MCP server
Blobify exposes a Model Context Protocol server for AI hosts that support Streamable HTTP. The server provides typed tools for discovery, content authoring, assets, publishing, schemas, generated clients, locales, archives, and webhooks.
Endpoint and transport
POST https://api.blobify.io/v1/mcp
Authorization: Bearer YOUR_TOKEN
Content-Type: application/jsonThe endpoint is stateless. Each request creates a fresh MCP server and returns plain JSON. It does not use SSE or resumable sessions.
The same URL serves every organization. A manual API key grants one organization. An OAuth token can grant one or several organizations. Call listOrgs at the start of a session, and pass orgId on targeted calls when the token covers more than one organization.
Choose OAuth or an API key
Claude and ChatGPT can connect through Blobify's OAuth 2.1 flow. Add https://api.blobify.io/v1/mcp as a custom connector, sign in to Blobify, choose the organizations to share, and approve access. The connector receives a scoped token without asking you to paste a long-lived API key.
Use a manual API key for automation hosts that accept a bearer header, including Codex, Cursor, Zed, scripts, and local MCP bridges. Create the key in Settings > Developer > API Keys, assign the least privileged role, and restrict it to the required spaces.
OAuth-issued access follows the user's current organization membership. Manual keys use the role and spaces assigned when the key is created. Both can be revoked from Blobify.
Connect with a bearer header
For a client that accepts remote Streamable HTTP directly, configure this URL and header:
{
"url": "https://api.blobify.io/v1/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}Claude Desktop installations that need a stdio bridge can use mcp-remote:
{
"mcpServers": {
"blobify": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://api.blobify.io/v1/mcp",
"--header",
"Authorization: Bearer YOUR_API_KEY"
]
}
}
}Do not expose a manual API key in browser JavaScript. MCP clients send requests from their native application or hosted connector infrastructure.
Tool catalog
The current registry contains 44 tools. The names below match src/mcp/tools.registry.ts exactly.
Discovery and reads
| Tool | Purpose |
|---|---|
listOrgs | List granted organizations with the live role and space scope |
getReadContext | Read bucket, locale, space, model, block, and path-template context |
getModelSchema | Read one full model schema |
getBlockSchema | Read one full block schema |
getWriteContext | Get stored field shapes and a model-specific write skeleton |
listFieldTypes | List supported field types and capabilities |
listLocales | List configured locales and the default locale |
findContent | List or search summary-backed content |
getContent | Read one draft or published content document |
findAssets | Search asset-catalog entries |
Drafts, imports, and assets
| Tool | Purpose |
|---|---|
createDraft | Create a draft |
saveDraft | Replace a draft's fields |
patchFields | Apply RFC 6902 operations to the fields object |
appendBlock | Append a block and generate its instance ID |
setRichtext | Convert markdown to the rich-text AST and save the field |
bulkImport | Save up to 100 inline items with per-item results |
requestImportUpload | Create a presigned upload for an NDJSON import payload |
bulkImportFromUpload | Import a previously uploaded NDJSON payload |
requestAssetUpload | Create one presigned asset upload |
confirmAssetUpload | Confirm one uploaded asset and update the catalog |
requestAssetUploads | Create up to 100 presigned asset uploads |
confirmAssetUploads | Confirm up to 100 uploaded assets in one batch |
Asset bytes go directly from the host to the presigned bucket URL. Upload the original file, then confirm it. Blobify stores originals and leaves resizing and cropping to delivery helpers.
Validation and lifecycle
| Tool | Purpose |
|---|---|
validateContent | Validate candidate fields before a write |
canPublish | Check a saved draft against publish-time requirements and uniqueness |
publish | Publish selected locales |
bulkPublish | Publish a batch with per-item results |
unpublish | Unpublish selected locales or the whole entry |
deleteContent | Archive a live entry, or permanently delete an already archived entry |
restoreContent | Restore an archived entry |
listArchived | Search archived entries for a model |
Deletion is archive-first. Use restoreContent to recover the first delete. Permanent deletion is the second delete of an archived entry.
Schemas, locales, and code generation
| Tool | Purpose |
|---|---|
upsertModel | Create or replace a model schema |
deleteModel | Delete an unused model schema |
upsertBlock | Create or replace a block schema |
deleteBlock | Delete an unused block schema |
importSchemas | Validate and apply a model and block bundle |
rebuildModelIndexes | Queue summary, field-index, or list-index rebuilds for a model |
addLocale | Add a locale and optionally make it the default |
generateClient | Generate the current TypeScript types, helpers, and bucket client |
Schema writes and rebuilds require developer or admin. Destructive schema operations and locale changes can require admin. Regenerate the client after any model or block schema change.
Webhooks
| Tool | Purpose |
|---|---|
getWebhookSpec | Return headers, signature rules, payload shape, events, retry policy, and verifier example |
listWebhooks | List webhook configurations with masked secrets |
createWebhook | Create a webhook and return its secret once |
updateWebhook | Change a webhook URL, events, or enabled state |
testWebhook | Send a synchronous test delivery |
deleteWebhook | Remove a webhook configuration |
Call getWebhookSpec before implementing a receiver. Blobify includes resolved urls and revalidationTags in lifecycle payloads, retries a failed delivery once, and stores only the latest delivery result. It does not maintain a retry queue.
A safe authoring workflow
- Call
listOrgs, thengetReadContext. - Read the relevant model or block schema.
- Find and read the target content before changing it.
- Prefer
patchFieldsfor a small edit andsaveDraftfor an intentional full replacement. - Call
canPublishbefore publishing. - Publish only when the user's request clearly includes publishing.
For a block append, the tool input separates the block type from its field values:
{
"model": "page",
"id": "page_1",
"blocksField": "sections",
"block": {
"type": "hero-block",
"fields": {
"heading": { "en": "Welcome" }
}
}
}appendBlock supplies the block instance ID. Before calling it, read both the model and block schemas so the chosen block is allowed and its required fields are present.
Reads for applications
MCP read tools are useful while an AI host is authoring content. Production websites should use generateClient and read published JSON directly from the bucket. The generated client follows summary manifests, content prefixes, asset resolution, references, and list-index v2 pages.
Troubleshooting
A client tries to parse SSE
Choose Streamable HTTP and expect an application/json response. Blobify does not return an SSE stream.
resources/list returns method not found
Blobify exposes MCP tools, not MCP resources. Use tools/list.
A call returns 401
The token is missing, malformed, expired, or revoked.
A call returns 403
The current role does not permit that tool, the target space is outside the token's scope, or an OAuth user's live membership no longer grants access.
The host cannot fetch a presigned or bucket URL
Use findContent, getContent, and findAssets for normal authoring reads. Asset and import uploads still require the host to perform an HTTP PUT to the presigned URL.