MCP server
Connect an AI agent to your AISAR workspace over the Model Context Protocol.
AISAR exposes a Model Context Protocol server — this lets any MCP-capable AI client (Claude Code, claude.ai, Cursor, and others) work with your workspace through self-describing tools, without hand-writing an integration against every REST endpoint.
Endpoint and authentication
The server speaks Streamable HTTP:
POST https://mcp.aisar.app/mcp/companyAuthentication uses the same company API token as the REST API (created in the cabinet: Settings → Systems → API, requires the Business plan), sent in the Authorization header:
Authorization: Bearer 123|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxTransport is Bearer-only — there is no cookie/session path and no OAuth flow. A request without a valid token gets 401; a token of the wrong class gets 401/403.
Connecting a client
Claude Code
claude mcp add --transport http aisar https://mcp.aisar.app/mcp/company \
--header "Authorization: Bearer YOUR_API_TOKEN"claude.ai
Settings → Connectors → Add custom connector, URL https://mcp.aisar.app/mcp/company, header Authorization: Bearer YOUR_API_TOKEN.
Generic MCP client (e.g. Cursor)
{
"mcpServers": {
"aisar": {
"url": "https://mcp.aisar.app/mcp/company",
"headers": {
"Authorization": "Bearer YOUR_API_TOKEN"
}
}
}
}After connecting, call the whoami tool first — it confirms which company the token maps to.
Server tools
Documentation
These read the platform's live documentation straight from the server — answers are always in sync with the latest deploy.
| Tool | Purpose |
|---|---|
list_docs | List available documents |
list_doc_sections | A document's section headings |
get_doc | A whole document, or one section |
search_docs | Full-text search across the docs |
list_webhook_events | The platform's webhook event catalogue |
get_webhook_payload_spec | The exact payload spec for one event |
lookup_error_code | Explanation of a WhatsApp Cloud (Meta) error code, e.g. 131047 |
Reads
| Tool | Arguments |
|---|---|
whoami | — |
list_channels | status?, type?, page, per_page |
list_funnels | — |
list_deals | funnel_id?, stage_id?, status?, search?, page |
get_deal | deal_id |
search_contacts | query, page |
get_contact | contact_id |
list_conversations | status?, channel_id?, assigned_to_me?, search?, page |
get_conversation | conversation_id |
search_messages | query (rate-limited) |
list_templates | channel_id?, language?, sendable_only? |
list_broadcasts / get_broadcast | —, broadcast_id |
get_dashboard_summary | period? (today/7d/30d) |
Every response uses an explicit field allow-list — channel credentials, provider keys, integration secrets, tokens and passwords are never returned.
Writes
Every write tool enforces the matching permission, is scoped to the token's company, and is audited.
| Tool | Arguments |
|---|---|
send_message | conversation_id, text |
send_template_message | channel_id, contact_id\|conversation_id, template_id, variables? |
create_contact / update_contact | contact fields |
add_internal_note | conversation_id, text |
assign_conversation | conversation_id, user_id\|team_id |
close_conversation | conversation_id |
create_deal / update_deal | deal fields (stage_id must belong to the funnel) |
move_deal_stage | deal_id, stage_id |
create_deal_note | deal_id, text |
Webhook self-service
| Tool | Arguments |
|---|---|
list_integrations | — |
create_webhook_integration | url, events[], signing_secret? |
test_webhook | integration_id\|url |
get_webhook_deliveries | integration_id |
The webhook URL passes the same SSRF guard as the REST integration-creation endpoint (private/loopback/link-local/metadata addresses are refused, including DNS-rebinding and encoded-IP forms); there is a per-company cap on the number of integrations; event names are validated against the platform's event catalogue.
Limits & behaviour
- Rate limits (per token, per company):
search_messages— 30/min,send_messageandsend_template_message— 60/min,create_webhook_integration— 10/min, documentation tools — 120/min. - Pagination:
per_pageis capped at 50. - No bulk send: messaging tools only reach an existing conversation or a single contact — there is no mass-broadcast surface here (use the Broadcasts feature in the cabinet for that).
- Untrusted content: message bodies, contact names and notes returned by these tools are third-party data, not instructions for the model.
Troubleshooting
| Symptom | Cause / fix |
|---|---|
401 Unauthorized | The token is missing or invalid. |
403 Forbidden | The token is not a service-account API token (e.g. a mobile/embed token), or the subscription is inactive / the api feature is off. |
| A tool returns "not found" for an id that exists | The id belongs to a different company — tenancy is enforced on every argument. |
| "Rate limit exceeded" | A per-tool limit was exceeded (see "Limits & behaviour") — retry shortly. |