP API reference: reference/mcp-api.md.
Authorizations
Scoped personal access token (cfp_…), validated by the stateless
mcp and api_v2 firewalls. The effective permission is the
intersection of the user's ACL, the token's scopes, and tenant
isolation. The MCP gateway requires the matching mcp:* tool scope;
the /api/v2/* surface (including the Config read API) additionally
requires the api:full scope and an admin owner.
Headers
Requested protocol revision; the negotiated value is echoed on the response.
Body
Response
JSON-RPC response envelope. Carries result on success or error
on an application-level failure (including framing/auth failures,
which use a null id).