Reference
MCP Endpoints
Unified MCP endpoint and per-provider MCP proxy (Streamable HTTP).
Endpoint Map
| Method | Path | Auth | Purpose |
|---|---|---|---|
POST | /api/v1/mcp/mcp | Flexible auth | Unified MCP JSON-RPC endpoint |
GET | /api/v1/mcp/mcp | Flexible auth | Unified session resumption (requires Mcp-Session-Id) |
DELETE | /api/v1/mcp/mcp | Flexible auth | Unified session termination |
POST | /api/v1/mcp-proxy/:providerId/mcp | Flexible auth | Direct per-provider MCP proxy |
GET | /api/v1/mcp-proxy/:providerId/mcp | Flexible auth | Per-provider session resumption |
DELETE | /api/v1/mcp-proxy/:providerId/mcp | Flexible auth | Per-provider session termination |
Flexible auth supports JWT, gk_ API key (+ JWT or X-User-Id), and art_ runtime token.
Unified MCP (/api/v1/mcp/mcp)
Supported JSON-RPC methods:
initializenotifications/initializedtools/listtools/callping
Optional query parameter:
providers=id1,id2to constrain tool listing/calling to specific providers
Example: tools/list
POST /api/v1/mcp/mcp
Authorization: Bearer <jwt>
Content-Type: application/json
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/list",
"params": {}
}Example: tools/call
POST /api/v1/mcp/mcp
X-Api-Key: gk_xxx
X-Agent-Id: <agent-id>
X-User-Id: <end-user-id>
Content-Type: application/json
{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/call",
"params": {
"name": "slack_send_message",
"arguments": { "channel": "#ops", "text": "hello" }
}
}Per-Provider MCP Proxy (/api/v1/mcp-proxy/:providerId/mcp)
Use this when the caller already knows the provider.
- Same Streamable HTTP transport behavior (
POST/GET/DELETE) - Same policy pipeline for
tools/call - Provider-level ACL is checked before forwarding
Policy Behavior for tools/call
- Provider access ACL check
- Tool policy evaluation
- Decision:
allow: forwarded upstreamdeny: JSON-RPC error returned (403)require_confirmation: connection held until confirmation resolves
Session Headers
For Streamable HTTP sessions, send/receive Mcp-Session-Id.