Connect programmatically
For your own services, scripts, or non-Claude MCP clients, obtain a bearer token directly from Keycloak with the client_credentials grant, then speak MCP JSON-RPC to /v1/sse.
1. Get a bearer token
export CLIENT_ID=bfk_REPLACE_ME
export CLIENT_SECRET=REPLACE_ME
export TOKEN=$(curl -s -X POST \
'https://uauth.bonafide.ai/realms/bonafide/protocol/openid-connect/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=client_credentials&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET" \
| jq -r '.access_token')The token is a JWT carrying your client_id claim, which the MCP server maps to your organization. Send it as Authorization: Bearer <token> on every MCP request.
2. Initialize an MCP session
POST /v1/sse with an initialize request and no session header. The session id is returned in the response header mcp-session-id — capture it and send it on every subsequent call.
# -D - dumps response headers so you can read mcp-session-id
curl -s -D - "https://mcp.bonafide.ai/v1/sse" \
-H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2025-03-26",
"capabilities": {},
"clientInfo": { "name": "my-integration", "version": "1.0" }
}
}'
# Response header: mcp-session-id: <uuid>
export SID=<uuid-from-header>3. List the available tools
curl -s "https://mcp.bonafide.ai/v1/sse" \
-H "Authorization: Bearer $TOKEN" \
-H "mcp-session-id: $SID" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/list"}'Returns bonafide_query and bonafide_search_documents with their input schemas.
4. End the session (optional)
curl -s -X DELETE "https://mcp.bonafide.ai/v1/sse" \
-H "Authorization: Bearer $TOKEN" \
-H "mcp-session-id: $SID"See Worked example for full tools/call requests against your organization.
Last updated on