Secani MCP
Connect AI clients to Secani's authenticated Model Context Protocol server.
Secani MCP lets an approved AI client work with Secani through the Model Context Protocol. The server is designed for authenticated compliance workflows, with explicit human approval for changes.
What Secani MCP Provides
Secani MCP is a remote MCP server for Secani users. It uses Streamable HTTP and OAuth 2.0 bearer authentication through WorkOS.
The production endpoint is:
https://mcp.secani.com/mcpThe server currently exposes two focused tools:
connection_checkverifies that the client authenticated successfully and can invoke a tool.human_approval_number_testproposes an integer, asks for human approval, and stores the approved value in the Settings dialog test field.
Connection Details
| Setting | Value |
|---|---|
| Transport | Streamable HTTP |
| MCP server URL | https://mcp.secani.com/mcp |
| Protected-resource metadata | https://mcp.secani.com/.well-known/oauth-protected-resource/mcp |
| Authentication | OAuth 2.0 bearer token |
| Required scope | openid |
| Bearer transport | Authorization header |
The protected-resource metadata endpoint tells your MCP client which WorkOS authorization server to use. Configure the server URL in your client, then complete the OAuth flow in the client when prompted.
Connect an MCP Client
Generic remote MCP configuration
For clients that accept a remote MCP server definition, add:
{
"mcpServers": {
"secani": {
"url": "https://mcp.secani.com/mcp"
}
}
}The exact configuration file and OAuth UI depend on your client. Use the name Secani or secani, make sure the URL is exactly https://mcp.secani.com/mcp, and approve the WorkOS sign-in request.
Claude Code
Add Secani as a remote HTTP MCP server:
claude mcp add --transport http secani https://mcp.secani.com/mcpStart Claude Code and open its MCP management flow to authorize the connection. The browser sign-in is part of OAuth; do not paste a bearer token into your project configuration.
Codex CLI
Add the server with the HTTP URL:
codex mcp add secani --url https://mcp.secani.com/mcpWhen Codex detects OAuth support, follow the browser authorization flow and return to the CLI.
Cursor
Add the server to your MCP configuration:
{
"mcpServers": {
"secani": {
"url": "https://mcp.secani.com/mcp"
}
}
}Start the server from Cursor's MCP panel. Cursor should ask you to authenticate before protected tools are available.
ChatGPT custom connector
If your ChatGPT workspace supports custom remote MCP connectors:
- Enable Developer mode in the connector settings.
- Create a custom connector named
Secani. - Set the MCP server URL to
https://mcp.secani.com/mcp. - Select OAuth authentication.
- Complete the WorkOS authorization flow.
Availability and menu names depend on your ChatGPT plan and workspace configuration.
Available Tools
connection_check
Use this read-only tool to verify the connection after OAuth authorization.
Input:
{
"echo": "optional diagnostic text"
}The response confirms the authenticated Secani user and MCP client identity. It is useful as the first call after connecting a new client.
human_approval_number_test
Use this tool to test a complete human-in-the-loop workflow. It proposes an integer and asks the user to accept, decline, or cancel the change.
Input:
{
"value": 42,
"fieldLabel": "MCP-Testwert"
}After approval, Secani stores the value in the Settings dialog test field. If the client cannot display MCP form elicitation, the requested value is treated as approved by the server's compatibility fallback. The tool still requires an authenticated Secani user and a configured test secret.
Recommended Workflow
- Add
https://mcp.secani.com/mcpto your client. - Complete OAuth authorization with the WorkOS account that should access Secani.
- Run
connection_checkwith a short echo value. - Review the available tools and their descriptions.
- For
human_approval_number_test, review the proposed value and approve it only when the change is intentional.
Troubleshooting
The client reports 401 Unauthorized
The server requires a valid OAuth bearer token for MCP requests. Re-open the client's MCP authorization flow and confirm that the account has completed WorkOS sign-in. Do not replace the MCP URL with the OAuth issuer URL.
OAuth discovery fails
Verify that the client is using the production endpoint and can reach:
https://mcp.secani.com/.well-known/oauth-protected-resource/mcpThe metadata response points the client to the correct authorization server and declares the required openid scope.
The approval prompt does not appear
The client may not support MCP form elicitation. Update the client if possible. Secani has a compatibility fallback for this test tool, but you should still review the proposed value before allowing the call to continue.
The endpoint opens as a web page
The MCP endpoint is a machine-to-machine transport, not a human-facing dashboard. Use an MCP client and the OAuth flow rather than a normal browser session. Human-readable MCP information is available at secani.com/docs/mcp.
Security Guidance
- Verify the hostname before authorizing:
mcp.secani.comis the official Secani MCP host. - Use OAuth through your MCP client; never commit or paste bearer tokens into source files, prompts, or issue trackers.
- Review the client name, requested account, and scope before approving access.
- Treat
human_approval_number_testas a mutating tool even though it only changes the dedicated Settings dialog test field. - Keep human confirmation enabled for workflows that can make changes.
- Only connect MCP clients and extensions you trust. An authorized client can send requests as the connected Secani user.