Base URL & endpoints
| Base URL | https://mcp.bonafide.ai |
| Protocol | HTTPS only — HTTP requests are rejected at the edge. |
| Transport | MCP over Streamable HTTP (SSE), protocol version 2025-03-26. |
Endpoints
POST
bearer — MCP JSON-RPC (initialize, tools/list, tools/call). Main endpoint./v1/sseGET
bearer — Long-lived SSE stream for server-initiated notifications. Optional./v1/sseDELETE
bearer — Explicitly terminate an MCP session./v1/sseGET
public — Liveness / dependency status. No credentials required./healthGET
public — OAuth 2.0 Authorization Server metadata (discovery)./.well-known/oauth-authorization-serverGET
public — OAuth Protected Resource metadata (discovery)./.well-known/oauth-protected-resourceGET
public — OAuth authorization endpoint (PKCE). Used by the Claude connector flow./authorizePOST
public — OAuth token endpoint (authorization_code + refresh_token)./tokenThe table below summarizes the same endpoints:
| Endpoint | Auth | Purpose |
|---|---|---|
POST /v1/sse | bearer | MCP JSON-RPC requests (initialize, tools/list, tools/call). This is the main endpoint. |
GET /v1/sse | bearer | Long-lived SSE stream for server-initiated notifications. Optional. |
DELETE /v1/sse | bearer | Explicitly terminate an MCP session. |
GET /health | public | Liveness / dependency status. No credentials required. |
GET /.well-known/oauth-authorization-server | public | OAuth 2.0 Authorization Server metadata (discovery). |
GET /.well-known/oauth-protected-resource | public | OAuth Protected Resource metadata (discovery). |
GET /authorize | public | OAuth authorization endpoint (PKCE). Used by the Claude connector flow. |
POST /token | public | OAuth token endpoint (authorization_code + refresh_token). |
Last updated on