Endpoints
| Method | Path | Purpose |
|---|---|---|
POST | /integrations | Create integration |
GET | /integrations | List integrations |
GET | /integrations/:id | Get integration |
PATCH | /integrations/:id | Update integration |
DELETE | /integrations/:id | Archive integration |
POST | /integrations/:id/validate | Validate connectivity |
GET | /integrations/:id/oauth | Get OAuth config |
PUT | /integrations/:id/oauth | Replace OAuth config |
DELETE | /integrations/:id/oauth | Remove OAuth config |
POST | /integrations/:id/connection | Add user token |
GET | /integrations/:id/connection | Get connection status |
DELETE | /integrations/:id/connection | Revoke connection |
id path params are UUIDs.
Create integration
Request body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Display name |
url | string | Yes | MCP endpoint URL of the integration |
category | string | No | "gateway_remote_mcp" (default) or "internal_mcp_credentials" |
authMode | string | No | "oauth", "user_token", "server_token", or "none" (default) |
oauth | object | No | OAuth configuration. Fields: provider?, issuer?, scopes? |
capabilities | object | No | Declared capabilities: { tools?, resources?, prompts? } |
credentialSchema | object | No | Schema for user-provided credentials |
serverToken | string | Conditional | Required when authMode is "server_token" |
Categories
gateway_remote_mcp— A remote MCP integration accessed through the Kontext gateway. Kontext proxies requests and handles auth.internal_mcp_credentials— A credential-only integration. Kontext stores and brokers credentials but does not proxy MCP traffic.
Auth modes
| Mode | Description |
|---|---|
oauth | Users authenticate via OAuth. Kontext manages the token lifecycle. |
user_token | Users provide a personal access token or API key manually. |
server_token | A single shared token configured at the organization level. |
none | No authentication required. |
List integrations
limit, cursor, and optional name substring filter.
Get integration
Response fields
Response shape:{ "integration": { ... } }
| Field | Type | Description |
|---|---|---|
id | string | Integration ID |
name | string | Display name |
url | string | Base URL |
category | string | "gateway_remote_mcp" or "internal_mcp_credentials" |
authMode | string | Authentication mode |
oauth | object? | OAuth configuration (if applicable) |
capabilities | object? | Declared capabilities |
credentialSchema | object? | Schema for user credentials |
serverTokenConfigured | boolean | Whether a server token is set |
validationStatus | string | Last validation result ("pending", "valid", "invalid") |
validationMessage | string? | Human-readable validation message |
lastValidatedAt | string? | ISO 8601 timestamp of last validation |
userConnection | object? | Current user’s connection status |
createdAt | string | ISO 8601 timestamp |
updatedAt | string | ISO 8601 timestamp |
Update integration
Archive integration
Validate connectivity
validationStatus, validationMessage, and lastValidatedAt fields on the integration.
Get OAuth config
authMode is "oauth".
Response fields
Response shape:{ "oauth": { ... } }
| Field | Type | Description |
|---|---|---|
provider | string | OAuth provider identifier |
issuer | string | Token issuer URL |
scopes | string[] | Requested OAuth scopes |
Replace OAuth config
Remove OAuth config
authMode before removing OAuth, or the integration will have no auth.
Add user token
authMode is "user_token".
Get connection status
Response fields
Response shape:{ "connection": { ... } }
| Field | Type | Description |
|---|---|---|
connected | boolean | Whether a credential is stored |
status | string | "connected" or "disconnected" |
expiresAt | string? | ISO 8601 expiry timestamp |
displayName | string? | Display name from the provider |
Revoke connection
The OAuth config, connection, and revoke endpoints are REST-only. Use the Management SDK for the core CRUD operations (create, list, get, update, archive, validate).