> ## Documentation Index
> Fetch the complete documentation index at: https://docs.azalt.co/llms.txt
> Use this file to discover all available pages before exploring further.

# MCP server

> Connect AI clients to Azalt with Model Context Protocol

# MCP server

Azalt exposes a remote Model Context Protocol (MCP) server so compatible AI
clients can securely work with your Azalt organization data through your own
Azalt account.

The production MCP endpoint is:

```text theme={null}
https://app.azalt.co/api/mcp
```

The server uses Streamable HTTP and OAuth. You sign in with Azalt, approve the
requested access, and the client receives an OAuth token. Access follows your
current Azalt organization and the permissions available to your user.

## What you can do

Connected AI clients can use Azalt tools to:

* Read your profile, current organization, users, sites, forms, dashboards,
  datasets, and KPI indicators.
* Inspect form elements, form deployments, form submissions, and individual
  submission values.
* Query KPI data and available emission factors.
* Create forms, dashboards, and dashboard widgets when the approved scopes and
  your Azalt permissions allow it.

## Security

Only connect MCP clients that you trust. Depending on the scopes you approve,
the client may be able to read organization data and create or update Azalt
resources on your behalf.

You can review and revoke connected MCP clients from:

```text theme={null}
https://app.azalt.co/settings/mcp-clients
```

## Scopes

Azalt MCP uses the following OAuth scopes:

| Scope                    | Access                                        |
| ------------------------ | --------------------------------------------- |
| `openid`                 | Verify your Azalt identity                    |
| `profile`                | Read your profile information                 |
| `email`                  | Read your email address                       |
| `azalt:read`             | Read Azalt organization data available to you |
| `azalt:write:forms`      | Create and update form-related data           |
| `azalt:write:imports`    | Preview and apply imports                     |
| `azalt:write:activities` | Create, update, and recalculate activities    |
| `azalt:admin`            | Manage administrative Azalt resources         |

## Codex

Codex can connect to Azalt MCP with its remote MCP client.

```bash theme={null}
codex mcp add azalt --url https://app.azalt.co/api/mcp
```

Then authenticate:

```bash theme={null}
codex mcp login azalt --scopes openid,profile,email,azalt:read,azalt:write:forms,azalt:write:imports,azalt:write:activities,azalt:admin
```

Follow the browser login and consent flow. After authentication, verify the
server:

```bash theme={null}
codex mcp list
codex mcp get azalt
```

If this is your first remote MCP server in Codex, make sure the remote MCP
client feature is enabled in `~/.codex/config.toml`:

```toml theme={null}
[features]
experimental_use_rmcp_client = true
```

## Claude Code

Claude Code supports remote HTTP MCP servers with OAuth. Add Azalt with:

```bash theme={null}
claude mcp add --transport http azalt https://app.azalt.co/api/mcp
```

Open Claude Code and run:

```text theme={null}
/mcp
```

Select the Azalt server and complete the browser authentication flow.

If your browser does not open automatically, copy the URL shown by Claude Code
and open it manually. If the browser redirects to a local callback URL that
cannot be reached, copy the full callback URL from the browser address bar and
paste it back into Claude Code when prompted.

## Other clients

Other MCP clients may work if they support remote Streamable HTTP MCP servers
with OAuth and dynamic client registration. Use this endpoint:

```text theme={null}
https://app.azalt.co/api/mcp
```

If a client only supports local or stdio MCP servers, use a remote MCP bridge
such as `mcp-remote` if that client supports it.

## Troubleshooting

### The OAuth callback page cannot be reached

Make sure the MCP client is still waiting for the callback. If the client timed
out before you approved access, start the login flow again and approve the new
consent request.

### The client is connected but a tool is denied

The OAuth token may not include the required scope, or your Azalt user may not
have permission for the requested action in the current organization. Reconnect
with the needed scopes or ask an organization owner to update your Azalt role.

### I switched organizations in Azalt

MCP requests use the current organization associated with your Azalt user. If
you switch organizations, reconnect or ask the client to call `get_my_profile`
to confirm the active organization before making changes.
