Integrations

MCP server

Manage your projects, knowledge, and agents from any MCP-compatible client like Claude, Cursor, or your own scripts.

Lorito exposes a Model Context Protocol (MCP) server, so you can manage your account from any MCP-compatible client. Connect Claude, Cursor, or your own tooling and create projects, add knowledge sources, and edit agents through a conversation or a script instead of the dashboard.

This is especially useful for agencies running many client projects: spin up a new project, point it at a website, and adjust the agent's persona without leaving your assistant.

Everything you do over MCP is scoped to your own account. The connected client can only see and change the organisations and projects you already have access to, exactly as if you were using the dashboard yourself.

What you can do

The server provides tools across three areas:

  • Projects — list, view, create, and update projects.
  • Knowledge — list a project's sources, add a website to index, and remove a source.
  • Agents — view a project's agent and update its persona, model, and instructions.

See the full list with arguments in the Tools reference.

Endpoint

https://www.lorito.ai/api/mcp

The server speaks streamable HTTP using stateless JSON. Point any MCP client that supports remote servers at this URL.

Connecting a client

Lorito uses OAuth to authorise clients. You never paste an API key or token. Instead, your client sends you to Lorito to sign in and approve access, then stores the result securely on your behalf.

Add the server to your client

In your MCP client, add a new remote server (in Claude this is Settings → Connectors → Add custom connector) and enter the endpoint URL above. Clients that work through a local bridge can use mcp-remote instead (see below).

Sign in to Lorito

The first time the client connects, it opens a Lorito sign-in page in your browser. Sign in with the same account you use for the dashboard.

Approve access

Lorito shows a consent screen listing the client requesting access and your signed-in email. Click Allow access. Your browser returns to the client and the connection is ready. You only do this once per client.

Config file examples

Clients that support remote MCP servers natively (such as Claude Code) connect to the URL directly and manage the OAuth flow for you:

{
  "mcpServers": {
    "lorito": {
      "type": "http",
      "url": "https://www.lorito.ai/api/mcp"
    }
  }
}

Clients that only support local (stdio) servers — such as Claude Desktop's config file — bridge the remote server with mcp-remote instead:

{
  "mcpServers": {
    "lorito": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://www.lorito.ai/api/mcp"]
    }
  }
}

Either way, on first connect your browser opens to complete the sign-in and approval flow, and the authorisation is cached for future sessions.

How access is scoped

Your approval grants the client access as you. Every tool call runs with your account's permissions:

  • You only see projects in organisations you belong to.
  • Asking for another organisation's data returns nothing, rather than leaking it.
  • Writes (creating a project, adding a source, editing an agent) are subject to the same plan limits and rules as the dashboard.

To revoke a client's access, remove the connector in your client and the cached authorisation along with it.

Good to know

  • Stateless JSON only. The server handles each request independently and does not keep a live streaming session open. Most clients handle this transparently. Server-sent event streams are not supported.
  • Adding a website starts indexing immediately. The source_add tool discovers the site's pages and begins indexing right away, the same as adding a source in the dashboard. Larger sites take longer to finish.
  • Editing an agent's instructions is versioned. Updating a system prompt over MCP saves a new prompt version, so you can always see what changed and when.

Next steps

On this page