Supported clients
| Client | Transport | Auth method | Bridge required? |
|---|---|---|---|
| Claude Desktop | stdio (via mcp-remote) | Bearer token | Yes - mcp-remote |
| Claude Code | Streamable HTTP (native) | OAuth (browser sign-in) or Bearer token | No |
| MCP Inspector | Streamable HTTP (native) | Bearer token | No |
| Cursor | stdio (via mcp-remote) | Bearer token | Yes - mcp-remote |
| Claude.ai web | Not yet supported | n/a | n/a |
| ChatGPT custom connector | Streamable HTTP (native) | Bearer token | No |
| Windsurf / Cline / Continue | Streamable HTTP (if supported) | Bearer token | No |
| Gemini CLI | Not yet verified | n/a | n/a |
Claude.ai web (claude.ai) does not currently support custom MCP connectors. Claude Desktop and Claude Code are the recommended clients for both technical and non-technical users.
Endpoint
https://api.xplenty.com/YOUR_ACCOUNT_ID/api/mcp.
Why
api.xplenty.com instead of integrate.io? The Integrate.io API still runs at api.xplenty.com - this is expected and normal. The domain predates the Integrate.io rebrand. Your dashboard URL (dashboard.xplenty.com) and the API URL both work correctly.Authorization header. The token must belong to a user with access to the account named in the URL. Cross-account requests return 403 Forbidden.
Prerequisites
- Reach out to the Integrate.io team to enable this for your account.
- A way to authenticate. You have two options:
- OAuth browser sign-in (easiest) - supported clients like Claude Code authenticate interactively, no token to manage. See Connecting with OAuth.
- A Personal Access Token (PAT) - a long-lived bearer token for clients that need a static credential (Claude Desktop manual config, MCP Inspector, curl). The recommended way to mint one is Connected Applications in the dashboard (see Step 1).
- An MCP-capable client. The setup below covers Claude Desktop 0.7.0 or later (0.10 or later for the one-click extension), Claude Code, and the MCP Inspector.
Connecting with OAuth (browser sign-in)
The easiest way to connect a client that supports OAuth (such as Claude Code) is to skip the token entirely and authenticate in your browser. The client registers itself, sends you to a consent screen, and stores the resulting credentials for you. There is nothing to copy or paste.Add the MCP server without a token
Point your client at the endpoint with no Replace
Authorization header. For Claude Code:YOUR_ACCOUNT_ID with your account subdomain or numeric id (the value in your dashboard URL).Start authentication
Run
/mcp in Claude Code and choose Authenticate for the integrateio server. Claude Code opens your browser to the Integrate.io consent screen. Sign in if you aren’t already.Authorize access
You’ll see an Authorize access screen naming the client and the account it’s connecting to:
Claude Code is requesting access to your Integrate.io account your-account via the MCP server. This will let it read and manage your pipelines, connections, and jobs in this account.Click Authorize. The browser hands the client back its credentials and you can close the tab. Skip ahead to Step 3: Verify the connection.
What OAuth grants
- Access is account-wide with the same permissions as the signed-in user - identical in scope to a Personal Access Token.
- Tokens are short-lived and refreshed automatically by the client, so you won’t be prompted again every couple of hours during normal use.
- The connection appears in Settings → Developer Settings → Connected Applications under the client’s name (e.g. “Claude Code”), alongside any Personal Access Tokens, so you can audit and revoke it in one place.
Revoking and re-authenticating
- Revoke: open Connected Applications, find the client, and click Revoke. Access stops immediately and the client must authorize again to reconnect.
- Re-authenticate: if you authorize the same client again, the new session replaces the previous one for that client name, so you won’t accumulate duplicate entries in Connected Applications. The consent screen still appears each time; that approval is the security checkpoint and is expected on every authorization.
Integrate.io uses the OAuth 2.1 Authorization Code flow with PKCE (S256), the same standard used by major SaaS MCP connectors. After you click Authorize, your browser returns to the client’s local callback (e.g.
http://localhost:…/callback) and shows a brief “Authentication Successful” page rendered by the client; that page comes from the MCP client, not from Integrate.io.Step 1: Get a Personal Access Token
If your client supports OAuth (e.g. Claude Code), you don’t need a token at all - use Connecting with OAuth instead. Personal Access Tokens are for clients that need a static bearer credential: Claude Desktop’s manual config, the MCP Inspector, curl, and scripts.
- Sign in to your dashboard and navigate to Settings → Developer Settings → Connected Applications. (Direct URL:
https://dashboard.xplenty.com/<your-account>/settings/developer/connected_applications) If you don’t see the Connected Applications link in the sidebar, contact Integrate.io support to request access. - Click + Create new connection.
- Give it a recognizable name (e.g. “Claude Desktop on Macbook”) and click Create token.
- The token is displayed once in a reveal modal. Click Copy before closing the modal. Integrate.io does not store the plaintext token and cannot show it again. If you lose it, revoke the connection and create a new one.
Why Connected Applications instead of an OAuth grant request?Connected Applications mint long-lived Personal Access Tokens (PATs) tied to a specific named integration. You don’t need to keep re-running an OAuth password-grant call every two hours, and you can revoke a token from the same page without affecting your dashboard session. Each connection appears in the list with its name, scope, and creation date, making it easy to audit which agent is connected to your account.A connection can be revoked at any time from the same page. The bearer token stops working immediately everywhere it’s pasted.
- PATs are account-wide and carry the same permissions as the user who created them.
- There is currently no option to create a read-only PAT or restrict a PAT to a subset of MCP tools. Contact Integrate.io support if you need scoped access.
- PATs have a 10-year lifetime by default. Treat them like passwords: store in a secrets manager, not in plain text.
- Token rotation: revoke the existing connection in Connected Applications and create a new one. Update your MCP client config with the new token.
Alternative: OAuth password grant (legacy)
If you can’t use Connected Applications (e.g., automation that must mint tokens programmatically without a logged-in user), you can still use the OAuth Resource Owner Password Credentials grant. These tokens expire after two hours, so you’ll need to refresh them regularly.access_token:
Step 2: Configure your MCP client
Claude Desktop (one-click extension)
The fastest way to connect Claude Desktop is to install the Integrate.io extension (.mcpb). The extension prompts you for your account subdomain and Personal Access Token at install time, so you never touch claude_desktop_config.json by hand.
Requires Claude Desktop 0.10 or later on macOS or Windows.
- In the Integrate.io dashboard, go to Settings → Developer Settings → Connected Applications.
- In the Quick install for Claude Desktop card, click Download Claude Desktop extension. The browser downloads
integrate-io-mcp.mcpb. - Open Claude Desktop and go to Settings → Extensions. Drag the downloaded
.mcpbfile onto that page. Claude Desktop opens the extension install dialog. - When prompted:
- Account Subdomain - your Integrate.io account subdomain or numeric id (the value in your dashboard URL).
- Personal Access Token - a PAT from Step 1. If you haven’t minted one yet, click + Create new connection on the Connected Applications page first.
- Click Install, then restart Claude Desktop (fully quit and reopen).
integrateio with the full tool list. Skip to Step 3 to verify.
On a staging Integrate.io account the same card serves
integrate-io-mcp.staging.mcpb and displays a Staging build badge. The staging extension only talks to api-staging.xplenty.com - it won’t work with a production PAT. Both extensions can be installed side by side - Claude Desktop treats them as separate integrations (integrate-io-mcp and integrate-io-mcp-staging).Updating or removing the extension
- Update: download the latest
.mcpbfrom the Connected Applications page and drag it onto Settings → Extensions again. The version field in the bundle increments on each release, so Claude Desktop treats it as an update rather than a duplicate. Your subdomain + token entered at first install are preserved. - Remove: go to Settings → Extensions in Claude Desktop, find Integrate.io in the list, and click the remove/uninstall control. Optionally revoke the underlying Personal Access Token from Connected Applications in the Integrate.io dashboard.
Claude Desktop (manual config)
If you can’t install the extension - corporate policy, an older Claude Desktop, or you’d rather hand-edit the config - edit your Claude Desktop configuration file directly:- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
mcpServers. Claude Desktop speaks MCP over stdio only, so the snippet uses mcp-remote as a thin bridge to the remote HTTP endpoint:
YOUR_ACCOUNT_ID with your account subdomain or numeric id and YOUR_ACCESS_TOKEN with the value from Step 1, then restart Claude Desktop (Cmd+Q on macOS - fully quit and reopen; reloading the window isn’t enough).
Claude Code
Claude Code has native HTTP MCP support, so no bridge is needed. Run:MCP Inspector
The MCP Inspector has a native UI for ad-hoc debugging. Launch it:- Transport: Streamable HTTP
- URL:
https://api.xplenty.com/YOUR_ACCOUNT_ID/api/mcp - Headers:
Authorization: Bearer YOUR_ACCESS_TOKEN
tools/list and tools/call directly and view the JSON-RPC response.
Cursor
Cursor uses the same stdio-only MCP transport as Claude Desktop. Use the samemcp-remote bridge - edit ~/.cursor/mcp.json (or per-workspace .cursor/mcp.json) with the JSON snippet above.
Other MCP clients
Anything that supports the Streamable HTTP MCP transport natively can hithttps://api.xplenty.com/YOUR_ACCOUNT_ID/api/mcp directly with an Authorization: Bearer <token> header, no bridge needed. Stdio-only clients need mcp-remote (or an equivalent stdio/HTTP bridge) to talk to the endpoint.
Step 3: Verify the connection
In Claude Desktop, type/mcp in the chat input. You should see integrateio listed with all 32 tools available. Try a prompt such as:
List the workspaces in my Integrate.io account.Claude invokes
tools/call with list_workspaces and returns the response payload.
What you can do with it
These are real prompts you can type into Claude (or any connected AI assistant) once the MCP server is configured:| Natural-language prompt | Tools invoked |
|---|---|
| ”My Salesforce sync just failed - what broke?” | explain_job_failure |
| ”Show me all packages that haven’t run successfully this week” | list_runs with status filter |
| ”Clone the Salesforce to Snowflake package into a new workspace for testing” | clone_package |
| ”Which schedules are currently disabled?” | list_schedules with enabled: false |
”Preview the first 20 rows of the orders table on our production DB connection” | preview_data |
Available tools
The server registers 32 tools, grouped by what they do. Read-only tools inspect account state without side effects. Mutating tools create, modify, or run packages and jobs - flagged below. For a deep dive on the package-authoring tools (create_package, list_component_types, describe_component_type, add_package_components, update_package_components, update_package_edges, remove_package_components, rename_package, manage_package_variables, delete_package), see Creating packages with MCP tools.
Account inventory (read-only)
| Tool | Description |
|---|---|
list_workspaces | Lists workspaces in the account with package_count, last_failed_jobs_count, and last_completed_jobs_count. Recommended starting point for AI assistants. |
list_packages | Lists packages (ETL pipeline definitions). Filterable by flow_type (dataflow or workflow), status (active or archived), and workspace_id. Includes last_run_status. |
get_package | Returns a single package by package_id with a curated data flow graph summary (component count, edge count, component-type tally, variables count). Set include_full_graph: true to return the full data_flow_json blob. |
list_connections | Lists database and cloud-storage connections. Returns id, name, type, and status only. Optional connection_type_filter. |
get_connection | Returns details for a single connection by connection_id. Includes non-credential identifying fields such as host, port, database, and tunnel_type, plus suggested_components mapping the connection’s vendor to the right source/destination component type (e.g. a Snowflake connection suggests snowflake_destination_component rather than the generic database one). |
list_clusters | Lists compute clusters with status, type, nodes, region, lifecycle timestamps, and terminate_on_idle. Filter by status. |
search_all | Free-text search across connections, packages, clusters, and workspaces, backed by Elasticsearch. Narrow with types and cap per-type hits with per_type_limit (default 10, max 50). |
list_component_types | Lists every component registered in the platform catalog (sources, transformations, destinations). Each entry includes the internal name, category, class_name, header docstring, and the wrapper_key plus specific_component_type needed to build a valid data_flow_json. Optional category filter. |
describe_component_type | Returns property-level detail for one component type: writable attributes (properties), presence-validated attributes (required), header docstring, optional fixture example, and a wrapper_example showing the exact JSON shape. Pair with list_component_types. |
Run inspection (read-only)
| Tool | Description |
|---|---|
list_runs | Lists recent job runs with status, started_at, completed_at, runtime_in_seconds, cluster_id, package_id, and last_error for failed runs. Filter by package_id or status. Excludes child retries by default. |
get_run | Returns a single run by run_id plus a redacted log tail. Use log_tail_lines to control how many trailing lines to return (default 20, max 200). |
explain_job_failure | Returns the run’s primary error, a redacted log tail, programmatic error-pattern detection (FATAL, ERROR, exception, auth, connection, schema), and heuristic next-step suggestions. Use log_tail_lines to control tail size (default 50, max 200). |
Schedule inspection (read-only)
| Tool | Description |
|---|---|
list_schedules | Lists schedules in the account with name, package_id, cron, next_run_at, and enabled. Filter by package_id or enabled. |
get_schedule | Returns one schedule by schedule_id with its full cron expression, variables, and timing metadata. |
Pipeline diagnostics (read-only)
| Tool | Description |
|---|---|
validate_package | Runs the same synchronous validation the web UI does: structural check plus a JMS script validation. Returns a per-component error list. Each call creates a JobValidation record and typically takes ~5 seconds. |
discover_schema | Lists tables available through a database connection. Optional schema_name, limit, offset, and search arguments. Only works for database connection types. |
discover_file_schema | Detects the columns of a delimited file (CSV, TSV, and similar) on a cloud-storage or SFTP connection. Use this to learn a file’s columns before wiring a Select component or destination. Required connection_id and path; optional delimiter, header_row, record_type, record_delimiter, char_encoding, bucket, lines, quote, escape. Returns field_count, column_names, and the importer’s raw fields for direct use in a source component’s schema.fields. |
preview_data | Returns column metadata plus a small sample of rows from a database table. Optional schema_name, row_count (default 20, max 200), and where_clause (single fragment; semicolons and SQL comment markers are rejected). |
test_connection | Actively pings a connection’s upstream system. Returns success: true/false with an error_message on failure. Optional connection_type disambiguates when the same id exists in both the database and cloud-storage connection tables. |
Pipeline mutations (write - agent edits the package itself)
| Tool | Description |
|---|---|
create_package | Creates a new package atomically from a full data_flow_json spec. Requires name, flow_type, components, edges. Optional workspace_id (defaults to unassigned), description, flow_version (defaults to 2.0.0). Component and edge ids are auto-generated when omitted. Returns the new package_id. |
clone_package | Duplicates an existing package by package_id into a new package with optional name and workspace_id overrides. Returns the new package_id. |
update_package_components | Edits specific components within a package’s data_flow_json. Each entry is { component_name, updates }; nested hashes are deep-merged. All-or-nothing semantics: if any component_name isn’t found, no writes happen. Bumps the package version via PaperTrail; reversible via the existing UI history. |
update_package_edges | Replaces a package’s edges array wholesale. Pre-validates that every edge’s source and target resolves to a component id in the current package — any unknown reference rejects the whole call with no partial writes. Bumps the package version via PaperTrail. |
remove_package_components | Removes one or more components from a package’s flow by name. All-or-nothing: if any name is not found, the whole call is rejected. Edges incident to a removed component are dropped at the same time so the package never carries dangling edges. Row-locked, version-bumped via PaperTrail. |
rename_package | Updates a package’s name and optional description. Metadata-only. data_flow_json is left untouched. Recorded in the package version history. |
manage_package_variables | Defines, updates, or removes a package’s public variables (the named defaults a package exposes). Accepts set (a hash of { name => default } to add or update) and/or remove (an array of variable names to delete). Row-locked partial update; secret variables stay UI-only. |
delete_package | Archives a package (soft delete). Mirrors the dashboard’s Archive action — the Job row is preserved with status archived and remains queryable via list_packages(status: 'archived'). Rejected if an active schedule still references the package. |
Schedule mutations (write)
| Tool | Description |
|---|---|
toggle_schedule | Enables or disables a schedule by schedule_id. Set enabled: true or enabled: false. |
Execution + recovery (write)
| Tool | Description |
|---|---|
run_package | Submits a package for execution and returns the run_id immediately (doesn’t wait for completion). Poll status via get_run. Optional cluster_id, variables, and dynamic_variables. |
cancel_job | Cancels a currently-running job by run_id. Idempotent - calling on an already-finished job returns the current status without erroring. |
retry_job | Retries a failed job by run_id, optionally on a different cluster_id. Creates a new run; the original run is preserved for history. |
validate_package, discover_schema, preview_data, test_connection, run_package) cause real network calls to JMS, the schema-importer, or your upstream systems. Use them sparingly.
Safety, audit, and read-only mode
Audit trail: All writes made through the MCP server are captured in your account’s audit history via PaperTrail. Changes made byupdate_package_components are versioned and reversible through the existing package version history UI.
Running in read-only posture: If you want to connect an AI assistant with no write access, limit your prompts to the read-only tools (list_*, get_*, search_all, explain_job_failure, validate_package, discover_schema, discover_file_schema, preview_data, test_connection). There is currently no server-side mechanism to restrict a token to read-only tools. This is a client-side discipline for now. Contact Integrate.io support if you need a scoped token.
Procurement checklist:
- All MCP-driven changes appear in the PaperTrail audit log.
- Tokens can be revoked instantly from Settings → Developer Settings → Connected Applications.
- No credentials, TLS certificates, or SSL keys are ever returned by any tool.
Recommended first prompts
Use these prompts to explore your account and test the integration. They use read-only tools only, so they are safe for production accounts.| Goal | Prompt to type |
|---|---|
| Orient yourself | ”List the workspaces in my Integrate.io account and summarize the health of each one.” |
| Find recent failures | ”Show me all jobs that failed in the last 24 hours and summarize the most common errors.” |
| Diagnose a specific failure | ”Explain why run ID 123456 failed and suggest how to fix it.” |
| Audit active schedules | ”List all enabled schedules and tell me which packages run most frequently.” |
| Explore a connection | ”What tables are available on the production-postgres connection?” |
Example: Calling a tool with curl
You can also call the endpoint directly. The body is a JSON-RPC 2.0 request.explain_job_failure with the run id:
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
401 Unauthorized | Missing or expired token | Mint a new token in Step 1. If you’re using an OAuth password-grant token, remember those expire after 2 hours. Switch to a Connected Application PAT for a long-lived token. |
OAuth sign-in never opens a browser, or SDK auth failed: HTTP 500 trying to load OAuth metadata | The MCP feature isn’t enabled for your account, or the client cached a failed discovery attempt | Confirm the feature is enabled (contact Integrate.io support). Then remove and re-add the server (claude mcp remove integrateio then re-add), and run /mcp → Authenticate again. |
After authorizing, the browser shows a localhost “Authentication Successful” page | Expected - that page is served by your MCP client’s local callback, not by Integrate.io | Nothing to fix. Close the tab and return to your client. |
401 Unauthorized after revoking a Connected Application | The connection was deleted from Settings → Developer Settings → Connected Applications | Create a new connection from that page and update your client config. Revocation takes effect immediately. |
403 PTP MCP server is not enabled for this account | Feature is off for your account | Contact Integrate.io support to enable the feature. |
403 Forbidden | Token belongs to a user without access to the account in the URL | Use a token for a user who is a member of the target account. |
404 Not Found | Wrong account id in URL | Use the account id or subdomain from your Integrate.io dashboard URL. |
{"error":{"code":-32600,...}} | Malformed JSON-RPC body | Verify the request body matches the JSON-RPC 2.0 shape. |
{"error":"connection not found, or not a database connection"} | Called discover_schema or preview_data against a cloud-storage or SaaS connection | These tools support database connections only. Use get_connection to confirm the type. |
Dragging the .mcpb onto Claude Desktop does nothing - no install dialog appears | A previous manualmcpServers entry in claude_desktop_config.json targets the same backend, so Claude Desktop sees the integration as already configured and silently no-ops | Quit Claude Desktop, remove the old mcpServers entry from claude_desktop_config.json (location in the manual-config section above), reopen, then drag the .mcpb again. |
Dragging the .mcpb opens the install dialog, but installation appears to do nothing | Older Claude Desktop versions (< 0.10) don’t render .mcpb install dialogs reliably | Update Claude Desktop to 0.10 or later (Settings → About → Check for Updates), then retry. |
Extension installs but the integrateio integration isn’t visible in the MCP picker | Restart was skipped, or Claude Desktop is using a cached MCP picker state | Fully quit Claude Desktop (Cmd+Q on macOS, not just window-close), wait 3 seconds, reopen. The integration should now appear. |
Extension installs but every tool call returns 401 Unauthorized | Wrong Personal Access Token entered at install time, or the PAT was revoked since install | Open Settings → Extensions → Integrate.io in Claude Desktop and re-enter the token. If you don’t have one, mint a fresh PAT from Connected Applications in the dashboard first. |
Staging build extension can’t reach the production account | The staging extension only talks to api-staging.xplenty.com | Install the production extension instead (downloaded from the production dashboard at https://dashboard.xplenty.com/...). The two extensions can coexist on the same machine. |