Skip to main content

MCP Server Schema

Top-level fields

FieldTypeRequiredDescription
namestringyesDisplay name for your MCP server
slugstringyesURL identifier — your server becomes available at /mcp/{slug}
descriptionstringnoShort description of what the server does
authenticationobjectnoServer-level auth applied to every tool call (see below)
oauthobjectnoOAuth 2.0 configuration for user-delegated auth flows (see below)
toolsarrayyesList of tools your server exposes (see below)

authentication object

Defines how the caller's API token is forwarded to your upstream service. When present, Shredly automatically injects the token into every outbound request using the specified scheme.

FieldTypeRequiredDescription
typestringyesAuth scheme: Bearer (prepends "Bearer "), ApiKey (sends the raw token), or Basic (prepends "Basic ")
headerstringnoOverride header name when using ApiKey — e.g. X-My-Key
{
"authentication": {
"type": "Bearer"
}
}

Using ApiKey with a custom header name:

{
"authentication": {
"type": "ApiKey",
"header": "X-My-Key"
}
}

oauth object

Configures an OAuth 2.0 authorization code flow for your server. When present, Shredly handles the redirect and token exchange on behalf of the user.

FieldTypeRequiredDescription
authorization_urlstringyesThe provider's authorization endpoint where users are redirected to grant access
token_urlstringyesThe endpoint Shredly calls to exchange an authorization code for an access token
client_idstringyesYour OAuth application's client ID
client_secretstringyesYour OAuth application's client secret
scopesarrayyesList of OAuth scopes to request — e.g. ["openid", "profile", "email"]
extra_paramsobjectnoAdditional query parameters appended to the authorization URL — e.g. {"access_type": "offline"} for refresh tokens
{
"oauth": {
"authorization_url": "https://accounts.google.com/o/oauth2/v2/auth",
"token_url": "https://your-backend.com/oauth/token",
"client_id": "your-client-id",
"client_secret": "your-client-secret",
"scopes": ["openid", "profile", "email"],
"extra_params": {
"access_type": "offline"
}
}
}

tools array

Each entry describes one callable tool. All fields are required.

FieldTypeDescription
namestringTool name exposed to the MCP client
descriptionstringNatural-language description of what the tool does
methodstringHTTP verb: GET, POST, PUT, PATCH, or DELETE
urlstringStatic upstream URL — no template variables
headersobjectStatic key/value headers sent on every request (e.g. {"Content-Type": "application/json"})
input_schemaobjectFlat map of argument name → field definition. Each field has a type (string, number, etc.) and optional description and optional: true.
response_transformstringDot-path into the response JSON to extract — e.g. data.results. Use . to return the full response.
timeout_msnumberRequest timeout in milliseconds. Maximum 20000.

Example tool definition:

{
"name": "getUser",
"description": "Fetch a user by ID from your backend.",
"method": "GET",
"url": "https://api.yourapp.com/users",
"headers": {
"Content-Type": "application/json"
},
"input_schema": {
"user_id": {
"type": "string",
"description": "The ID of the user to fetch"
}
},
"response_transform": "data",
"timeout_ms": 5000
}

Example full server configuration:

{
"name": "My App MCP",
"slug": "my-app",
"description": "MCP server for My App",
"authentication": {
"type": "Bearer"
},
"oauth": {
"authorization_url": "https://accounts.google.com/o/oauth2/v2/auth",
"token_url": "https://your-backend.com/oauth/token",
"client_id": "your-client-id",
"client_secret": "your-client-secret",
"scopes": ["openid", "profile", "email"],
"extra_params": {
"access_type": "offline"
}
},
"tools": [
{
"name": "createRecord",
"description": "Create a new record in My App.",
"method": "POST",
"url": "https://api.yourapp.com/records",
"headers": {
"Content-Type": "application/json"
},
"input_schema": {
"title": {
"type": "string"
}
},
"response_transform": ".",
"timeout_ms": 10000
}
]
}