MCP SERVER

Your data in
every AI tool.

Connect Claude Desktop, Cursor, Windsurf, and any MCP-compatible client directly to your QPilot datasets, dashboards, and conversations.

QUICK START

Up and running in seconds

Add the QPilot MCP server to your client. Authentication happens automatically the first time you connect.

CLAUDE DESKTOP

Add to claude_desktop_config.json

{
  "mcpServers": {
    "qpilot": {
      "command": "npx",
      "args": ["mcp-remote", "https://api.qpilot.io/mcp"]
    }
  }
}

CURSOR / WINDSURF

Add to your MCP settings or .cursor/mcp.json

{
  "mcpServers": {
    "qpilot": {
      "url": "https://api.qpilot.io/mcp"
    }
  }
}

Or simply add the server URL directly: https://api.qpilot.io/mcp

HOW IT WORKS

Seamless authentication

No API keys to copy. No tokens to manage. The OAuth flow happens in your browser, and your client handles the rest.

01

Add the server URL

Paste the QPilot MCP server URL into your client's configuration.

02

Auth is discovered automatically

Your client reads the server's well-known metadata and learns how to authenticate.

03

Sign in to QPilot

A browser window opens. Sign in with your email or create a new account.

04

Approve the connection

Review the requested permissions and authorize the app on the consent screen.

05

Connected

Your AI assistant can now query your datasets, view dashboards, and access conversations.

AVAILABLE TOOLS

What your AI can do

Each tool maps to your QPilot data. Your AI assistant calls these tools automatically based on context.

write

run_query

Ask QPilot

Ask a natural language question against any dataset. QPilot runs the full AI pipeline — collections, query generation, chart selection, and analysis — and returns the result.

datasets

list_datasets

List Datasets

List all connected databases across your teams, including their collections and record counts.

conversations

list_conversations

List Conversations

List all conversation threads for a specific dataset, showing topics and timestamps.

conversations

get_conversation

Get Conversation

Retrieve a full conversation with all message blocks — questions, generated SQL, analyses, and chart data.

read

list_dashboards

List Dashboards

List all dashboards for a specific team, with labels and colors.

read

get_dashboard_pins

Get Dashboard Pins

Get all pinned queries on a dashboard, including the question, analysis, SQL query, and chart configuration.

PERMISSIONS

Scoped access

You control exactly what each connection can do. Scopes are requested during authorization and can be revoked anytime from your settings.

Read

read

View dashboards, pinned queries, and their results. The default scope for browsing your data insights.

Write

write

Create and modify queries. Required for tools that generate new data or update existing records.

Datasets

datasets

Access your connected databases and their schema. See collections, fields, indexes, and record counts.

Conversations

conversations

View conversation threads and their message blocks — including questions, SQL queries, analyses, and charts.

FOR DEVELOPERS

Build your own integration

QPilot's MCP server uses OAuth 2.1 with PKCE and supports Dynamic Client Registration. Your client can auto-register and authenticate without any manual setup.

OAUTH 2.1 ENDPOINTS

How the flow works

1. Your client hits /mcp and receives a 401 with a WWW-Authenticate header.

2. The header points to /.well-known/oauth-protected-resource for discovery.

3. Your client fetches /.well-known/oauth-authorization-server to learn the auth endpoints.

4. If the client is new, it registers via POST /v1/oauth/register.

5. Standard OAuth 2.1 + PKCE authorization code flow.

6. Exchange the code for an access token at POST /v1/oauth/token.

Protected Resource Metadata

GET /.well-known/oauth-protected-resource

{
  "resource": "https://api.qpilot.io",
  "authorization_servers": ["https://api.qpilot.io"],
  "scopes_supported": ["read", "write", "datasets", "conversations"],
  "bearer_methods_supported": ["header"]
}

Authorization Server Metadata

GET /.well-known/oauth-authorization-server

{
  "issuer": "https://api.qpilot.io",
  "authorization_endpoint": "https://app.qpilot.io/oauth/authorize",
  "token_endpoint": "https://api.qpilot.io/v1/oauth/token",
  "registration_endpoint": "https://api.qpilot.io/v1/oauth/register",
  "scopes_supported": ["read", "write", "datasets", "conversations"],
  "response_types_supported": ["code"],
  "grant_types_supported": ["authorization_code", "refresh_token"],
  "token_endpoint_auth_methods_supported": ["none", "client_secret_post"],
  "code_challenge_methods_supported": ["S256"]
}

Dynamic Client Registration (RFC 7591)

POST /v1/oauth/register
Content-Type: application/json

{
  "client_name": "My MCP Client",
  "redirect_uris": ["http://localhost:3000/callback"],
  "scope": "read datasets conversations",
  "token_endpoint_auth_method": "none"
}

// Response:
{
  "client_id": "a1b2c3d4e5f6...",
  "client_name": "My MCP Client",
  "redirect_uris": ["http://localhost:3000/callback"],
  "scope": "read datasets conversations",
  "grant_types": ["authorization_code", "refresh_token"],
  "response_types": ["code"]
}

Token Exchange (OAuth 2.1 + PKCE)

POST /v1/oauth/token
Content-Type: application/json

{
  "grant_type": "authorization_code",
  "code": "<authorization_code>",
  "client_id": "<client_id>",
  "redirect_uri": "http://localhost:3000/callback",
  "code_verifier": "<pkce_verifier>"
}

// Response:
{
  "access_token": "<token>",
  "token_type": "Bearer",
  "expires_in": 2592000,
  "refresh_token": "<refresh_token>",
  "scope": "read datasets conversations"
}

Ready to connect?

Add QPilot to your MCP client and start querying your data from any AI assistant.

Get startedhttps://api.qpilot.io/mcp