MCP API — Kindo extensions
By default, POST /v1/mcp is a stock spec-conformant MCP server.
Kindo adds two opt-in extensions on top of the spec:
- Integration filter — narrow
tools/listto a specified subset of your integrations. - Connection management REST endpoints — list connections and pin the preferred default for each integration.
Use these when you need them; ignore them and the gateway still works.
1. Integration filter
Pass an explicit allow-list as either a query parameter or a
header, and tools/list returns only those integrations’
tools:
# Query parametercurl -X POST "https://api.kindo.ai/v1/mcp?integrations=linear,github" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -H "Authorization: Bearer $KINDO_API_KEY" \ -d '{ "jsonrpc": "2.0", "method": "tools/list", "id": 1 }'
# Header (equivalent)curl -X POST https://api.kindo.ai/v1/mcp \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -H "Authorization: Bearer $KINDO_API_KEY" \ -H "x-kindo-integrations: linear,github" \ -d '{ "jsonrpc": "2.0", "method": "tools/list", "id": 1 }'The filter narrows the set you would otherwise see — it never
grants access. If your account can’t reach github and you ask
for ?integrations=linear,github, you get only Linear tools back
(no error). Both forms accept comma-separated values; the query
parameter also accepts the array repetition form
(?integrations=linear&integrations=github). If both query and
header are present, the query parameter wins.
For the underlying rules — which integrations your account can reach in the first place — see Scoping.
2. Connection management REST endpoints
These are regular Kindo REST endpoints, not MCP methods. They manage which connection is the default for each integration when your account has more than one.
GET /v1/integrations/connections
Returns all integration connections accessible to the API-key holder, including shared group connections. Each entry indicates whether it is the preferred default for that integration.
curl https://api.kindo.ai/v1/integrations/connections \ -H "Authorization: Bearer $KINDO_API_KEY"{ "data": [ { "id": "conn_abc123", "display_name": "Charlie's Linear", "integration_config_id": "linear", "nango_connection_id": "nango_conn_1", "is_preferred": true, "created_at": "2026-03-10T18:45:23.000Z" } ]}POST /v1/integrations/connections/{integration_id}/default
Sets the preferred connection for a given integration.
{integration_id} is the same value as integration_config_id
returned by the list endpoint (e.g., linear, github).
curl -X POST https://api.kindo.ai/v1/integrations/connections/linear/default \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $KINDO_API_KEY" \ -d '{ "connection_id": "conn_abc123" }'{ "integration_config_id": "linear", "connection_id": "conn_abc123"}| Code | Meaning |
|---|---|
400 | Invalid request body — connection_id is required, or connection_id does not belong to integration_id. |
403 | Forbidden — you are not authorized to use this connection. |
404 | Integration connection not found (or you do not have access to view it). |
Once set, the default flows through to tools/call resolution.
See Scoping → Default-connection resolution
for where the pin sits in the resolution chain.
RFC9728 discovery
Kindo serves an RFC 9728 Protected Resource Metadata document so MCP clients can auto-discover the bearer-token authentication mode:
GET https://api.kindo.ai/.well-known/oauth-protected-resourceGET https://api.kindo.ai/.well-known/oauth-protected-resource/v1/mcp
Both return the same document, with the second path provided for clients that follow RFC9728’s path-scoped lookup rule. The body confirms bearer-header mode:
{ "resource": "https://api.kindo.ai/v1/mcp", "bearer_methods_supported": ["header"], "authorization_servers": ["https://api.kindo.ai/oauth"]}authorization_servers is a forward-compatibility placeholder.
Kindo does not currently run a hosted OAuth 2.1 authorization
server — use static bearer tokens today.