Skip to main content
Every Softr app can act as its own Model Context Protocol (MCP) server. Once you enable MCP on an app, AI assistants like Claude, Claude Code, and ChatGPT can connect to that specific app over OAuth and interact with its data.
This is different from the workspace-wide Softr MCP Server, which exposes your Softr databases. The App MCP Server is scoped to a single published app, uses that app’s domain, and has its own OAuth credentials.

How permissions work

When an AI client connects, it does so as a signed-in user of your app, not as an admin and not as the app itself. Everything the assistant can see or do is capped by what that user could already do in the app’s interface. The MCP server never grants extra access. Concretely, the assistant’s capabilities are derived from the blocks you’ve built into the app:
What the app containsWhat the assistant can do
A list, grid, or table blockRead records
A form or sign-up blockCreate records (only the fields shown in the form)
A profile block or inline editingUpdate records
A delete actionDelete records
This means the MCP surface mirrors your app’s screens:
  • If there’s no block for a table, the assistant can’t touch that table, even if the underlying data source contains it.
  • Fields are limited to those your blocks display. Hidden or unmapped fields stay invisible to the assistant.
  • User groups, page visibility, and data restrictions all still apply. A user connecting through MCP sees exactly the records and actions their account would see when logged into the app normally.
To expose more (or less) to AI clients, change what your app shows. Add a form to allow record creation, add a list to allow reading, or restrict a block by user group to limit access, and the MCP server updates to match.

Enabling MCP for your app

1

Open MCP settings

In the app’s left sidebar, open Settings → MCP.
2

Enable MCP

Click Enable MCP. Softr generates an OAuth Client ID and Client Secret for this app.
3

Connect an AI tool

Use one of the quick-setup cards (Claude, Claude Code, ChatGPT, Other) to connect a client. Each card walks you through the steps for that specific tool.

Server URL

Your app’s MCP endpoint follows your app’s published URL: 
https://<your-app-domain>/v1/mcp
For example, if your app is published at https://acme.softr.app, the MCP server URL is https://acme.softr.app/v1/mcp. If you’ve added a custom domain, the MCP URL uses that domain. You can copy the exact URL from the Server URL field in MCP settings.

Connecting an AI tool

The setup dialog in MCP settings gives you a ready-to-use snippet for each supported client. You can also follow the steps manually.
1

Open the connector setup

In Claude, go to Customize → Connectors → + → Add custom connector.
2

Add the server

Enter a name (for example, your app’s name) and paste the Server URL from MCP settings.
3

Authorize

Click Add. Claude opens a browser window to authorize the connection to your app via OAuth.
Claude uses dynamic client registration, so you don’t need to paste a Client ID or Secret.

Advanced settings

Open the Advanced settings section in MCP settings to see and manage the OAuth credentials.
FieldWhat it’s for
Client IDPublic identifier for your app’s MCP OAuth client. Safe to share.
Client SecretConfidential credential. Used by clients that don’t support dynamic client registration.
Redirect URIsAllowed OAuth redirect URIs. Add an entry for every client that needs a fixed redirect. Most clients fill this in automatically via dynamic client registration.

Adding redirect URIs

Some AI clients require their callback URL to be pre-registered on the OAuth server. To add one:
1

Open Advanced settings

Expand Advanced settings in your app’s MCP settings.
2

Add the URI

Click Add redirect URI and paste the callback URL the client provided.
3

Save

Click Save in the footer to persist the change.

Turning MCP off

Toggle Enable MCP off and click Save to disable the server without removing its credentials. Existing connected clients will stop being able to call the server until you re-enable it.

Troubleshooting

Some CLIs (Claude Code included) treat --client-secret as a prompt-trigger flag, not a value flag. Any value you append inline is ignored and the CLI prompts interactively. This is intentional so the secret doesn’t appear in your shell history. Paste the secret at the prompt instead.
Check that the client’s redirect URI is registered under Advanced settings → Redirect URIs. Clients that support dynamic client registration handle this automatically; clients with a fixed callback don’t.