MCP Streamable HTTP

Endpoint:

Code
POST /mcp
Authorization: Bearer $LOQY_API_KEY
Content-Type: application/json

JSON-RPC 2.0 over MCP Streamable HTTP. Use the same key and scopes as REST. MCP auth keeps client IP headers for the 120/min/IP limit; 429 includes Retry-After.

Methods

• initialize
• ping
• tools/list
• tools/call
• notifications without id return 202 Accepted

Tools

Read-only curated surface. Tools map to GET /api/v1/capabilities, /api/v1/agents, /api/v1/models, /api/v1/projects, /api/v1/conversations:

• getDeveloperApiCapabilities: settings:read.
• listAgents: agents:read.
• listModels: models:read.
• listProjects: projects:read.
• listConversations: conversations:read.

Code
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": { "name": "listAgents", "arguments": {} }
}

Writes stay REST-only: credential creation is session-authenticated; conversation creation requires REST + Idempotency-Key.

Smoke:

Code
curl https://saas.ha.knwl.me/mcp -H "Authorization: Bearer $LOQY_API_KEY" -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

Manifest: /docs/contracts/saas-agents.v1.mcp.json.