Remote MCP Server
FastHook MCP Server
Connect an AI client directly to FastHook operations through a remote Model Context Protocol server. Inspect captured webhook traffic, follow request-to-attempt traces, save regression fixtures, retry failed deliveries, and create temporary request bins without teaching the client every REST route.
The production endpoint is https://mcp.fasthook.io/mcp. It uses Streamable HTTP and OAuth 2.1 with Google sign-in, explicit workspace selection, and separate read and write scopes. Project API Keys remain available for CI.
OAuth clients open Google sign-in automatically. Use the dashboard to review the workspace before granting access.
Connection details
| Setting | Value |
|---|---|
| Endpoint | https://mcp.fasthook.io/mcp |
| Transport | Streamable HTTP |
| Recommended authentication | OAuth 2.1 with Google sign-in and S256 PKCE |
| OAuth scopes | fasthook.read · fasthook.write |
| Workspace selection | Choose one FastHook workspace on the consent screen |
| CI fallback | Authorization: Bearer fhp_... |
Connect with OAuth 2.1
Add only the server URL to a client that supports remote Streamable HTTP servers. The client discovers FastHook OAuth automatically, opens Google sign-in, and asks you to choose one workspace. No FastHook password or API key is shared with the client.
{
"mcpServers": {
"fasthook": {
"url": "https://mcp.fasthook.io/mcp"
}
}
}Use a Project API Key for CI
Headless jobs can continue to use a project-scoped key. Keep the key in a secret manager, never put it in a URL, and rotate it from Project Secrets if it is exposed.
{
"mcpServers": {
"fasthook": {
"url": "https://mcp.fasthook.io/mcp",
"headers": {
"Authorization": "Bearer fhp_your_project_api_key",
"x-team-id": "tm_your_team_id"
}
}
}
}Inspect webhook evidence
Observation tools are read-only. They let an agent move from the configured route to the evidence created by real traffic without guessing which request, event, or attempt failed.
- List sources, destinations, and routing connections.
- List and inspect requests, events, and delivery attempts.
- Open a complete request trace across routed events and attempts.
- Filter recent traffic by status, source, connection, destination, or time range.
Retry and run saved fixtures
Operational tools can create new delivery attempts. The MCP client should show a confirmation before it retries a request or event, or replays a saved fixture against a destination with external side effects.
- Retry one failed request or one routed event.
- Save a captured request as a named regression fixture.
- List compatible fixture targets before choosing a destination.
- Replay a fixture and inspect the fresh event and attempt evidence.
Create a temporary request bin
An agent can create a private request bin for a short debugging session, then return the generated webhook URL and read token. Public bins expire automatically and remain separate from durable project sources.
Security boundaries
- OAuth access tokens expire after one hour and refresh tokens expire after 29 days.
- OAuth grants are limited to one selected FastHook workspace.
- Read-only grants do not expose retry, replay, fixture-save, or request-bin creation tools.
- For CI, use a Project API Key, not a webhook signing secret or provider token.
- Never send the API key in a query string or paste it into prompts and screenshots.
- Treat retry and replay as mutating operations because they may contact a real destination.
- Rotate exposed keys from Project Secrets and update every MCP client that uses them.
Which MCP transport does FastHook use?
FastHook uses the current Streamable HTTP transport at https://mcp.fasthook.io/mcp. It does not require the legacy SSE transport.
How do I authenticate to the FastHook MCP server?
OAuth 2.1 is recommended. Add the MCP endpoint, sign in with Google, choose one FastHook workspace, and approve read or read-and-write access. Project API Keys remain available for CI and non-interactive servers.
Can the MCP server change or resend webhook data?
Yes. Read tools only inspect FastHook resources, while retry and fixture replay tools can send data to a selected destination. Review the target before approving a mutating tool call.
Does the FastHook MCP server support OAuth?
Yes. FastHook exposes OAuth authorization-server and protected-resource discovery, dynamic client registration, S256 PKCE, short-lived access tokens, rotating refresh tokens, workspace consent, and separate read and write scopes.