> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anyreach.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Connecting a client

> Point Claude Desktop, Cursor, or a custom client at the server.

The Anyreach MCP server exposes the full platform API as a small set of meta-tools that any Model Context Protocol client can discover and invoke. Point your client at one URL, authenticate with a Bearer token, and the server proxies your calls to the underlying services.

## Endpoint

The server is reachable at a single URL over the streamable-HTTP transport:

```
https://api.anyreach.ai/mcp/
```

Every request must carry an `Authorization` header:

```
Authorization: Bearer <token>
```

The server runs in stateless mode and returns tool results as plain JSON, so there is no persistent session to maintain — each request stands on its own.

## Authentication

The MCP edge only accepts two token formats. The token must start with one of these prefixes or the request is rejected at the edge before any tool runs:

| Token type                  | Prefix | Where to create it                                    | Org scope                  |
| --------------------------- | ------ | ----------------------------------------------------- | -------------------------- |
| Organization API key        | `ak_`  | [/api-keys](/organizations/api-keys-and-tokens)       | Carries its org implicitly |
| Personal access token (PAT) | `pat_` | [/account/tokens](/organizations/api-keys-and-tokens) | You pass the org per call  |

Any other value returns `401` with this body:

```json theme={null}
{ "error": "Unrecognized token format. Expected a personal access token (pat_...) or organization API key (ak_...)." }
```

A missing or non-Bearer `Authorization` header returns `401` with `{ "error": "Missing Bearer token" }`.

<Note>
  The edge check only validates the token prefix. The token is still fully verified by the downstream service when a tool actually runs, so an invalid `ak_` or `pat_` value still fails there.
</Note>

## Org scoping

Most operations are org-scoped, and how the organization is resolved depends on which token type you use.

| Token type                     | How the org is determined                                        |
| ------------------------------ | ---------------------------------------------------------------- |
| Organization API key (`ak_`)   | Bound to one organization. You do not pass an org.               |
| Personal access token (`pat_`) | Not bound to an org. Pass `organization_id` on each `call_tool`. |

When you call `call_tool` with an `organization_id`, the server forwards it downstream as the `X-Anyreach-Org` header alongside your Bearer token:

```
call_tool
  name           = "..."
  arguments      = { ... }
  organization_id = "<org_id>"
        │
        ▼
Authorization: Bearer <token>
X-Anyreach-Org: <org_id>
        │
        ▼
  downstream service
```

If a tool call returns a `401` that mentions a missing organization claim, you used a PAT without an `organization_id` (or your client omitted it). Determine which organization to act on and retry the same `call_tool` with `organization_id` set.

<Tip>
  If you work in a single organization, an `ak_` API key is the simplest choice — there is no per-call org argument to track. Use a `pat_` when one set of credentials needs to act across several organizations.
</Tip>

## Client configuration

Most MCP clients accept a server entry that points at a URL and supplies headers. The shape below works for clients that speak streamable-HTTP:

<Tabs>
  <Tab title="Organization API key">
    ```json theme={null}
    {
      "mcpServers": {
        "anyreach": {
          "url": "https://api.anyreach.ai/mcp/",
          "headers": {
            "Authorization": "Bearer ak_your_api_key"
          }
        }
      }
    }
    ```

    The org is implied by the key, so no `organization_id` is needed on tool calls.
  </Tab>

  <Tab title="Personal access token">
    ```json theme={null}
    {
      "mcpServers": {
        "anyreach": {
          "url": "https://api.anyreach.ai/mcp/",
          "headers": {
            "Authorization": "Bearer pat_your_token"
          }
        }
      }
    }
    ```

    Because a PAT is not bound to an organization, pass `organization_id` on each org-scoped `call_tool`.
  </Tab>
</Tabs>

<Warning>
  Treat both `ak_` and `pat_` tokens as secrets. Anyone holding the token can act on your organization through the API.
</Warning>

## Next steps

<CardGroup cols={2}>
  <Card title="Tools and discovery" icon="wrench" href="/mcp/tools-and-discovery">
    Browse, search, and invoke operations with the four meta-tools.
  </Card>

  <Card title="API keys and tokens" icon="key" href="/organizations/api-keys-and-tokens">
    Create and manage organization API keys and personal access tokens.
  </Card>
</CardGroup>
