MCP Server — AI Agent API Overview
The SimplerDevelopment portal exposes a Model Context Protocol (MCP) server that lets any MCP-compatible AI client — Claude Code, Claude Desktop, a custom agent — drive your portal programmatically. You can create and publish content, manage projects and CRM records, send campaigns, and more, all from inside your AI environment of choice.
Authentication reminder: See authentication.md for how to issue portal API keys and OAuth tokens. This page covers the transport layer, credential types, scopes, and the approval workflow.
Base URL#
POST https://simplerdevelopment.com/api/mcp
The endpoint accepts Streamable HTTP (stateless JSON-response mode). Each request is independent — there is no persistent session.
| Method | Behaviour |
|---|---|
POST | Send a JSON-RPC MCP request (including client-to-server notifications such as notifications/cancelled). |
GET | Returns 405 Method Not Allowed — SSE streaming is not supported on this endpoint. |
Authentication#
Every request must carry a Bearer token in the Authorization header. Two token formats are accepted:
| Credential type | Prefix | Where to get it |
|---|---|---|
| Portal API key | sd_mcp_ | Portal → Settings → API Keys |
| OAuth access token | sd_oauth_ | OAuth authorization code flow (see /.well-known/oauth-protected-resource) |
Authorization: Bearer sd_mcp_<64 hex chars>
Both credential types resolve to the same PortalMcpContext (your user identity, your client/company, and your granted scopes). Usage is tracked on every call (lastUsedAt is updated automatically).
If the token is missing, invalid, revoked, or expired, the server returns:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="simplerdevelopment-mcp", resource_metadata="https://simplerdevelopment.com/.well-known/oauth-protected-resource"
{"jsonrpc":"2.0","error":{"code":-32001,"message":"Unauthorized"}}
Scopes#
Scopes follow the pattern resource:action. A key's scope list is fixed at issuance; the server enforces it per tool call. Attempting to call a tool your key's scopes do not cover silently omits that tool from the registry (the server never registers it), so tools/list only shows tools you can actually use.
Wildcard forms:
| Granted scope | Grants access to |
|---|---|
* | Everything |
projects:* | All projects:read and projects:write tools |
projects:read | Read-only tools in the projects domain |
Available scopes by domain:
| Scope | What it gates |
|---|---|
* | Full portal access — all tools across all domains |
profile:read | Read your portal user profile |
profile:write | Update your portal user profile |
projects:read | List/get projects, kanban boards, columns, cards, sprints, labels |
projects:write | Create/update/delete projects, boards, cards, sprints; log time; manage recurrences |
tickets:read | List/get support and task tickets |
tickets:write | Create tickets, post replies, update status |
crm:read | Search contacts, companies, deals, pipelines, activities, saved views, scoring rules |
crm:write | Create/update contacts, companies, deals; move deal stage; manage pipelines and custom fields |
sites:read | List sites, domains, env vars, nav, posts, post types, block templates, taxonomies, media |
sites:write | Create/update/delete posts, post types, block templates, nav, domains, env vars |
media:read | List media assets |
media:write | Upload, register, and delete media assets |
email:read | List campaigns, lists, subscribers, templates, segments |
email:write | Create/update/delete campaigns, lists, subscribers, templates, segments |
email:send | Trigger campaign sends and schedules (required in addition to email:write) |
decks:read | List/get pitch decks |
decks:write | Create/update/delete/publish pitch decks and slides |
surveys:read | List surveys and responses |
surveys:write | Create/update surveys; fork surveys |
bookings:read | List booking pages, bookings, and availability |
bookings:write | Create/update booking pages; update and cancel bookings |
automations:read | List automations |
automations:write | Create/update/delete/toggle automations |
team:read | List team members and roles |
team:write | Invite members, update roles, remove members |
integrations:read | List connected third-party integrations |
integrations:write | Revoke integrations |
services:read | List the agency service catalogue and service requests |
services:write | Submit new service requests |
store:read | List products, orders, customers, discounts, reviews, messages, settings |
store:write | Create/update/delete products, orders, discounts; moderate reviews; reply to customer messages |
billing:read | Read invoices and subscription data (no write scope exposed) |
hosting:read | Read hosting and domain status (no write scope exposed) |
ai:read | Read AI conversation history (ai_conversations_*) and credit balance/ledger (ai_credits_*) |
brain:read | Query the Company Brain knowledge base — notes, meetings, contacts, deals, tasks, relationships, search |
brain:write | Create/update/delete Brain records — notes, tasks, meetings, people, documents, topics, glossary, goals, initiatives, playbooks, org units |
brain:approve | Approve Brain review items and pending changes |
approvals:read | List and inspect pending MCP approval links |
approvals:manage | Approve or reject pending MCP approval links (includes approvals:read) |
chat:read | List/get live chat conversations and messages |
chat:write | Send messages and manage live chat conversations |
notifications:read | List notifications |
notifications:write | Create and manage notifications |
branding:read | Read brand profiles, messaging, and run contrast/audit checks |
branding:write | Create/update/delete brand profiles and messaging |
| (unscoped) | whoami and the blocks://schema resource — always available regardless of scopes |
Approval workflow#
Many write tools in the MCP server do not mutate immediately. Instead they create a draft and return an approval URL. A human reviewer must open that URL and click Approve before the change is published.
This is intentional — it keeps AI-authored content from going live without human sign-off.
How it works#
- Your agent calls a write tool (e.g.
posts_create). - The tool creates a draft record, mints a 64-hex-char token, stores it in
mcp_approval_links, and returns anapprovalenvelope in the response. - You (or your client) open the URL:
https://simplerdevelopment.com/approve/<token>. - The public page shows a preview. The reviewer clicks Approve or Reject — no portal login required.
- On approval, the entity is published (or the staged mutation is applied).
Two link types exist:
linkType | When used | On approve |
|---|---|---|
entity | The draft row already exists. | Publishes the entity. |
pending_change | The write was staged, not yet applied (keys with require_cms_approval). | Applies the staged mutation. |
Approval envelope shape (returned inside tool responses):
{
"approval": {
"url": "https://simplerdevelopment.com/approve/a3f8...c1d2",
"previewUrl": "https://simplerdevelopment.com/approve/a3f8...c1d2",
"token": "a3f8...c1d2",
"status": "pending",
"expiresAt": "2026-06-18T08:37:00.000Z"
}
}
Approval links expire after 14 days by default. After expiry the link is marked expired and the author must call the corresponding *_update tool to remint a fresh link.
Approvable entity types: post, pitch_deck, email_campaign, block_template, survey, booking_page.
Telemetry and token budget#
Every tool call records latency and token cost via lib/mcp/telemetry.ts. Tool responses are intentionally compact — write tools echo { id, slug, status }, not the full row. Heavy fields (e.g. blocks, html, body) are opt-in via an include flag where supported. This keeps context windows manageable for agents processing many results.
Connecting an AI client#
Claude Desktop / Claude Code#
Add this to your claude_desktop_config.json or Claude Code MCP config:
{
"mcpServers": {
"simplerdevelopment": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://simplerdevelopment.com/api/mcp"],
"env": {
"MCP_BEARER_TOKEN": "sd_mcp_<your key here>"
}
}
}
}
mcp-remote handles the POST-only transport automatically (it detects the 405 on GET and switches to POST-only mode).
Custom agent (direct HTTP)#
curl -X POST https://simplerdevelopment.com/api/mcp \
-H "Authorization: Bearer sd_mcp_<your key>" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'
whoami tool#
Always available — no scope required.
Returns your authenticated user ID, client/company context, and the scopes your current credential grants.
Tool call:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "whoami",
"arguments": {}
}
}
Response:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"content": [{
"type": "text",
"text": "{\"userId\":42,\"client\":{\"id\":7,\"company\":\"Acme Corp\"},\"scopes\":[\"projects:*\",\"crm:read\",\"sites:write\"]}"
}]
}
}
blocks://schema resource#
Always available — no scope required.
An MCP resource (not a tool) that returns the full block-type reference in Markdown. Agents should read this before calling posts_create or posts_update to author valid blocks arrays.
Resource URI: blocks://schema
Fetch via:
{
"jsonrpc": "2.0",
"id": 2,
"method": "resources/read",
"params": { "uri": "blocks://schema" }
}
Tool domains#
The server registers 446 tools across 28 domains. Domains are grouped into six reference pages:
| Domain(s) | Tools cover | Reference |
|---|---|---|
| Meta | whoami, blocks://schema resource | This page |
| Brain (AI/RAG) | Company knowledge base — notes, meetings, people, docs, tasks, goals, initiatives, playbooks, org units, topics, glossary, decisions | brain-tools.md |
| CRM | Contacts, companies, deals, pipelines, activities, custom fields, saved views, scoring rules | crm-tools.md |
| CMS / Storefront / Branding | Posts, pages, block templates, post types, taxonomies, media, nav, site settings, domains, env vars; storefront products/orders/customers/discounts/reviews; brand profiles and messaging | content-tools.md |
| Email / Surveys / Decks / Automations | Email campaigns, lists, subscribers, templates, segments; survey builder and responses; pitch deck create/update/publish; workflow automations | marketing-tools.md |
| Bookings / Integrations / Hosting / Billing / AI / Approvals / Chat / Notifications | Booking pages and appointments; third-party integrations; domain and deploy status; invoices and subscriptions; AI conversation history and credits; MCP approval links; live chat; notifications | platform-tools.md |
| Projects / Sprints / Kanban / Team / Tickets | Projects CRUD; sprint planning; boards, columns, cards, labels, checklists, time logging; team members and roles; support and task tickets | project-tools.md |