MCP Integration

Connect AI agents like Claude, Cursor, and Windsurf to your Noloco app data using the Model Context Protocol (MCP)

New to MCP? Start with Connect your own AI agent — it walks through both the app-data MCP and the guides MCP together.

The Noloco MCP (Model Context Protocol) server lets AI assistants list your tables, read records, and create, update, or delete entries through natural language.

One MCP URL covers every Noloco app where you're a data admin:

https://api.core.noloco.io/mcp

There's no API key and no per-app URL. The first time a client calls the server, a browser window opens for you to sign in and pick which apps the client can access and whether it gets read or read + write on each.

A connected client acts with your data admin role on every app you approve. It can read and modify all records in those apps regardless of row-level permissions. Only approve clients you trust.

Connecting an AI Client

The Noloco MCP server uses Streamable HTTP transport with OAuth, which all major MCP clients support.

Claude Desktop

Open Settings → Connectors, find Noloco in the directory, and click Connect. The consent screen opens in your browser.

Claude Code

Run:

claude mcp add --transport http noloco https://api.core.noloco.io/mcp

The next time you start a session, Claude Code opens the consent screen in your browser.

Cursor & Windsurf

Open the MCP settings panel and add:

{
  "mcpServers": {
    "noloco": {
      "url": "https://api.core.noloco.io/mcp"
    }
  }
}

The first tool call opens the consent screen.

Other MCP Clients

Any client that supports OAuth over Streamable HTTP can connect. Point it at https://api.core.noloco.io/mcp — no header, no key. The client handles the OAuth flow on first connection.

Available Tools

Every data tool takes a projectName argument. The agent calls list_projects first to discover which apps it can see, then passes the right project name on each call.

Tool

What it does

list_projects

Lists every Noloco app you approved for this client, with the scope (read or read + write) granted on each

list_tables

Lists tables in an app

get_table_schema

Returns a table's field types, options, and relationships

list_records

Fetches records with optional filtering, sorting, and pagination

get_record

Fetches a single record by ID

create_record

Creates a record

update_record

Updates a record by ID

delete_record

Deletes a record by ID

Security and Access Management

OAuth, not API keys. No long-lived secret is stored in the client config.
Per-app role check on every call. If you lose data admin access on an app, the next call from any connected client is rejected — no token reissue needed.
Per-client revocation. Each client has its own OAuth token; revoking one doesn't affect the others.
Scope chosen at sign-in. Pick read-only or read + write per app on the consent screen. Re-run the flow any time to change either.
HTTPS only.

FAQ

MCP FAQ

PreviousIntegrations & API Keys NextMCP FAQ

Last updated 2 days ago

Was this helpful?