MCP Server

Connect Atender over MCP

Point any MCP client at Atender and drive your workspace through the same API the product uses. Tools, parameters, and required scopes are discoverable from the server itself once you connect.

Server URL · Streamable HTTP
https://v3.atender.com/api/v1/mcp

This is the only endpoint you need. Drop it into your client, authenticate, and the available tools load automatically — no per-tool setup.

Authentication

Two ways to connect

Pick how the connection proves who it is. Use an API key for headless and shared setups, or OAuth when a person is connecting their own client.

API key

A workspace token sent as a Bearer header. Best for servers, scripts, and clients you configure once. Create one in your dashboard under Settings → API Access.

Header · Authorization: Bearer sa_live_…
Scope· inherits the key's permissions

OAuth — as an owner

The client opens a browser, you sign in, and you approve the scopes it asks for. Authorizing requires a user with owner status on the workspace. Best when a person connects their own MCP client.

Flow · Authorization Code + PKCE (S256)
Setup · dynamic client registration — nothing to pre-create
Quick start

Add the server

Switch between an API key and OAuth, then copy the config for your client.

shell
claude mcp add --transport http atender https://v3.atender.com/api/v1/mcp \
  --header "Authorization: Bearer sa_live_YOUR_KEY"

Run this in your terminal. Use --scope project to share the server via a checked-in .mcp.json. Replace sa_live_YOUR_KEY with a key from Settings → API Access.

OAuth

How the OAuth flow works

Atender is an OAuth-protected resource, so MCP clients that support OAuth wire themselves up automatically.

  1. 1
    Discover
    Your client reads the server's protected-resource metadata and finds the authorization server.
  2. 2
    Register
    The client registers itself via dynamic client registration — no manual app setup.
  3. 3
    Authorize
    A browser opens; an owner-status user signs in and approves the requested scopes. Tokens use PKCE.
  4. 4
    Connect
    The client exchanges the code for an access token (with refresh) and starts calling tools. Access is revocable at any time.
Permissions

Scopes

Access is granular — each resource family has read and, where it applies, write scopes. OAuth grants are chosen at consent; API keys carry the permissions you set on the key.

contacts
readwrite
conversations
readwrite
cases
readwrite
case-workflows
readwrite
case-statuses
readwrite
tags
readwrite
users
readwrite
teams
readwrite
agents
readwrite
automations
readwrite
macros
readwrite
snippets
readwrite
knowledge
readwrite
attachments
readwrite
settings
readwrite
webhooks
readwrite
notifications
readwrite
sla
readwrite
csat
readwrite
status
readwrite
channels
write
bulk
readwrite
search
read
analytics
read
email
read

The exact tool list and the scope each tool needs are discoverable from the server once connected.

Limits

Rate limits

Limits apply per API key by plan tier; OAuth connections also share a per-workspace ceiling. Every response carries X-RateLimit-* headers, and a 429 means a per-minute, per-day, or burst limit was hit.

TierPer minutePer dayBurst
Starter6010,00010
Professional300100,00050
Enterprise1,0001,000,000200
Compatibility

Works with

Claude CodeClaude DesktopCursorAny remote-HTTP MCP client
Back to docs

See Atender in action

Book a personalized demo and see how AI-powered customer service with expert humans can transform your support operation.

Book a DemoContact Sales