Skip to main content
POST
/
v1
/
mcp
/
servers
/
{id}
/
oauth
/
callback
MCP OAuth Callback
curl --request POST \
  --url https://api.app.shinzo.ai/v1/mcp/servers/{id}/oauth/callback \
  --header 'Authorization: Bearer <token>'
{
  "message": "<string>",
  "server_id": "<string>",
  "provider": "<string>",
  "authenticated_at": "<string>"
}

Authentication

Requires JWT token or Platform API key via Authorization: Bearer <token> header.
id
string
required
MCP server UUID
code
string
required
OAuth authorization code from provider
state
string
OAuth state parameter (for CSRF protection)

Example Request

curl -X POST "https://api.app.shinzo.ai/v1/mcp/servers/abc123/oauth/callback?code=AUTH_CODE_HERE&state=STATE_HERE" \
  -H "Authorization: Bearer <token>"

Example Response

{
  "message": "OAuth authentication successful",
  "server_id": "abc123",
  "provider": "google",
  "authenticated_at": "2026-02-24T15:00:00Z"
}
Internal Use: This endpoint is typically called automatically as part of the OAuth redirect flow initiated by OAuth Authorize. You rarely need to call it directly.

OAuth Flow

This endpoint is step 4 in the OAuth flow:
  1. User calls /mcp/servers/{id}/oauth/authorize
  2. OAuth provider shows authorization page
  3. User grants permissions
  4. Provider redirects here with authorization code ← This endpoint
  5. Backend exchanges code for access token
  6. MCP server configured with credentials

Response Fields

message
string
required
Success message
server_id
string
required
UUID of the MCP server that was authenticated
provider
string
required
OAuth provider name (e.g., "google", "github", "slack")
authenticated_at
string
required
ISO 8601 timestamp of when authentication completed

Status Codes

CodeDescription
200OAuth authentication successful
400Invalid or expired authorization code
401Unauthorized - invalid or missing authentication
404MCP server not found