Authentication
How authentication works for the public and private MCP endpoints.
Public MCP Endpoint
The public MCP endpoint requires no authentication. Any MCP-compatible client can connect without API keys, tokens, or credentials.
| Endpoint | https://mcp.chatcast.io/mcp/public/server/{storePublicId}/mcp |
| Authentication | None |
| Transport | Streamable HTTP (HTTP+SSE) |
| Rate Limit | 100 requests/minute per IP per store |
Write Operations
While the endpoint requires no authentication, some tools create database records:
| Tool | What It Creates |
|---|---|
register_agent | An agent registration record, scoped to the store. Idempotent — calling with the same name returns the existing registration. |
get_my_discount_code | A discount code synced to the store's Shopify account. Idempotent — requesting again returns the same code. |
Intentionally open
These operations are intentionally unauthenticated to enable frictionless agent onboarding. The "zero authentication" description refers to the connection itself. By calling register_agent, the agent accepts the Agent Terms of Service.
Private MCP Endpoint
ChatCast also provides an authenticated MCP endpoint for store owners to power their own chatbots and widgets.
| Endpoint | https://mcp.chatcast.io/mcp |
| Authentication | Bearer token (API key with prefix cmcp_) |
| Tools | Different tool set (cart operations, deeper product intelligence, answer_product_question) |
Not documented here
The private endpoint has a different tool set and audience. It is not covered in this documentation. Store owners can manage API keys from the brand console.
Connection Example
No headers or authorization setup needed. Simply point your MCP client to the endpoint URL:
{
"mcpServers": {
"chatcast-store": {
"type": "url",
"url": "https://mcp.chatcast.io/mcp/public/server/{storePublicId}/mcp"
}
}
}For detailed setup instructions for different MCP clients, see the Quick Start guide.