MCP server
Connect Claude Code, Cursor, or any MCP client over OAuth and let your agent drive the /v1 API.
The Rank Prompt MCP server is a hosted remote Model Context Protocol
server at https://mcp.rankprompt.com/mcp. It exposes your AI visibility data (brands, reports,
citations) as tools any MCP client can call, plus generic read, write, and delete over the
/v1 API. Same data and the same entitlement as the API; nothing to host or keep running.
For the product overview see the MCP landing page. This page is the technical reference.
| Property | Value |
|---|---|
| Endpoint | https://mcp.rankprompt.com/mcp |
| Transport | Streamable HTTP (remote), one JSON-RPC request per POST |
| Auth | OAuth 2.1 + PKCE in the browser, or a pass-through API key |
| Plan | Starter and up, or a standalone API plan (the same entitlement as the /v1 API) |
| Tools | 20, read-only by default; write tools are explicit |
Connect
Pick your client, add the server, then authenticate. In Claude Code you sign in over OAuth and never paste a key. Other clients point at the URL and approve in the browser, or fall back to an API key.
claude mcp add --transport http --scope user rankprompt https://mcp.rankprompt.com/mcp{
"mcpServers": {
"rankprompt": {
"url": "https://mcp.rankprompt.com/mcp"
}
}
}--scope user makes the server available in every project. Once connected, call rankprompt_prime
first: it returns your entitlement status and the canonical workflow the agent should follow.
Authentication
Two ways to authenticate, both resolving to a scoped /v1 API key:
- OAuth 2.1 (interactive clients). The client registers over dynamic client registration, then you
approve access on a consent screen and sign in with Google. The flow uses PKCE (
S256), so no secret ends up in your shell history. The access token the server issues carries your API key encrypted: the client can read the token but not the key, which is decrypted server-side only to call/v1. - Pass-through API key (headless / CI). Send a
rp_live_...key as the bearer token. Mint one on the Developers page inside your workspace. Use this for clients without a built-in OAuth flow.
Either way, every call is bound to the key’s scopes and brand restriction, and revoking a key takes effect on its next call.
Scopes
The OAuth flow mints a key scoped to the MCP toolset: brands, reports, prompts, citations, jobs, page
audit, scheduled reports, and region configs (read and write where a tool needs it). The generic
rankprompt_read, rankprompt_write, and rankprompt_delete tools reach any /v1 path within those
scopes. Endpoints outside the set (for example webhooks or shares) return
insufficient_scope.
Implementing your own client
Discovery is standard, so any compliant MCP client connects with no manual config. All paths are on the
server origin mcp.rankprompt.com:
| Document | Path |
|---|---|
| Protected resource metadata (RFC 9728) | /.well-known/oauth-protected-resource |
| Authorization server metadata (RFC 8414) | /.well-known/oauth-authorization-server |
| Dynamic client registration (RFC 7591) | POST /oauth/register |
| Authorize | GET /oauth/authorize |
| Token | POST /oauth/token |
Public clients only (token_endpoint_auth_method: none), the authorization_code grant, and PKCE
S256 are required. A tools/call sent without a token returns 401 with a WWW-Authenticate header
pointing at the protected-resource metadata, which is the pointer MCP clients follow to start OAuth.
Tools
Twenty tools, read-only by default. The write tools are explicit, and the generic read, write, and
delete tools reach any /v1 endpoint within your scopes, so the agent grows with the API.
Discover
| Tool | What it does |
|---|---|
rankprompt_prime | Start here: auth, the canonical loop, and your entitlement status. |
rankprompt_schema | Find any /v1 endpoint by method, path, and summary. |
rankprompt_skills_list | List the built-in playbooks (workflow, prompts, scheduling, seo-aeo). |
rankprompt_skills_read | Read a playbook by name. |
Read
| Tool | What it does |
|---|---|
rankprompt_list_brands | List your brands, newest first. |
rankprompt_get_brand_facts | A brand’s researched facts (description, industry, value prop). |
rankprompt_list_reports | A brand’s reports, newest first. |
rankprompt_get_report | Full report: prompts, per-platform results, and citations inlined. |
rankprompt_get_report_summary | Visibility score plus AI analysis for a report. |
rankprompt_list_citations | A brand’s citations, with actionability filters. |
rankprompt_get_job | Poll an async job until it completes. |
rankprompt_read | Generic GET against any /v1 path. |
Build
These tools write.
| Tool | What it does |
|---|---|
rankprompt_research_brand | Research a brand’s facts automatically (async, 1 credit). |
rankprompt_create_report | Create a draft report and pick the engines. |
rankprompt_add_prompts | Seed a report with prompts, or auto-generate them. |
rankprompt_create_schedule | Re-measure a brand daily, weekly, or monthly. |
Act
These tools write.
| Tool | What it does |
|---|---|
rankprompt_run_report | Trigger an analysis run and get a job to poll. |
rankprompt_audit_pages | SEO/AEO audit of a URL, list, or sitemap (1 credit per page). |
rankprompt_write | Generic POST or PATCH against any /v1 path. |
rankprompt_delete | Generic DELETE against any /v1 path. |
The workflow
Run it end to end. The value is in shipping the fixes, not in “report done”. rankprompt_prime
returns this loop in full.
- Pick or create a brand, and make sure it has facts. A report cannot run without them.
- Create a report and choose the engines.
- Seed prompts (the questions engines answer), or auto-generate them.
- Run the report and poll the job until it completes.
- Read the summary (score plus AI analysis) and the actionable citations: those are the to-do list.
- Audit your pages, implement the fixes in your repo, then track over time with a schedule.
Engines and credits
Reports measure mentions and citations across six answer engines: ChatGPT, Perplexity, Google AI Mode, Claude, Gemini, and Grok. Choose the platforms when you create a report:
- Standard (
chatgpt,perplexity,ai_overviews,claude): 1 credit per prompt, total. - Premium (
chatgpt_search,claude_search,gemini,grok): 1 credit per platform, per prompt.
See Pricing for the full cost model.
Security
- OAuth 2.1 with PKCE (
S256): browser sign-in, no secret in your shell history. - Dynamic client registration plus an explicit consent screen with Google sign-in.
- Your API key is never exposed to the client. It is carried encrypted inside the access token and
decrypted server-side only to call
/v1. - Scoped, brand-restricted access. Revocation is enforced on every call.
- A hosted remote server; the OAuth endpoints are rate-limited per IP.