Connect and authenticate

Production MCP endpoint, streamable HTTP, Cursor and Claude setup, credential modes, and direct tool calls.

Thirdfy MCP is a managed Cloudflare Workers endpoint. You connect your agent host to it and call tools directly. There is no public open-source MCP repository to clone or self-host.

Production endpoint

ItemValue
Base URLhttps://mcp.thirdfy.com
MCP connectorPOST https://mcp.thirdfy.com/mcp (streamable HTTP)
Tool RESTPOST https://mcp.thirdfy.com/tool/<toolName>
Tool manifestGET https://mcp.thirdfy.com/tools
HealthGET https://mcp.thirdfy.com/health

Use GET /health and GET /tools as smoke checks after you add the connector. The live manifest is the source of truth for tool names on the shipping endpoint.

HTTP surfaces

SurfacePathAuth
MCP connectorPOST /mcpPer tool policy
Tool RESTPOST /tool/<toolName>Per tool policy
HealthGET /healthPublic
Tool manifestGET /toolsPublic
Chat capabilitiesGET /chat/capabilitiesPublic
Agents listGET /agentsBootstrap / agent / full key
Providers resourceGET /resources/providersPublic (thirdfy://providers)
Catalog resourceGET /resources/actions/catalogPublic (thirdfy://actions/catalog)

Claude Managed Agents

Create the agent in Claude Console (see Anthropic docs), then add an MCP connector (streamable HTTP):

  1. Set the URL to https://mcp.thirdfy.com/mcp.
  2. Complete onboarding with bootstrap or agent_api_key (see Authentication below).
  3. Start with getActionsCatalog and getProviderActions before any write.

Full walkthrough: Claude Managed Agents.

Cursor and OpenClaw

Add Thirdfy MCP to your host MCP config with streamable HTTP transport pointing at https://mcp.thirdfy.com/mcp.

Example Cursor mcp.json entry:

{
  "mcpServers": {
    "thirdfy": {
      "url": "https://mcp.thirdfy.com/mcp"
    }
  }
}

Pass agentApiKey on credentialed tools. For hosted runtimes, optional executionContext (runtimeId, orgId) on walletExecute, executeIntent, and agentRun attributes credits to the correct runtime.

Prefer getProviderActions (not the legacy getTradingProviderActions alias) for venue discovery.

Direct tool calls (no MCP host)

Agents and scripts can call tools over HTTP without an MCP session:

curl -s https://mcp.thirdfy.com/health
curl -s https://mcp.thirdfy.com/tools

curl -s -X POST https://mcp.thirdfy.com/tool/getActionsCatalog \
  -H "Content-Type: application/json" \
  -d '{}'

curl -s -X POST https://mcp.thirdfy.com/tool/getProviderActions \
  -H "Content-Type: application/json" \
  -d '{"provider":"hyperliquid","view":"concise"}'

Credentialed writes pass the agent key in the JSON body and/or Authorization: Bearer <agent-api-key>:

curl -s -X POST https://mcp.thirdfy.com/tool/executeIntent \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer agent-..." \
  -d '{"agentApiKey":"agent-...","action":"preflight","chainId":8453}'

Full tool list and auth profiles: Tools reference.

Authentication

Auth policy is enforced per tool across /mcp and /tool/*. Backend execution remains fail-closed even when MCP accepts a call.

Credential modes

ModeToken shapeTypical use
noneNo credentialPublic discovery, allowlisted read tools
bootstrapbtp...Short-lived onboarding from POST /auth/bootstrap/issue
agent_api_keyagent-...Managed agent execution (preferred)
full_api_keyOperator keyPrivileged maintenance and private integrations

Bootstrap issuance supports:

  • Session proof: ownerSessionToken or authToken
  • Wallet proof: challengeId + signature via the onboarding verifier route

Anonymous-safe read tools

Callable without credentials (illustrative list):

  • getActionsCatalog
  • getProviderActions
  • getChainCapabilities
  • getNonEvmCapabilities
  • getThirdfyHelp
  • describeOnboardingPath
  • startEmailOnboarding
  • completeEmailOnboarding
  • listTools

All writes, delegation mutations, wallet execution, and portfolio reads require credentialed modes per tool authProfile.

Bootstrap-allowed tools

Bootstrap tokens may call setup tools such as agentRegister, managedWalletInit, delegationCreate, agentWalletBootstrap, and walletExecute when policy allows. Full matrix: Tools reference.

HTTP failure semantics

CodeMeaning
401 / 403Credential mode or tool policy denied
404Unknown route or tool
429Rate limited
5xxUpstream Thirdfy API failure

CEX credentials

MCP never accepts raw Bitfinex (or other CEX) API keys. Tools pass credentialRef metadata to Thirdfy API only. Store credentials with the CLI or API; see Bitfinex integration.

GET /tools
  → describeOnboardingPath
  → startEmailOnboarding / completeEmailOnboarding (bootstraps agent API key)
  → getWalletProfile / agentWalletBootstrap
  → getActionsCatalog
  → getProviderActions
  → preflight or walletExecute

Optional later: agentRegister (directory profile) or Creator Platform (web UI).

Chapter guides: Discovery · Onboarding · Execution

Security reminder

MCP is a public edge surface, not a trust boundary. Never paste operator or full platform API keys into agent prompts. Use agent_api_key or bootstrap tokens scoped to your agent.