Skip to main content
MCP connections use the same scope model as REST API tokens. During OAuth, you approve a set of scopes; each tool call checks that the connection has the required scope and domain access. Hosted clients (Claude, ChatGPT, Cursor, etc.) redirect to Mentionpath’s consent screen. You choose which scopes to grant. Baseline read scopes are safe to approve for analytics-only use. Grant write scopes only when you want the client to propose changes.

Write actions and approval

Tools that mutate data (prompts_create, audits_trigger, webflow_create_draft, and others) return APPROVAL_REQUIRED with an approvalUrl unless the token has an auto-approve policy for that action. Review pending requests under Account → Approvals in the app.

Auto-approve policies

Organization owners can allow specific write actions to run without manual approval per token:
  1. Open Account → API.
  2. Select a token (or configure defaults at creation).
  3. Enable auto-approve for actions whose scopes the token already has.
prompts_delete and approval-resolution tools are never auto-approved.

REST parity

Every MCP tool has a matching REST endpoint under /api/v1. See the API Reference tab for HTTP paths and request bodies.