MCP documentation

SynthBoard MCP help center

Connect Claude Desktop, Cursor, ChatGPT, or any MCP-compatible client to a full SynthBoard account. Everything you need, in one place.

Create an API key Jump to quick start

Quick start

From zero to your first session in 4 steps.

1
Create an API key
Go to Settings → API Keys and click Create MCP key. The key is shown exactly once — copy it somewhere safe.
2
Paste into your client config
Pick your client below. Each has a dedicated config file — paste the snippet and replace sb_live_... with your real key.
3
Restart the client
Quit fully and reopen. The SynthBoard tools + prompts should appear in the client's tool menu.
4
Try a prompt
Type /synthboard-boardroom in the client and ask a real strategic question. Watch five synths debate and synthesize a recommendation.

Client setup

All 6 supported clients. Click a tab to switch.

~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "synthboard": {
      "url": "https://synthboard.ai/api/mcp",
      "headers": { "Authorization": "Bearer sb_live_..." }
    }
  }
}

💡 Quit and reopen Claude Desktop after editing. The file may not exist yet — create it.

Your first session

What to expect the first time you run a SynthBoard session from an MCP client.

Ask a real strategic question — something you'd use a team of advisors for. The client calls synthboard.session.start with a mode matched to your question and a set of synths picked to cover it.

What a tool call looks like

// Claude fires this automatically when you ask:
// "Should we build X or Y next quarter?"

{
  "name": "synthboard.session.start",
  "arguments": {
    "question": "Should we build X or Y next quarter?",
    "mode": "decision",
    "synth_count": 5,
    "rounds": 2
  }
}

What you'll see

Within 2s: session_id, task_id, and a link to watch live on synthboard.ai.
Progress narration: "Round 1/2: 3 of 5 synths complete…"
On completion: full synthesis with recommendation, rationale, counter-arguments, action plan.

💡 Tip

Use the slash commands — they pre-configure mode, synth count, and synthesis strategy for you. See the full list below.

Plan-before-start

The product rule: no surprise sessions. Sessions must be explicitly configured or previewed first.

Sessions can't auto-start from a bare question. That protects users and their credit balance from runaway agent loops. You have two paths:

Path A — preview, then start

Call synthboard.session.plan with the question (optional mode / synth_count / rounds).
Receive a plan_id valid for 15 min + a full proposal (synths picked, mode, strategy, estimated credits).
Show it to the user in whatever client invoked the tool.
If approved → call synthboard.session.start({plan_id}). Plan is consumed; replay is blocked.

Best path for interactive clients (Claude Desktop, ChatGPT). Users see what they're about to spend before committing.

Path B — fully explicit start

Call synthboard.session.start with all of: synth_ids (≥2), mode, rounds, llm_model. The server treats an explicit, fully-specified call as consent. Best for automation (n8n, cron, scripts) where you've already decided the setup up front.

Bare calls (question only, no plan_id and no explicit setup) return validation_error with actionable guidance.

Pricing & billing

MCP uses the same credit system as the web UI. Tier controls capacity.

Tier	Concurrent	Max synths	Web / vision	Max rounds
Free	1	3	—	1
ProPopular	3	5	✓	5
Max	10	8	✓	5
Ultra	25	12	✓	5

Every paid tier gets the full feature surface — no lockouts. Credits self-price richness.

What does a typical session cost?

4 synths + 1 round on GPT-4o ≈ 60–90 credits. 5 synths + 2 rounds with Opus ≈ 180–260. The session.start response includes a pre-flight estimated_credits field.

Can I cap daily spend per key?

Yes. Set a daily credit cap on any key. Resets daily (UTC). Hitting the cap blocks further sessions on that key for 24h — clean guard against runaway agent loops.

Failed session — do I get refunded?

Credits charged for completed work are retained. Anything unconsumed is either not charged or refunded. Every charge + refund shows up in your credit history.

Does MCP cost more than the web UI?

No. Same per-credit cost. Same charges. MCP just gives programmatic access to the same engine.

Rate limits & concurrency

Operational caps protect against abuse. Every paid tier gets the full feature surface.

Rate limits are per-user (or per-OAuth-client). Concurrent-session caps are atomically enforced via a database lock — there's no way to race past them.

Tool / limit	Free	Pro	Max	Ultra
Concurrent sessions	1	3	10	25
session.start / hour	5	30	100	500
session.continue / min	5	20	40	100
synth.chat / min	5	20	40	100
assistant.ask / min	5	20	40	100
catalog.search / min	30	60	120	240

Hit a limit? The error response tells you exactly which cap and when you can retry (retry_after_s). Watch your live headroom on the usage dashboard.

Security

Built for production from day one.

Keys hashed, never stored

Your API key is shown exactly once, then hashed. Revoke or rotate anytime — it takes effect instantly.

IP allowlist (optional)

Lock any key to the IPs you trust. Calls from anywhere else are rejected before they reach a tool.

OAuth for web clients

Claude.ai, ChatGPT and other browser-based clients authenticate through modern, short-lived OAuth tokens.

Outbound request guard

Webhooks can't reach internal networks. Only public HTTPS endpoints are allowed.

Prompt-injection defense

Tool inputs are sandboxed before they ever reach a model, with layered guards on top.

12-month audit log

Every call logged with caller, tool, session, and cost. Exportable. Immutable.

Key management

Stay out of trouble.

One key per client. Separate keys for Claude Desktop, Cursor, and automation scripts — revocation stays surgical.
Rotate quarterly. Click Rotate on a key to create a replacement with the same scopes. Old key works for 24 hours while you update clients.
Set a cap for automation. For n8n, Zapier, cron, anywhere you can't watch — a daily credit cap prevents runaway loops.
Never commit keys. Keep them out of git. If exposed, revoke instantly — it takes effect in real time.
Scope down. A read-only automation doesn't need session:write. Create keys with just the scopes you need.

OAuth 2.1 (for web clients)

How Claude.ai web, ChatGPT apps, and other browser-embedded clients authenticate.

Most MCP clients (Claude Desktop, Cursor, Windsurf, Zed, scripts) authenticate with a Bearer API key — simplest, fastest. Browser-based clients like Claude.ai web don't accept raw keys; they use OAuth 2.1 for user-mediated consent. SynthBoard exposes a native, spec-compliant Authorization Server at the standard discovery endpoints.

Discovery metadata

GET /.well-known/oauth-authorization-server — RFC 8414 AS metadata
GET /.well-known/oauth-protected-resource — RFC 9728 protected-resource metadata
GET /.well-known/jwks.json — public JWKS for token verification

Flow

Dynamic client registration (RFC 7591): POST /api/oauth/register with your client metadata. https-only redirect URIs required.
Authorize: send user to /api/oauth/authorize with response_type=code, code_challenge (S256), resource (your MCP URL), scopes.
Consent page: user sees plain-English scope descriptions and approves. CSRF-protected.
Token exchange: POST /api/oauth/token with the code + PKCE verifier. Receive a 10-minute access token and 7-day rotating refresh token.
Use on /api/mcp — JWT in Authorization: Bearer. Server validates signature, audience (aud must match resource URL, RFC 8707), expiry, and revocation status on every call.
Refresh: rotate the refresh token before the access expires. Reused old refreshes trigger grant-chain revocation.

What this gives you

Short-lived tokens · Strict redirect allowlist · Tokens bound to this server (never replayable elsewhere) · Reused refresh tokens trigger full revocation · Consent pages hardened against clickjacking and CSRF.

Webhooks

Get server-side callbacks when long-running sessions complete.

MCP sessions take 30 seconds to 5 minutes. Instead of polling, have SynthBoard notify your server the moment a task flips to complete, failed, or cancelled. Zero extra charge, zero polling cost.

Setup

Create an API key. In the key form, set Webhook URL (https-only).
On key creation you're shown a webhook signing secret once. Copy and store it.
Any session started with that key fires a POST to your URL on completion.
Retry policy: exponential backoff at 1m, 5m, 15m, 60m, 240m (5 attempts). Non-2xx = retry.

Request headers

X-Mcp-Signature: sha256=<hex> — HMAC-SHA256 of the raw body with your secret
X-Mcp-Timestamp — RFC 3339 timestamp; reject events > 5 min old
X-Mcp-Delivery-Id — idempotency key; dedupe by this

Payload shape

session.complete webhook

{
  "event_type": "session.complete",
  "task_id": "task_01HG...",
  "session_id": "sess_01HG...",
  "user_id": "5272...",
  "status": "complete",
  "credits_charged": 172,
  "credits_refunded": 13,
  "correlation_id": "cor_01HG...",
  "timestamp": "2026-04-19T14:32:15Z",
  "synthesis": {
    "narrative_markdown": "Both synths converged on...",
    "strategy": "consensus",
    "model_used": "claude-sonnet-4-6",
    "structured_data": { ... }
  }
}

Verification (Node.js)

Verify incoming webhook signature

import { createHmac, timingSafeEqual } from "node:crypto";

function verifyMcpWebhook(
  rawBody: string,
  signatureHeader: string,
  secret: string
): boolean {
  const expected = "sha256=" +
    createHmac("sha256", secret).update(rawBody).digest("hex");
  const a = Buffer.from(signatureHeader);
  const b = Buffer.from(expected);
  if (a.length !== b.length) return false;
  return timingSafeEqual(a, b);
}

Test tip

Use webhook.sitefor a zero-setup inbox. Paste the URL into your key's webhook field, run a session, watch the POST arrive.

Tools, resources, prompts

The complete MCP surface.

15 Tools

synthboard.session.startLaunch a new session
synthboard.session.getFetch state (optional wait)
synthboard.session.continueAdd a follow-up round
synthboard.session.updateAdd/remove synths, change mode, tune DNA
synthboard.session.cancelCancel + archive
synthboard.session.forkClone with altered context
synthboard.session.shareCreate share link
synthboard.session.outcomesAction plan / report / memo
synthboard.session.live_summaryLive consensus snapshot
synthboard.session.cross_roundCross-round trend summary
synthboard.synth.chat1-on-1 with a specific synth
synthboard.assistant.askAsk the Session Assistant
synthboard.bookmark.createSave a moment
synthboard.decision.captureRecord a formal decision
synthboard.catalog.searchBrowse synths/modes/templates

13 Resources

synthboard://session/{id}Full session
…/synthesisSynthesis blocks
…/outcomesDecisions + action plan
…/transcriptAgent transcript
…/bookmarksSaved moments
…/citationsWeb search citations
…/canvasCanvas state
synthboard://synth/{id}Synth profile
synthboard://catalog/synthsFull library
synthboard://catalog/modes10 session modes
synthboard://catalog/templatesDecision templates
synthboard://catalog/synthesis_strategies5 strategies
synthboard://recentYour recent sessions
synthboard://accountCredits + tier + stats

10 Slash-prompts

/synthboard-boardroom/synthboard-debate/synthboard-stress-test/synthboard-quick-take/synthboard-deep-dive/synthboard-decision/synthboard-war-room/synthboard-forecast/synthboard-research/synthboard-brainstorm

Resource URI reference

Deep-linkable, cacheable, subscribable read surfaces.

MCP Resources are the "GET" side of SynthBoard. Subscribe to one and your client receives notifications/resources/updated events as the underlying data changes — ideal for live session tracking.

URI	Returns	Subscribable
synthboard://session/{id}	Full session: rounds, threads, claims, current synthesis, canvas state, credits charged.	Yes
synthboard://session/{id}/synthesis	Synthesis blocks only. Narrative markdown + structured data.	Yes
synthboard://session/{id}/outcomes	Captured decisions + action plan + intelligence hub data.	Yes
synthboard://session/{id}/transcript	Complete agent message transcript in readable format.	Yes
synthboard://session/{id}/bookmarks	User-saved favorite moments with notes.	Yes
synthboard://session/{id}/citations	Web search citations used by agents.	No
synthboard://session/{id}/canvas	Canvas node positions + zoom + layout state.	Yes
synthboard://synth/{id}	Synth profile: name, role, DNA, OCEAN personality, bio.	No
synthboard://catalog/synths	Full tier-filtered synth library with category + tags.	No
synthboard://catalog/modes	All 10 session modes with recommended synth counts + rounds.	No
synthboard://catalog/templates	Decision templates (hiring, pricing, GTM, etc.).	No
synthboard://catalog/synthesis_strategies	5 synthesis strategies with best-for guidance.	No
synthboard://recent	Your 20 most recent sessions with status + credits.	Yes
synthboard://account	Credit balance, tier, lifetime stats, rate-limit headroom.	Yes

All session-scoped resources enforce ownership — cross-tenant reads return not_found, never a leak. Catalog resources are public read-only.

Troubleshooting

Client says 'connection refused'

URL: https://synthboard.ai/api/mcp
Confirm the Authorization header includes the full key including the sb_live_ prefix.
Quit + relaunch the client. Config is read at startup.
Hit /api/mcp/health — should return { "ok": true }.

concurrent_session_limit error

Your tier allows N parallel sessions. Wait or call synthboard.session.cancel. Tier limits appear in the error details.

insufficient_credits

Check your balance on the usage dashboard. Error includes exact shortfall.

Session stuck 'running' forever

Current builds auto-refund stuck tasks. Cancel via synthboard.session.cancel; credits charged up to that point are retained.

401 Unauthorized

Key was likely revoked, rotated past grace, or expired. Visit Settings → API Keys.

Claude.ai web isn't discovering OAuth

Use the full URL https://synthboard.ai/api/mcp — the /api/mcp suffix is required for metadata discovery.

Error code reference

Code	Meaning	Fix
invalid_credentials	Key invalid / expired / revoked	Create a new key
ip_not_allowed	Request IP not in key's allowlist	Remove allowlist or add IP
scope_missing	Key lacks required scope	Create key with scope
rate_limited	Too many calls for tier	Wait retry_after_s seconds
concurrent_session_limit	Max parallel sessions hit	Wait or cancel one
insufficient_credits	Balance below estimate	Top up
daily_spend_cap_exceeded	Key cap reached	Wait 24h or raise cap
ssrf_blocked	URL pointed to private host	Use a public URL
invalid_synth	Synth ID not in library	Check catalog/synths
not_found	Session doesn't exist or not yours	Verify the ID
validation_error	Tool arg failed schema	Check error details for field

Still stuck?

Every error response includes a correlation_id. Include it in any support request and we can trace the full call in our audit log.

Create an API key View your usage

// Claude fires this automatically when you ask: // "Should we build X or Y next quarter?" { "name": "synthboard.session.start", "arguments": { "question": "Should we build X or Y next quarter?", "mode": "decision", "synth_count": 5, "rounds": 2 } }

Tier

Concurrent

Max synths

Web / vision

Max rounds

Free

—

ProPopular

✓

Max

✓

Ultra

✓

Tool / limit

Free

Pro

Max

Ultra

Concurrent sessions

session.start / hour

100

500

session.continue / min

100

synth.chat / min

100

assistant.ask / min

100

catalog.search / min

120

240

{ "event_type": "session.complete", "task_id": "task_01HG...", "session_id": "sess_01HG...", "user_id": "5272...", "status": "complete", "credits_charged": 172, "credits_refunded": 13, "correlation_id": "cor_01HG...", "timestamp": "2026-04-19T14:32:15Z", "synthesis": { "narrative_markdown": "Both synths converged on...", "strategy": "consensus", "model_used": "claude-sonnet-4-6", "structured_data": { ... } } }

import { createHmac, timingSafeEqual } from "node:crypto"; function verifyMcpWebhook( rawBody: string, signatureHeader: string, secret: string ): boolean { const expected = "sha256=" + createHmac("sha256", secret).update(rawBody).digest("hex"); const a = Buffer.from(signatureHeader); const b = Buffer.from(expected); if (a.length !== b.length) return false; return timingSafeEqual(a, b); }

URI

Returns

Subscribable

synthboard://session/{id}

Full session: rounds, threads, claims, current synthesis, canvas state, credits charged.

Yes

synthboard://session/{id}/synthesis

Synthesis blocks only. Narrative markdown + structured data.

Yes

synthboard://session/{id}/outcomes

Captured decisions + action plan + intelligence hub data.

Yes

synthboard://session/{id}/transcript

Complete agent message transcript in readable format.

Yes

synthboard://session/{id}/bookmarks

User-saved favorite moments with notes.

Yes

synthboard://session/{id}/citations

Web search citations used by agents.

synthboard://session/{id}/canvas

Canvas node positions + zoom + layout state.

Yes

synthboard://synth/{id}

Synth profile: name, role, DNA, OCEAN personality, bio.

synthboard://catalog/synths

Full tier-filtered synth library with category + tags.

synthboard://catalog/modes

All 10 session modes with recommended synth counts + rounds.

synthboard://catalog/templates

Decision templates (hiring, pricing, GTM, etc.).

synthboard://catalog/synthesis_strategies

5 synthesis strategies with best-for guidance.

synthboard://recent

Your 20 most recent sessions with status + credits.

Yes

synthboard://account

Credit balance, tier, lifetime stats, rate-limit headroom.

Yes

Code

Meaning

Fix

invalid_credentials

Key invalid / expired / revoked

Create a new key

ip_not_allowed

Request IP not in key's allowlist

Remove allowlist or add IP

scope_missing

Key lacks required scope

Create key with scope

rate_limited

Too many calls for tier

Wait retry_after_s seconds

concurrent_session_limit

Max parallel sessions hit

Wait or cancel one

insufficient_credits

Balance below estimate

Top up

daily_spend_cap_exceeded

Key cap reached

Wait 24h or raise cap

ssrf_blocked

URL pointed to private host

Use a public URL

invalid_synth

Synth ID not in library

Check catalog/synths

not_found

Session doesn't exist or not yours

Verify the ID

validation_error

Tool arg failed schema

Check error details for field