MCP Server
Connect AI assistants like Claude or ChatGPT to your Business Platform projects via the Model Context Protocol (MCP)
The Business Platform exposes a remote Model Context Protocol (MCP) server that lets you connect AI assistants — such as Claude, ChatGPT, or any MCP-compatible client — directly to your projects. Once connected, you can use natural language to query data, create entries, update records, and more.
Quick start
- Open your AI client's MCP server settings (e.g. Claude Desktop: Settings > MCP Servers)
- Add the server URL:
https://app.smallstack.com/mcp - Your browser opens — log in with your usual account
- Approve the consent screen ("Allow [client] to access your projects?")
- Start talking to your data: "Show me all my projects"
Enabling the MCP feature
The MCP server is gated behind a feature flag. A platform administrator must enable it for your user account before you can connect.
Once enabled, the MCP endpoint accepts authenticated requests from any MCP-compatible client.
Note: If you receive a "MCP Server feature is not enabled" error after authenticating, contact your administrator to enable the feature flag for your account.
Authentication
The MCP server uses OAuth 2.1 for authentication. MCP-compatible clients handle this automatically — you do not need to manage tokens manually.
The flow works like this:
- Your AI client connects to
https://app.smallstack.com/mcp - The server responds with OAuth discovery metadata
- Your client opens a browser window for you to log in
- You see a consent screen listing the permissions the client is requesting
- After approval, your client receives a token and uses it for all subsequent requests
Supported OAuth scopes:
| Scope | Description |
|---|---|
openid |
Identify you |
profile |
Read your profile information |
email |
Read your email address |
Available tools
Once connected, your AI assistant has access to the following tools. All tools respect your existing permissions — you can only access data you would normally see in the backoffice.
list_projects
Lists all projects you have access to.
Example prompt: "What projects do I have?"
list_types
Lists all data types defined in a specific project.
| Parameter | Required | Description |
|---|---|---|
projectId |
Yes | The project ID |
Example prompt: "What data types are in project X?"
query_data
Queries data entries of a specific type. Returns up to 50 entries by default (max 100).
| Parameter | Required | Description |
|---|---|---|
projectId |
Yes | The project ID |
collectionName |
Yes | The collection name (from list_types) |
limit |
No | Maximum entries to return (default 50, max 100) |
Example prompt: "Show me all contacts in my CRM project"
create_data
Creates a new data entry in a project.
| Parameter | Required | Description |
|---|---|---|
projectId |
Yes | The project ID |
collectionName |
Yes | The collection name |
data |
Yes | The field values for the new entry |
Example prompt: "Create a new contact named Jane Doe with email jane@example.com"
update_data
Updates an existing data entry by ID.
| Parameter | Required | Description |
|---|---|---|
projectId |
Yes | The project ID |
collectionName |
Yes | The collection name |
id |
Yes | The entry ID |
modifier |
Yes | MongoDB-style modifier (e.g. { "$set": { "name": "New Name" } }) |
Supported update operators: $set, $unset, $inc, $push, $pull, $addToSet.
Example prompt: "Update the email of contact abc123 to newemail@example.com"
delete_data
Deletes a data entry by ID (soft delete).
| Parameter | Required | Description |
|---|---|---|
projectId |
Yes | The project ID |
collectionName |
Yes | The collection name |
id |
Yes | The entry ID |
Example prompt: "Delete contact abc123 from my CRM project"
Permissions and security
- All operations enforce row-level security (RLS) — you can only read, update, or delete data you have permission to access
- System fields (
id,tenantId,createdAt,updatedAt,deletedAt,revision,access) cannot be modified - Data creation respects the type's
defaultAccessandcreationAccessconfiguration - Tokens are short-lived JWTs validated against the platform's JWKS endpoint
Supported clients
Any client that supports the MCP Streamable HTTP transport can connect. Tested clients include:
- Claude Desktop — Settings > MCP Servers > Add Server
- Claude Code — add to
.claude/settings.jsonor.vscode/mcp.json - ChatGPT — via MCP plugin support
- Custom integrations — any HTTP client that implements the MCP protocol
Troubleshooting
| Issue | Solution |
|---|---|
| 401 Unauthorized | Your client could not complete the OAuth flow. Check that the server URL is exactly https://app.smallstack.com/mcp and that your browser can reach the login page. |
| 403 MCP Server feature not enabled | Ask your administrator to enable the MCP Server feature flag for your account. |
| Permission denied on a tool call | You do not have RLS access to the requested resource. Check your project permissions in the backoffice. |
| No projects returned | Verify you have at least read access to a project. |
Related
- AI Features — enabling AI capabilities per project
- AI Agents — configurable AI agents within the platform
- MCP Technical Reference — OAuth 2.1 authentication details for developers integrating directly with the MCP endpoint