The Tesser MCP server exposes every public API endpoint as a tool that AI agents can discover and invoke. It uses Streamable HTTP transport at:
Code
Authentication uses the same Auth0 credentials as the REST API, in one of two ways:
- OAuth discovery (recommended) — the server advertises OAuth metadata, so clients that support the MCP authorization spec (e.g. Cursor) run the OAuth flow and refresh tokens for you. See OAuth discovery.
- Manual bearer token — a fallback for clients without OAuth discovery (e.g. Claude Code today). You fetch a token and set it as a header. See Manual token.
OAuth discovery
The MCP endpoint serves RFC 9728 metadata at /.well-known/oauth-protected-resource, pointing clients at our Auth0 server. A 401 also returns a WWW-Authenticate: resource_metadata hint, so a compliant client discovers everything with no extra config.
Cursor — .cursor/mcp.json
Code
Cursor runs the OAuth flow on first use and refreshes tokens automatically.
Manual token
For clients without OAuth discovery, fetch a token and pass it as a header. Set it in the shell before launching your IDE:
Code
Claude Code — .claude/settings.local.json
Code
Run /mcp in Claude Code to reload.
Cursor — .cursor/mcp.json
Code
Restart Cursor. (Prefer OAuth discovery, which refreshes tokens for you.)
Windsurf — .windsurf/mcp.json
Code
Restart Windsurf.
Token refresh
Manual tokens expire after ~24h; calls then fail with 401. Re-run the export above and restart your IDE (or /mcp in Claude Code). See Manual MCP Setup for details, or use OAuth discovery to avoid refreshing.