> ## Documentation Index > Fetch the complete documentation index at: https://doc.featherhq.com/llms.txt > Use this file to discover all available pages before exploring further. # Connect a customer-supplied MCP server (static creds or OAuth) > Static-cred connections are born ``active``; OAuth returns an ``authorize_url`` + ``state`` and the row starts ``pending_oauth`` until the ``/integrations/oauth/callback`` redirect lands. ``server_url`` (and any OAuth endpoint URLs) are SSRF-validated in the service layer. ## OpenAPI ````yaml /api-reference/openapi.json post /v1/integrations/connections/custom-mcp openapi: 3.1.0 info: title: Feather API description: >- Unified customer experience platform API. Manages identity, conversations, memory, agents, procedures, policies, model routing, knowledge bases, integrations, and runtime execution. version: 1.21.0 servers: - url: https://api-sandbox.featherhq.com description: Sandbox - url: http://localhost:8000 description: Local dev security: [] paths: /v1/integrations/connections/custom-mcp: post: tags: - integrations summary: Connect a customer-supplied MCP server (static creds or OAuth) description: >- Static-cred connections are born ``active``; OAuth returns an ``authorize_url`` + ``state`` and the row starts ``pending_oauth`` until the ``/integrations/oauth/callback`` redirect lands. ``server_url`` (and any OAuth endpoint URLs) are SSRF-validated in the service layer. operationId: connectCustomMcp requestBody: content: application/json: schema: $ref: '#/components/schemas/CustomMcpConnectionCreate' required: true responses: '201': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/CustomMcpConnectResponse' '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Authentication required content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - APIKeyHeader: [] components: schemas: CustomMcpConnectionCreate: properties: nickname: type: string title: Nickname server_url: type: string title: Server Url transport: type: string title: Transport default: sse auth_type: type: string title: Auth Type default: none token: anyOf: - type: string - type: 'null' title: Token api_key: anyOf: - type: string - type: 'null' title: Api Key api_key_header: type: string title: Api Key Header default: X-API-Key headers: additionalProperties: type: string type: object title: Headers oauth_authorize_url: anyOf: - type: string - type: 'null' title: Oauth Authorize Url oauth_token_url: anyOf: - type: string - type: 'null' title: Oauth Token Url oauth_client_id: anyOf: - type: string - type: 'null' title: Oauth Client Id oauth_client_secret: anyOf: - type: string - type: 'null' title: Oauth Client Secret oauth_scopes: items: type: string type: array title: Oauth Scopes additionalProperties: false type: object required: - nickname - server_url title: CustomMcpConnectionCreate description: >- Body for ``POST /v1/integrations/connections/custom-mcp``. One shape for all four auth types. ``none``/``bearer``/``api_key`` are the static-credential paths (Step 6 — the row is born ``active``); ``oauth`` is the authorization-code path (Step 7 — the row starts ``pending_oauth`` and the response carries ``authorize_url`` + ``state``). The OAuth endpoint URLs are optional because :func:`discover_mcp_oauth` fills them in when the server advertises RFC 9728 metadata; customer-supplied values override discovery. CustomMcpConnectResponse: properties: connection_id: type: string format: uuid title: Connection Id status: type: string title: Status vendor: type: string title: Vendor authorize_url: anyOf: - type: string - type: 'null' title: Authorize Url state: anyOf: - type: string - type: 'null' title: State type: object required: - connection_id - status - vendor title: CustomMcpConnectResponse description: >- Returned by ``POST /v1/integrations/connections/custom-mcp``. ``authorize_url`` + ``state`` are populated only for the ``oauth`` path so the frontend can redirect the user to the provider; the static paths return ``status="active"`` with both ``None``. ErrorResponse: properties: error: type: string title: Error message: type: string title: Message type: object required: - error - message title: ErrorResponse description: Standard error response returned by all API error handlers. HTTPValidationError: properties: detail: items: $ref: '#/components/schemas/ValidationError' type: array title: Detail type: object title: HTTPValidationError ValidationError: properties: loc: items: anyOf: - type: string - type: integer type: array title: Location msg: type: string title: Message type: type: string title: Error Type input: title: Input ctx: type: object title: Context type: object required: - loc - msg - type title: ValidationError securitySchemes: APIKeyHeader: type: apiKey in: header name: x-api-key ````