Skip to main content
Register your own external MCP server by URL. RouteMCP connects out to it as an MCP client, introspects everything it exposes (tools and their schemas), enriches and embeds them, and materializes the result as a first-class toolkit in your catalog — usable in the playground, the router, and the chat completion endpoint, just like a built-in integration (HubSpot, Postgres, etc.).
Bring Your Own MCP is shared / org-level: you supply one credential at registration and it’s reused for every call your agents make to that server. (There is no per-end-user connection for custom servers — that flow is reserved for unified-API integrations.)

How it works

1

Register the server

In the dashboard, go to Bring Your Own MCP → Add MCP server. Provide a name, the server URL, and its authentication (see below). RouteMCP validates the URL (SSRF-guarded) and saves it.
2

Authenticate (OAuth only)

For OAuth servers, click Connect after saving to complete the authorization handshake. Servers using none / API key / bearer are ready immediately.
3

Cataloging

RouteMCP introspects the server, classifies each tool’s risk, and embeds it for search. The discovered tools appear under Discovered tools, each with an enable/disable toggle.
4

Use it

Add the toolkit to a workspace and call it from the chat endpoint, or explore it in the playground. See Using your server.

Authentication

Pick one auth type when registering. All credentials are encrypted at rest.

OAuth 2.0

RouteMCP implements the MCP authorization spec (OAuth 2.1 + PKCE). When you choose OAuth, two flavours are supported from the same form:

Dynamic Client Registration

Leave Client ID & Secret blank. If the server advertises a registration endpoint (RFC 7591), RouteMCP registers a client automatically. Example: ClickUp.

Pre-registered app

Fill in Client ID & Secret from an OAuth app you created on the provider. Required when the server has no DCR. Examples: Google Chat, GitHub.
Scopes — some providers (e.g. Google) don’t advertise scopes and require them explicitly. Enter space-separated scopes in the Scopes field when registering. You can also override the Authorization URL / Token URL if the server’s endpoints can’t be auto-discovered.
After saving an OAuth server, click Connect — you’ll be redirected to the provider to authorize, then returned to the dashboard. Cataloging starts automatically once the token is stored.
For pre-registered OAuth apps, add RouteMCP’s callback to your app’s Authorized redirect URIs: https://<your-api-host>/api/v1/connect/oauth/callback

Using your server in chat

A registered MCP server becomes a toolkit identified by a toolkit slug (shown on the server detail card, with a copy button). The chat endpoint is addressed by a workspace serverId, not the toolkit slug — so you attach the toolkit to a workspace, then chat with that workspace.
1

Attach the toolkit to a workspace

In the dashboard, add the toolkit to a workspace’s integrations (pick it by name). Or via the API, pass its slug in integrations:
Omit integrations (or pass []) to expose all of your org’s toolkits — your custom server included.
2

Chat with the workspace

Call the chat endpoint with the workspace’s serverId:
The agent discovers your server’s tools via SEARCH_TOOLS and runs them via MULTI_EXECUTE_TOOL, wrapped in the platform’s resilience stack.

Managing a server

  • Re-sync — re-introspect the server to pick up new or changed tools. Available once the server is connected and catalogued.
  • Enable / disable tools — toggle individual tools from the discovered-tools list to control what agents can call.
  • Delete — removes the server and archives its toolkit. The dashboard warns you which workspaces reference it before you confirm.

Notes & limits

  • Shared-only. One org-level credential per server, reused for all end-users.
  • Transport is auto-detected (Streamable HTTP or SSE).
  • Resilience — every call goes through the same circuit breaker, rate limiting, retry, and timeout stack as built-in integrations.
  • Security — server URLs are SSRF-validated; tool errors returned to the agent are scrubbed of secret-looking values.