Skip to main content

Before We Begin

Gather the following information, which you’ll need regardless of client.
1

Name

This is just a name you want to give your MCP server. Make sure it is unique to other MCP servers you’re using, and is human readable so you can easily keep track of what each server does.
2

URL

For the Xano MCP Server
Each instance has its own unique connection URL. The URL can be found inside of your Instance Settings panel from the instance selection screen by clicking the icon next to the instance you want to connect to.
When creating a URL, you’ll need to choose the scope of tools the URL provides. Each client will have its own limits on how many tools can be available at once, so make sure to consult your client’s documentation for more information.
For an MCP Server you built in Xano
Click the button next to the MCP server you want in the > screen.
3

Token

For the Xano MCP Server
The Xano MCP Server token can be found in the same place you retrieved your URL. See Generating an Access Token for more information.
For an MCP Server you built in Xano
The token for a custom MCP server is generated the same way your other auth tokens are generated, usually as part of your signup and login API logic.
Most clients authenticate to Xano MCP servers with a Bearer token sent in an Authorization header. Clients that can’t send a header — like Claude Desktop and Claude Web — can still connect by placing a token in the URL and validating it server-side. See Clients without header support below.

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/claude-ai-icon.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=b9de3a97860e4296c6d48664852a8e16

Claude Code

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/Cursor_light.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=c42cd27f6fa1b802cadd5a3514d7ff46

Cursor

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/Windsurf_light.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=ad7fc1569a810d534939040c60c6cc78

Windsurf

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/antigravity.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=d3a59a03aa32cd67b8d38b666814bd61

Antigravity

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/vscode.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=bb6c91058fcbe6ee28fcda04e03de2e6

VS Code

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/raycast.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=ce2c71c7938f28d0f8172df87a7d823e

Raycast

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/warp.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=b3224840b675a000ceca342e8b72ec54

Warp

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/claude-ai-icon.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=b9de3a97860e4296c6d48664852a8e16

Claude Desktop / Web


https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/claude-ai-icon.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=b9de3a97860e4296c6d48664852a8e16 Claude Code

In your terminal, run the following command, replacing <name>, <url>, and <token> with your server’s details:
claude mcp add --transport http <name> <url> --header "Authorization: Bearer <token>"

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/Cursor_light.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=c42cd27f6fa1b802cadd5a3514d7ff46https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/Cursor_dark.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=1f452577be9e9670a609608506ab5895 Cursor

Cursor supports one-click MCP server installation via install links, with your token sent as an Authorization header. Use the generator below to create yours.

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/Windsurf_light.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=ad7fc1569a810d534939040c60c6cc78https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/Windsurf_dark.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=2980a14b21d7c580ffac4b5493d2102c Windsurf

1

Access your Windsurf settings

Head to Windsurf Settings > Cascade and click MCP Marketplace.Click the icon to access your mcp_config.json file directly.
2

Add an entry for your MCP server

Use the generator below to get the correct JSON.

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/antigravity.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=d3a59a03aa32cd67b8d38b666814bd61 Antigravity

1

Access your Antigravity MCP settings

  1. Open the MCP store via the ”…” dropdown at the top of the editor’s agent panel.
  2. Click on “Manage MCP Servers”
  3. Click on “View raw config”
  4. Modify the mcp_config.json with your custom MCP server configuration.
2

Add an entry for your MCP server

Use the generator below to get the correct JSON.

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/vscode.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=bb6c91058fcbe6ee28fcda04e03de2e6 VS Code

These instructions may work for other VS Code-based IDEs, but we recommend consulting that client’s official documentation for more specific instructions. Per-project: Create or open .vscode/mcp.json in your workspace and add the configuration generated below. Across multiple projects:
  1. Run the MCP: Open User Configuration command, which opens the mcp.json file for your user profile. Add the configuration generated below.

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/raycast.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=ce2c71c7938f28d0f8172df87a7d823e Raycast

Raycast connects to remote MCP servers through its built-in Install MCP Server form, which supports custom HTTP headers. Native MCP support requires Raycast 1.98 or later.
  1. Run the Install MCP Server command, or run Manage MCP Servers and choose Install New Server.
  2. Set Transport to HTTP and enter your MCP server’s URL.
  3. Under HTTP Headers, add a header with the key Authorization and the value Bearer <token>. Leave the OAuth fields empty — Xano MCP servers authenticate with a static bearer token, not OAuth.
  4. Press ⌘ + Enter to install. Raycast connects to the server and loads its tools, which you can then @-mention in AI Chat.

https://mintcdn.com/xano-997cb9ee/aZQYcxhIvSDTNEim/images/icons/warp.svg?fit=max&auto=format&n=aZQYcxhIvSDTNEim&q=85&s=b3224840b675a000ceca342e8b72ec54 Warp

  1. Access Warp Drive and click MCP Servers in your Personal settings.
  2. Click + Add and add the configuration generated below.

Clients without header support

Some MCP clients — including Claude Desktop and Claude Web — can only authenticate by putting credentials in the connection URL. Their Add custom connector flow accepts a URL but has no field for an Authorization header, so Xano’s native, header-based MCP authentication won’t work for them. You can still connect these clients securely: put a token in the URL and validate it yourself with an MCP server trigger.
1

Get your server's streaming connection URL

Retrieve the streaming connection URL for your MCP server (see Before We Begin). It looks like this, with mcp appearing twice:https://your-instance.xano.io/x2/mcp/{server-id}/mcp/streaming
2

Put your token in the URL

Replace the second mcp with your token:https://your-instance.xano.io/x2/mcp/{server-id}/{token}/streamingThis is the value you paste into the client’s Add custom connector URL field. Server-side, the token is exposed as the token variable.
3

Do not enable native authentication on your tools in Xano

Native MCP authentication expects an Authorization header, which these clients can’t send. Leave Authentication turned off on the tools — you can enforce access with middleware or a trigger instead, so an unauthenticated client can’t reach your tools without a valid URL token.
4

Validate the token with an MCP server trigger or middleware

Add an MCP server trigger that runs on connection and rejects anyone whose URL token isn’t valid. The token arrives on the trigger’s special toolset object as toolset.token. If the trigger throws an accessdenied error, the connection is refused and no tools run.On a valid token, the trigger must return the toolset and tools objects — that’s what hands the available tools back to the client — so pass them through unchanged once the check passes.You can also use middleware for more precise control over the user experience, but triggers are a better option if you have a mix of tools that do and do not require auth.
Please note that if a tool is not using native authentication, it will appear in the list of tools when connected to the MCP server (unless modified via a trigger). We recommend if at all possible, use headers instead.

Validate a single rotating token

The simplest setup checks the URL token against one environment variable. It’s easy to rotate and is shared by everyone who has the URL — a good fit for a system-wide secret.
mcp_server_trigger "validate_url_token" {
  mcp_server = "demo"
  actions = {connection: true}
  active = true
  description = "Reject MCP connections that don't carry a valid token in the URL"

  // Predefined MCP server trigger input — `toolset.token` is the URL token
  input {
    object toolset {
      schema {
        int id
        text name
        text instructions
        text token
      }
    }
    object[] tools {
      schema {
        int id
        text name
        text instructions
      }
    }
  }

  stack {
    var $token { value = $input.toolset.token }

    precondition ($token == $env.MCP_URL_TOKEN) {
      error_type = "accessdenied"
      error = "Invalid or missing MCP token"
    }
  }

  response = { toolset: $input.toolset, tools: $input.tools }
  history = false
}

Validate per-user tokens

To attribute connections to individual users — and revoke them independently — store tokens in a table and look them up on connection.