2 min read
Endpoint
| Method | POST |
| Path | /partner/v1/mcp |
| Ring | partner (OAuth-gated) |
Parameters
A JSON-RPC 2.0 request body (same method set as the public server) with an Authorization: Bearer header carrying a partner access token scoped for MCP use.
Response
A single JSON-RPC 2.0 response. The tool set is the authenticated partner catalogue rather than the public read-only tools. A client discovers the auth requirements via /.well-known/oauth-protected-resource, obtains a token from the token endpoint, and calls this endpoint. See also the public MCP endpoint.
Errors
A 401 for a missing or invalid token; a 403 for a token lacking the MCP scope; JSON-RPC errors as on the public server. Rate-limited on the partner ring.
Frequently asked questions
How is this different from the public MCP endpoint?
Same protocol, different gate. The partner endpoint requires an OAuth bearer token and exposes authenticated partner tools; the public endpoint needs no token and exposes read-only published data.
What scope does my token need?
An MCP-capable scope on the partner ring — check the protected-resource metadata, which advertises the required scopes. Request only that scope, following least privilege.
Related reading

POST /public/v1/mcp
The MCP server's JSON-RPC 2.0 endpoint: one request in, one response out. Methods include initialize,…
Read →
GET /.well-known/oauth-protected-resource
The OAuth 2.0 protected-resource metadata document. Tells a client which authorization server guards a…
Read →
POST /partner/v1/oauth/token
The OAuth 2.0 token endpoint. Exchange client credentials for a short-lived bearer access token scoped to the…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.