Get the consent URL for per-user MCP server authorization

curl --request GET \
  --url https://{controlPlaneURL}/api/svc/v1/mcp/{mcpServerId}/authorize \
  --header 'Authorization: Bearer <token>'

{}

GET

api

svc

mcp

{mcpServerId}

authorize

Get the consent URL for per-user MCP server authorization

curl --request GET \
  --url https://{controlPlaneURL}/api/svc/v1/mcp/{mcpServerId}/authorize \
  --header 'Authorization: Bearer <token>'

{}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

mcpServerId

string

required

MCP server id (the id returned by GET /v1/mcp, not the name).

Example:

"mcp-01HXYZ..."

Query Parameters

gatewayBaseURL

string | null

Base URL of the MCP gateway (used as the resource indicator and to substitute {{mcpProxyBaseURL}} for the proxied MCP server URL). Defaults to the tenant's gateway-default installation URL when omitted.

Response

Per-subject auth status; the AUTHENTICATION_REQUIRED branch carries the consent URL to open.

MCPServerAuthStatusAuthenticated
MCPServerAuthorizeAuthRequired
MCPServerAuthStatusAuthNotRequired

status

enum<string>

required

Available options:

authenticated,

authentication_required,

authentication_not_required

method

enum<string> | null

Authentication source that satisfied this status.

Available options:

oauth,

auth-override

Disconnect a subject from an MCP server Get MCP server auth status for a subject

⌘I