MCP Server

Authentication

The Splattr MCP server uses OAuth 2.0 with Dynamic Client Registration. You authenticate with your existing Splattr account — no separate API keys or developer credentials needed.

How it works

  1. Dynamic Client Registration — When you add the Splattr MCP server to a client (Claude Code, Claude Desktop, etc.), the client automatically registers itself with the server. You don't need to manually create OAuth credentials.

  2. OAuth authorization flow — On first use, your MCP client opens a browser window to Splattr's login page. Sign in with your Splattr account credentials.

  3. Token storage — After authenticating, your client stores an access token and refresh token. The session persists across conversations — you won't be prompted again unless the token expires or you explicitly revoke access.

  4. Scopes — The server requests openid, email, and profile scopes. No additional permissions beyond your standard Splattr account access are granted.

Permissions

The MCP server acts on behalf of your Splattr account. All operations are scoped to your organization:

  • Tools read and write data within your organization only
  • Credit charges apply to your organization's balance
  • CRM pushes use your organization's connected integrations

Token expiry and refresh

Access tokens refresh automatically in the background. If a token refresh fails (for example, if you revoke access in your Splattr account settings), you'll be prompted to re-authenticate the next time you use a Splattr tool.

Revoking access

To disconnect the Splattr MCP server from a client:

Claude Code:

claude mcp remove splattr

Claude Desktop / Cursor: Remove the server entry from your configuration file and restart the application.

To revoke all active sessions, go to Settings → Security in your Splattr account and remove any active MCP sessions listed there.

Troubleshooting

"No authenticated user in context" — The token has expired or was revoked. Remove and re-add the server to trigger a fresh login.

Browser window doesn't open — Some headless or remote environments can't open a browser. In this case, copy the authorization URL from your client's output and open it manually.

"Invalid client" error — This can happen if your client's registration was deleted. Remove and re-add the server to re-register.