MCP reference
Buda's Model Context Protocol endpoint — URL, authentication headers, and the tools generated from the REST API.
Let any MCP client operate your Buda account. Buda exposes a Model Context Protocol (MCP) server that wraps the /api/v1 REST API as MCP tools. Point Claude, Cursor, or any MCP-capable client at it, authenticate with your API key, and the client can list agents, start sessions, manage Drive, and read results — using the exact same operations as the REST API.
If you just want to wire up Claude Desktop step by step, see MCP with Claude. This page is the technical reference.
Endpoint and auth
| Value | |
|---|---|
| Endpoint | https://buda.im/api/mcp |
| Transport | HTTP (Streamable HTTP) |
| Auth header | Authorization: Bearer sk_... |
| Server name | Buda MCP |
Authentication is required. The Bearer token must be a Buda API key (it must start with sk_); any other value is rejected. The key resolves to your account exactly as it does for the REST API, and Buda records the key's last-request time on each call.
{
"mcpServers": {
"buda": {
"url": "https://buda.im/api/mcp",
"headers": { "Authorization": "Bearer sk_your_api_key" }
}
}
}Treat the MCP config like any other place your sk_ key lives — keep it out of shared machines and version control. See Authentication for rotation and security.
Available tools
Buda's MCP tools are generated directly from the REST API contract, so the tool set always matches the live /api/v1 surface. Each REST operation becomes one MCP tool with the same inputs and outputs. That includes, among others:
- Users — read the authenticated account (
/users/me). - Spaces — list and create Spaces (tenants).
- Agents — list and create hosted Claw agents.
- Drive — list, read, and write agent Drive files.
- Sessions — create sessions, send messages, read status and replies, cancel runs.
- Scheduled tasks — list, create, enable/disable, and run agent scheduled tasks.
For the authoritative, always-current list of tools and their exact schemas, browse the source contract in the Swagger UI or OpenAPI JSON — every operation there is exposed as an MCP tool.
Limitations
- One credential type. The MCP endpoint accepts
sk_API keys only; embed tokens and session cookies are not valid here. - Account scope. Tools act on whatever the API key can access — the same permissions as the REST API, no more.
- Streaming chat. MCP tools start and read agent runs; live token-by-token streaming is served by the REST stream endpoints rather than MCP.