Developers · Model Context Protocol

Drive Supapost from any MCP-capable agent.

Supapost exposes a Model Context Protocol server at mcp.supapo.st. Connect Claude Code, Cursor, Windsurf, OpenCode, OpenClaw, or any other MCP client, and your agent gains 20+ tools for generating content, managing influencers, and scheduling posts.

Quick start

The fastest way to connect, browser OAuth, no API key to manage:

Claude Codebash

claude mcp add --transport http supapost https://mcp.supapo.st

When you first use a Supapost tool, your browser opens supapo.st/mcp/authorize. You sign in with Google, approve access to your workspace, and the MCP client stores an access token. From then on every tool call is authenticated automatically.

Connecting other clients

Cursor, Windsurf, VS Code

Add the server to your client's .mcp.json (project-level) or ~/.cursor/mcp.json (global):

.mcp.jsonjson

{
  "mcpServers": {
    "supapost": {
      "url": "https://mcp.supapo.st"
    }
  }
}

Raw HTTP clients with Bearer token

Skip OAuth entirely by creating an API key at Settings → Developer and passing it as a Bearer token. Keys start with sp_live_.

Any MCP HTTP clientjson

{
  "mcpServers": {
    "supapost": {
      "url": "https://mcp.supapo.st",
      "headers": { "Authorization": "Bearer sp_live_..." }
    }
  }
}

Local stdio fallback

When you need a local process, for custom SUPAPOST_API_URL, air-gapped networks, or MCP clients that don't support HTTP, use the stdio package from npm:

Claude Code (stdio)bash

claude mcp add supapost --env SUPAPOST_API_KEY=sp_live_... -- npx -y @supapost/mcp

The @supapost/mcp package is open source and thin: it translates MCP tool calls into REST calls against api.supapo.st.

Transports explained

Remote HTTP (Streamable HTTP)

The MCP specification's current transport. One HTTP endpoint accepts POST JSON-RPC messages; the server streams responses over the same connection when needed. Authed via OAuth 2.1 with PKCE (Cloudflare Workers OAuth Provider handles the ceremony). Best for: everyone who isn't specifically blocked from reaching mcp.supapo.st.

Local stdio

The original MCP transport. Your client launches a local Node process and talks to it over stdin/stdout. No network, no OAuth, just SUPAPOST_API_KEY as an env var. Best for: scripting, dev environments, custom endpoints.

Verify the connection

After registering the MCP, call list_models once. You should get a JSON list of available generation models. If you get 401 Invalid API key, your key is wrong, expired, or missing the sp_ prefix, regenerate at Settings → Developer.

Tool reference

Every tool is a function the agent can call. Each tool validates its arguments with Zod and returns JSON. The full 20+ tool list:

Tool	Kind	Description
`list_models`	Read	List available image and video generation models.
`list_influencers`	Read	List AI influencers in the workspace.
`list_products`	Read	List products from connected Shopify or Etsy stores.
`list_projects`	Read	List slide / influencer / video projects.
`get_project`	Read	Get one project by id.
`list_scheduled_posts`	Read	List queued posts within a date range.
`list_assets`	Read	List uploads, AI-generated assets, and exports.
`list_social_accounts`	Read	List connected TikTok / Instagram / YouTube / X accounts.
`list_stores`	Read	List connected commerce stores.
`generate_image`	Write	Queue an image generation job. Supports influencerId for identity locking.
`generate_video`	Write	Queue an image-to-video job (Kling by default).
`generate_slides`	Write	Generate a full TikTok slideshow draft from a single prompt.
`create_influencer`	Write	Create an AI influencer with an identity anchor image.
`update_influencer`	Write	Update influencer metadata or image set.
`delete_influencer`	Write	Delete an influencer and its generated assets.
`upsert_project`	Write	Create or update a project. Omit id to create.
`delete_project`	Write	Delete a project.
`schedule_post`	Write	Queue a post for a future ISO 8601 datetime.
`update_scheduled_post`	Write	Reschedule, retitle, or change status of a queued post.
`delete_scheduled_post`	Write	Cancel a scheduled post.
`publish_tiktok`	Write	Publish a slideshow to TikTok drafts right now.
`delete_asset`	Write	Delete an asset by id.

Example workflows

Build a 10-slide TikTok deck from a prompt

Agent calls generate_slides with { prompt: 'morning routine for new moms, warm pastel, 10 slides' }.
The server returns a project with slides, background images, and text layers.
Agent optionally calls upsert_project to tweak metadata (status = draft → published).
Agent opens https://app.supapo.st/studio/slides/<id> in your browser for final review.

Create a consistent AI influencer

generate_image with the character description. Pick the best.
create_influencer with that URL in images[]. The first image becomes the identity anchor.
For every new scene, generate_image with influencerId set. Describe scene only, the anchor handles the face.

Schedule a post for next Tuesday 9am

list_social_accounts → find the TikTok account id.
schedule_post with platform: "tiktok", socialAccountId, ISO 8601 scheduledAt, and either a projectId (existing deck) or imageUrls[].
Delivery runs through Cloudflare Queues with automatic retries, your post goes live within seconds of the scheduled time.

Security

OAuth tokens are short-lived and scoped to one workspace. Revoke any time from Settings → Developer.
API keys are verified by Unkey and scoped to one team. Generate per-use, rotate freely.
All tool calls run through the same authentication and authorisation middleware as the web app, Row-Level Security on every database read, team scoping on every write.
All input is validated with Zod schemas shared between the web editor and the API, no shape mismatches, no surprise fields.

FAQ

What is the Model Context Protocol?

MCP is an open protocol for connecting AI agents to tools and data sources. It lets a language model call external functions, like generate_image or schedule_post, without you having to write custom wiring for every agent. Supapost exposes its product surface as an MCP server so any MCP-compliant client can drive it.

Remote HTTP vs. local stdio, which should I pick?

Remote (mcp.supapo.st) is the default for most users: no local install, browser OAuth, auto-updates when we ship new tools. Local stdio (@supapost/mcp on npm) is the fallback if your network blocks the remote endpoint, if you need to run against a custom SUPAPOST_API_URL, or if your MCP client doesn't support HTTP transport.

How is the MCP authenticated?

Remote MCP uses OAuth 2.1 with PKCE via Cloudflare's Workers OAuth Provider. The first tool call opens supapo.st/mcp/authorize in your browser, where you sign in with Google and approve access. The client stores a short-lived access token scoped to your workspace. Local stdio uses an API key (sp_...) from Settings → Developer.

What can the MCP do?

20+ tools across the full product: list/generate images, generate video (image-to-video), generate full slide decks, manage AI influencers and identity anchors, manage projects, schedule posts across TikTok/Instagram/YouTube/X, publish TikTok drafts directly, list/delete assets, list connected stores and social accounts.

Is there rate limiting?

Yes. Reads have a generous limit (600/min), writes 120/min, and generation 30/min. These match the REST API limits and are per-team, not per-client, so the MCP and your custom integrations share the same budget.

What happens if the MCP returns a 401?

For remote MCP, re-authenticate with /mcp in your client. For stdio, your API key is invalid or expired, regenerate at app.supapo.st/settings/developer.