Connect your account to an IDE (MCP)
Use your CustomAgents account from Claude Code, Cursor, Claude Desktop, or VS Code over the Model Context Protocol. Endpoint, IDE config, tool catalog, and security.
What this is
CustomAgents runs a hosted MCP server so your AI coding tools can read and act on your account — list agents, search contacts, read conversations, send messages — using the same scoped API key you already use for REST.
The server is Streamable HTTP and stateless: every request re-validates your bearer key, there is no server-issued session to hijack, and no local process to install.
Account MCP endpoint: https://api.customagents.io/v1/mcpAuthenticate with an account key (ca_acct_…). For an MCP bound to a single agent, see Per-Agent API & MCP.
The tools your IDE sees are gated by your key's scopes. A tool is only registered — and therefore only visible to the IDE — if your key holds the required scope. A read-only key simply won't surface the write tools.
IDE configuration
All clients authenticate the same way: Authorization: Bearer ca_acct_…. Generate the key in Settings → API Keys (details).
Claude Code (CLI)
claude mcp add --transport http custom-agents \
https://api.customagents.io/v1/mcp \
--header "Authorization: Bearer ca_acct_YOUR_KEY"Cursor
Add to ~/.cursor/mcp.json (or the project's .cursor/mcp.json):
{
"mcpServers": {
"custom-agents": {
"url": "https://api.customagents.io/v1/mcp",
"headers": {
"Authorization": "Bearer ca_acct_YOUR_KEY"
}
}
}
}Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"custom-agents": {
"url": "https://api.customagents.io/v1/mcp",
"headers": {
"Authorization": "Bearer ca_acct_YOUR_KEY"
}
}
}
}VS Code
Add to .vscode/mcp.json (note the servers key and "type": "http"):
{
"servers": {
"custom-agents": {
"type": "http",
"url": "https://api.customagents.io/v1/mcp",
"headers": {
"Authorization": "Bearer ca_acct_YOUR_KEY"
}
}
}
}Transport. The transport type is http (Streamable HTTP). Some clients accept streamable-http as an alias — both resolve to the same endpoint. There is no SSE or stdio transport; the server is remote-only.
Account tool catalog
Each tool requires a scope. If your key lacks the scope, the tool is not registered and the IDE never sees it. Tools marked destructive mutate data or spend money and trigger an explicit confirmation prompt in the IDE before they run.
| Tool | Required scope | Destructive |
|---|---|---|
get_help | none (always available) | — |
get_docs | none (always available) | — |
list_agents | read:agents | — |
get_agent | read:agents | — |
get_agent_activity | read:agents | — |
create_agent | write:agents | Yes |
update_agent | write:agents | Yes |
pause_agent | write:agents | Yes |
search_contacts | read:contacts | — |
get_contact | read:contacts | — |
create_contact | write:contacts | Yes |
update_contact | write:contacts | Yes |
list_conversations | read:messages | — |
get_conversation | read:messages | — |
create_draft | messages:send | — |
send_email | messages:send | Yes |
send_sms | messages:send:sms | Yes |
make_call | messages:send:voice | Yes |
get_subscription | read:billing | — |
get_usage | read:billing | — |
list_drafts / reject_draft | read:messages / write:messages | — |
delete_contact / export_contacts / get_contact_activity | write:contacts / read:contacts | delete only |
get_org_activity | read:activity | — |
get_feed / get_comments / add_feed_comment | read:feed / write:feed | — |
list_knowledge / delete_knowledge_item | read:knowledge / write:knowledge | delete only |
list_tasks / get_task / create_task / update_task / delete_task | read:tasks / write:tasks | delete only |
list_scheduled_tasks / list_missions / get_mission | read:scheduling | — |
generate_pdf / generate_invoice_pdf / generate_image / generate_vcard | tools:media | image (spends) |
resume_agent | write:agents | — |
Each channel has its own scope. messages:send authorizes email only. To send text messages add messages:send:sms; to place phone calls add messages:send:voice. A key with messages:* covers all three. This is deliberate least-privilege — an email automation key can never text or call a real person. Not sure what your key can do? Call get_help from your IDE: it lists every tool, which ones your key can use, and the exact scope to add to unlock the rest.
send_message remains as a deprecated alias of send_email for existing setups.
There is no create_api_key tool and no billing-mutation tool. Minting keys and changing billing are owner/admin session actions — they are never exposed over MCP. See the access ceiling.
Security model
- No token passthrough. Your key is validated against our database and the tool handler calls our own controllers in-process. The token never reaches a third-party authorization server, so the confused-deputy class doesn't apply.
- Identity is bound to the key, not the input. Every tool handler is closed over the
organizationIdand scopes resolved from your validated key. A tool can't be tricked into acting on another account by its arguments. - Stateless. Each request re-validates the bearer key. There's no session id to steal.
- Origin checked. The server validates the
Originheader to defend against DNS-rebinding from a local browser. - Rate limited & spend-capped. MCP requests are subject to per-key rate limits, and money-spending tools respect your key's spend cap.
OAuth sign-in (no key to copy)
You can connect without pasting a key: add the MCP server URL and sign in. This works in clients that support remote MCP with OAuth (Claude Desktop / claude.ai connectors, Claude Code, Cursor, VS Code, ChatGPT custom connectors).
- In your client, add the MCP server
https://api.customagents.io/v1/mcp(for a single agent,https://api.customagents.io/v1/agents/AGENT_ID/mcp). - The client discovers the OAuth endpoints automatically (RFC 9728 protected-resource metadata) and opens a browser to sign in.
- On the consent screen you pick the organization (and, for a per-agent connection, the agent), choose exactly which permissions to grant, and optionally set a spend cap. Permissions that can spend credits are flagged.
- Approve, and the client is connected — no key handling. Manage or revoke connections any time under Settings → Connected Apps.
How it maps to scopes: an OAuth connection grants the same scopes as an API key (the consent screen is the scope picker), and authorization is identical — messages:send is email-only, SMS needs messages:send:sms, and so on. Static ca_acct_ / ca_agt_ bearer keys keep working unchanged as the fallback for clients that don't do OAuth.
Security: the access token never carries your org — the org/agent binding is decided by you at consent and re-verified against your live membership on every request, so a connection can't reach an org you've left or were removed from. Revoking a connection cuts off its tokens immediately.
See also
API Keys & Scopes
Account and per-agent API keys, the two scope namespaces, least-privilege defaults, rotation, IP allowlists, expiry, and the shown-once contract.
Per-Agent API & MCP
Issue a key bound to a single agent. The /v1/agents/:agentId REST surface, the agent MCP endpoint, the agent scope namespace, the tool catalog, and the isolation guarantee.