MCP server

Blobify exposes a Model Context Protocol server for AI hosts that support Streamable HTTP. The server provides typed tools for discovery, content authoring, assets, publishing, schemas, generated clients, locales, archives, and webhooks.

Endpoint and transport

httpcode
POST https://api.blobify.io/v1/mcp
Authorization: Bearer YOUR_TOKEN
Content-Type: application/json

The endpoint is stateless. Each request creates a fresh MCP server and returns plain JSON. It does not use SSE or resumable sessions.

The same URL serves every organization. A manual API key grants one organization. An OAuth token can grant one or several organizations. Call listOrgs at the start of a session, and pass orgId on targeted calls when the token covers more than one organization.

Choose OAuth or an API key

Claude and ChatGPT can connect through Blobify's OAuth 2.1 flow. Add https://api.blobify.io/v1/mcp as a custom connector, sign in to Blobify, choose the organizations to share, and approve access. The connector receives a scoped token without asking you to paste a long-lived API key.

Use a manual API key for automation hosts that accept a bearer header, including Codex, Cursor, Zed, scripts, and local MCP bridges. Create the key in Settings > Developer > API Keys, assign the least privileged role, and restrict it to the required spaces.

OAuth-issued access follows the user's current organization membership. Manual keys use the role and spaces assigned when the key is created. Both can be revoked from Blobify.

Connect with a bearer header

For a client that accepts remote Streamable HTTP directly, configure this URL and header:

jsoncode
{
  "url": "https://api.blobify.io/v1/mcp",
  "headers": {
    "Authorization": "Bearer YOUR_API_KEY"
  }
}

Claude Desktop installations that need a stdio bridge can use mcp-remote:

jsoncode
{
  "mcpServers": {
    "blobify": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://api.blobify.io/v1/mcp",
        "--header",
        "Authorization: Bearer YOUR_API_KEY"
      ]
    }
  }
}

Do not expose a manual API key in browser JavaScript. MCP clients send requests from their native application or hosted connector infrastructure.

Tool catalog

The current registry contains 44 tools. The names below match src/mcp/tools.registry.ts exactly.

Discovery and reads

ToolPurpose
listOrgsList granted organizations with the live role and space scope
getReadContextRead bucket, locale, space, model, block, and path-template context
getModelSchemaRead one full model schema
getBlockSchemaRead one full block schema
getWriteContextGet stored field shapes and a model-specific write skeleton
listFieldTypesList supported field types and capabilities
listLocalesList configured locales and the default locale
findContentList or search summary-backed content
getContentRead one draft or published content document
findAssetsSearch asset-catalog entries

Drafts, imports, and assets

ToolPurpose
createDraftCreate a draft
saveDraftReplace a draft's fields
patchFieldsApply RFC 6902 operations to the fields object
appendBlockAppend a block and generate its instance ID
setRichtextConvert markdown to the rich-text AST and save the field
bulkImportSave up to 100 inline items with per-item results
requestImportUploadCreate a presigned upload for an NDJSON import payload
bulkImportFromUploadImport a previously uploaded NDJSON payload
requestAssetUploadCreate one presigned asset upload
confirmAssetUploadConfirm one uploaded asset and update the catalog
requestAssetUploadsCreate up to 100 presigned asset uploads
confirmAssetUploadsConfirm up to 100 uploaded assets in one batch

Asset bytes go directly from the host to the presigned bucket URL. Upload the original file, then confirm it. Blobify stores originals and leaves resizing and cropping to delivery helpers.

Validation and lifecycle

ToolPurpose
validateContentValidate candidate fields before a write
canPublishCheck a saved draft against publish-time requirements and uniqueness
publishPublish selected locales
bulkPublishPublish a batch with per-item results
unpublishUnpublish selected locales or the whole entry
deleteContentArchive a live entry, or permanently delete an already archived entry
restoreContentRestore an archived entry
listArchivedSearch archived entries for a model

Deletion is archive-first. Use restoreContent to recover the first delete. Permanent deletion is the second delete of an archived entry.

Schemas, locales, and code generation

ToolPurpose
upsertModelCreate or replace a model schema
deleteModelDelete an unused model schema
upsertBlockCreate or replace a block schema
deleteBlockDelete an unused block schema
importSchemasValidate and apply a model and block bundle
rebuildModelIndexesQueue summary, field-index, or list-index rebuilds for a model
addLocaleAdd a locale and optionally make it the default
generateClientGenerate the current TypeScript types, helpers, and bucket client

Schema writes and rebuilds require developer or admin. Destructive schema operations and locale changes can require admin. Regenerate the client after any model or block schema change.

Webhooks

ToolPurpose
getWebhookSpecReturn headers, signature rules, payload shape, events, retry policy, and verifier example
listWebhooksList webhook configurations with masked secrets
createWebhookCreate a webhook and return its secret once
updateWebhookChange a webhook URL, events, or enabled state
testWebhookSend a synchronous test delivery
deleteWebhookRemove a webhook configuration

Call getWebhookSpec before implementing a receiver. Blobify includes resolved urls and revalidationTags in lifecycle payloads, retries a failed delivery once, and stores only the latest delivery result. It does not maintain a retry queue.

A safe authoring workflow

  1. Call listOrgs, then getReadContext.
  2. Read the relevant model or block schema.
  3. Find and read the target content before changing it.
  4. Prefer patchFields for a small edit and saveDraft for an intentional full replacement.
  5. Call canPublish before publishing.
  6. Publish only when the user's request clearly includes publishing.

For a block append, the tool input separates the block type from its field values:

jsoncode
{
  "model": "page",
  "id": "page_1",
  "blocksField": "sections",
  "block": {
    "type": "hero-block",
    "fields": {
      "heading": { "en": "Welcome" }
    }
  }
}

appendBlock supplies the block instance ID. Before calling it, read both the model and block schemas so the chosen block is allowed and its required fields are present.

Reads for applications

MCP read tools are useful while an AI host is authoring content. Production websites should use generateClient and read published JSON directly from the bucket. The generated client follows summary manifests, content prefixes, asset resolution, references, and list-index v2 pages.

Troubleshooting

A client tries to parse SSE

Choose Streamable HTTP and expect an application/json response. Blobify does not return an SSE stream.

resources/list returns method not found

Blobify exposes MCP tools, not MCP resources. Use tools/list.

A call returns 401

The token is missing, malformed, expired, or revoked.

A call returns 403

The current role does not permit that tool, the target space is outside the token's scope, or an OAuth user's live membership no longer grants access.

The host cannot fetch a presigned or bucket URL

Use findContent, getContent, and findAssets for normal authoring reads. Asset and import uploads still require the host to perform an HTTP PUT to the presigned URL.