Prefer to use a long-lived token instead (for scripts, CI, or a client that doesn’t support OAuth
yet)? Formbricks API keys still work as a fallback — see the
MCP server technical handbook.
The MCP server URL
Point your client at your Formbricks app’s/api/mcp endpoint:
| Instance | MCP server URL |
|---|---|
| Formbricks Cloud | https://app.formbricks.com/api/mcp |
| Self-hosted | https://<your-formbricks-domain>/api/mcp |
How the connection works
You don’t need to understand the details to connect, but here’s what happens under the hood when you add the server to a client:- Discovery — the client reads the server’s OAuth metadata to find where to sign in.
- Registration — the client registers itself automatically using Dynamic Client Registration (DCR). There’s no client ID or secret for you to manage.
- Sign in & consent — your browser opens to Formbricks. You log in (if you aren’t already) and approve the requested access on a consent screen.
- Token — the client receives a short-lived access token it sends on every request, plus a refresh token so it can stay connected without asking you to sign in again.
What the agent can do
The MCP server exposes six survey tools, grouped into two scopes you approve on the consent screen:| Scope | Tools | What it allows |
|---|---|---|
surveys:read | list_surveys, get_survey, validate_survey | Read surveys and validate survey documents |
surveys:write | create_survey, patch_survey, delete_survey | Create, update, and delete surveys |
Prerequisites
- A Formbricks account with access to the workspace whose surveys you want to work with. Read-only tasks need
read; creating or editing surveys needswriteormanage. - The MCP server URL for your instance (see the table above).
- An MCP client that supports remote HTTP servers with OAuth — see the setup guides for Claude Code, the Claude apps, and Codex.
Self-hosting? The OAuth provider is built in and enabled automatically — there’s nothing extra
to turn on. It just needs your instance to be served from a correct, public HTTPS base URL
(set via
WEBAPP_URL / BETTER_AUTH_URL). The discovery metadata and browser redirects are built
from that URL, so an http://localhost or misconfigured origin will break the OAuth flow for
remote clients. See the self-hosting configuration.Next steps
Set up your MCP client
Copy-paste guides for Claude Code, the Claude apps (custom connectors), and Codex — plus how to
manage and revoke access.