Remote MCP Server

FastHook MCP Server

Connect an AI client directly to FastHook operations through a remote Model Context Protocol server. Inspect captured webhook traffic, follow request-to-attempt traces, save regression fixtures, retry failed deliveries, and create temporary request bins without teaching the client every REST route.

The production endpoint is https://mcp.fasthook.io/mcp. It uses Streamable HTTP and OAuth 2.1 with Google sign-in, explicit workspace selection, and separate read and write scopes. Project API Keys remain available for CI.

Open FastHook dashboard

OAuth clients open Google sign-in automatically. Use the dashboard to review the workspace before granting access.

Connection details

SettingValue
Endpointhttps://mcp.fasthook.io/mcp
TransportStreamable HTTP
Recommended authenticationOAuth 2.1 with Google sign-in and S256 PKCE
OAuth scopesfasthook.read · fasthook.write
Workspace selectionChoose one FastHook workspace on the consent screen
CI fallbackAuthorization: Bearer fhp_...

Connect with OAuth 2.1

Add only the server URL to a client that supports remote Streamable HTTP servers. The client discovers FastHook OAuth automatically, opens Google sign-in, and asks you to choose one workspace. No FastHook password or API key is shared with the client.

Recommended MCP client configuration
{
  "mcpServers": {
    "fasthook": {
      "url": "https://mcp.fasthook.io/mcp"
    }
  }
}

Use a Project API Key for CI

Headless jobs can continue to use a project-scoped key. Keep the key in a secret manager, never put it in a URL, and rotate it from Project Secrets if it is exposed.

Non-interactive MCP configuration
{
  "mcpServers": {
    "fasthook": {
      "url": "https://mcp.fasthook.io/mcp",
      "headers": {
        "Authorization": "Bearer fhp_your_project_api_key",
        "x-team-id": "tm_your_team_id"
      }
    }
  }
}

Inspect webhook evidence

Observation tools are read-only. They let an agent move from the configured route to the evidence created by real traffic without guessing which request, event, or attempt failed.

  • List sources, destinations, and routing connections.
  • List and inspect requests, events, and delivery attempts.
  • Open a complete request trace across routed events and attempts.
  • Filter recent traffic by status, source, connection, destination, or time range.

Retry and run saved fixtures

Operational tools can create new delivery attempts. The MCP client should show a confirmation before it retries a request or event, or replays a saved fixture against a destination with external side effects.

  • Retry one failed request or one routed event.
  • Save a captured request as a named regression fixture.
  • List compatible fixture targets before choosing a destination.
  • Replay a fixture and inspect the fresh event and attempt evidence.

Create a temporary request bin

An agent can create a private request bin for a short debugging session, then return the generated webhook URL and read token. Public bins expire automatically and remain separate from durable project sources.

Security boundaries

  • OAuth access tokens expire after one hour and refresh tokens expire after 29 days.
  • OAuth grants are limited to one selected FastHook workspace.
  • Read-only grants do not expose retry, replay, fixture-save, or request-bin creation tools.
  • For CI, use a Project API Key, not a webhook signing secret or provider token.
  • Never send the API key in a query string or paste it into prompts and screenshots.
  • Treat retry and replay as mutating operations because they may contact a real destination.
  • Rotate exposed keys from Project Secrets and update every MCP client that uses them.

Which MCP transport does FastHook use?

FastHook uses the current Streamable HTTP transport at https://mcp.fasthook.io/mcp. It does not require the legacy SSE transport.

How do I authenticate to the FastHook MCP server?

OAuth 2.1 is recommended. Add the MCP endpoint, sign in with Google, choose one FastHook workspace, and approve read or read-and-write access. Project API Keys remain available for CI and non-interactive servers.

Can the MCP server change or resend webhook data?

Yes. Read tools only inspect FastHook resources, while retry and fixture replay tools can send data to a selected destination. Review the target before approving a mutating tool call.

Does the FastHook MCP server support OAuth?

Yes. FastHook exposes OAuth authorization-server and protected-resource discovery, dynamic client registration, S256 PKCE, short-lived access tokens, rotating refresh tokens, workspace consent, and separate read and write scopes.

Related guides