Skip to main content

Documentation Index

Fetch the complete documentation index at: https://smithery.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

Smithery gives you a simple REST interface for connecting to MCP servers. Instead of implementing the MCP protocol directly, handling OAuth flows, and managing credentials yourself, Smithery handles all of it for you. The auth and credential layer is powered by the open-source agent.pw.

Why Smithery?

Smithery lets you add MCP server integrations to your app without managing the complexity yourself:
  • Zero OAuth configuration — No redirect URIs, client IDs, or secrets to configure. Smithery maintains OAuth apps for popular integrations.
  • Automatic token refresh — Tokens refresh automatically before expiry. If a refresh fails, the connection status changes to auth_required.
  • Secure credential storage — Credentials are encrypted and write-only. They can be used to make requests but never read back.
  • Stateless for you — Smithery manages connection lifecycle. Make requests without worrying about reconnects, keepalives, or session state.
  • Scoped service tokens — Mint short-lived tokens for browser or mobile clients to call tools directly, scoped to specific users and namespaces.

Quick Start

# 1. Log in to Smithery
smithery auth login

# 2. Connect to the Exa search server
smithery mcp add exa --id exa

# 3. List available tools
smithery tool list exa

# 4. Call a tool
smithery tool call exa search '{"query": "latest news about MCP"}'

Servers with Configuration

Some MCP servers require configuration like API keys or project IDs. How you pass each config value depends on the server’s schema — some values go as headers (typically API keys), while others go as query parameters in the MCP URL. Check the server’s page on smithery.ai to see what configuration it requires and where each value should go. 
# Add a server with config (API key as header, project ID as query param)
smithery mcp add \
  '@browserbasehq/mcp-browserbase?browserbaseProjectId=your-project-id' \
  --id my-browserbase \
  --headers '{"browserbaseApiKey": "your-browserbase-api-key"}'
Unlike OAuth-based servers that return auth_required, servers configured with API keys return connected immediately when all required fields are provided upfront. If any required fields are missing, the connection returns input_required with the config schema and missing fields — see Handling Configuration below.
Each server’s config schema specifies whether a field is passed as a header or query parameter via the x-from metadata. See Session Configuration for details on how servers declare their config transport.

Multi-User Setup

When your agent serves multiple users, you’ll need to track which connections belong to which user. Use the metadata field to associate connections with your users, then filter by metadata to retrieve a specific user’s connections.

1. Create a Connection for a User

When a user wants to connect an integration (e.g., GitHub), create a connection with their userId in metadata: 
smithery mcp add github \
  --id user-123-github \
  --name "GitHub" \
  --metadata '{"userId": "user-123"}'

# If OAuth is required, the CLI outputs the auth URL:
# → auth_required
# → https://auth.smithery.ai/...
# Visit the URL to authorize

2. List a User’s Connections

When your agent needs to know what tools are available for a user, list their connections: 
smithery mcp list --metadata '{"userId": "user-123"}'

3. Use Tools Across Connections

Create MCP clients for each connection and aggregate their tools: 
# List tools for a connection
smithery tool list user-123-github

# Call a tool
smithery tool call user-123-github search_repositories \
  '{"query": "mcp"}'
Or skip the iteration entirely and hand a single namespace URL to an MCP client.

Namespace MCP Endpoint

A namespace URL bundles all of a namespace’s connections behind one MCP endpoint, so the same set of tools is portable across clients (Claude.ai, Cursor, ChatGPT, MCP Inspector) without configuring each connection in each app: 
https://mcp.smithery.run/{namespace}
Tool names come back prefixed with their connection ID — notion-personal.search, user-123-github.search_repositories — so they stay unique. On tools/call, Connect strips the prefix and forwards to the matching connection. To restrict the URL to one user’s connections, mint a service token scoped to metadata.userId — same metadata model as Multi-User Setup. The endpoint also advertises protected-resource metadata, so MCP clients run the OAuth flow on their own without extra wiring.

Core Concepts

Namespaces

A namespace is a globally unique identifier that groups your connections. Create one namespace per application or environment (e.g., my-app, my-app-staging). If you don’t specify a namespace, the SDK uses your first existing namespace or creates one automatically.

Connections

A connection is a long-lived session to an MCP server that persists until terminated. Each connection:
  • Has a connectionId (developer-defined or auto-generated)
  • Stores credentials securely (write-only—credentials can never be read back, only used to execute requests)
  • Can include custom metadata for filtering (e.g., userId to associate connections with your users)
  • Returns serverInfo with the MCP server’s name and version
OptionTypeDescription
clientSmithery?The Smithery client instance. If not provided, auto-created using SMITHERY_API_KEY env var
mcpUrlstring?The MCP server URL. Required when connectionId is not provided
namespacestring?If omitted, uses first existing namespace or creates one
connectionIdstring?If omitted, an ID is auto-generated
Returns a SmitheryConnection with { transport, connectionId, url }. Throws SmitheryAuthorizationError if OAuth authorization is required (see Handling Authorization).

Connection Status

When you create or retrieve a connection, it includes a status field:
StatusDescription
connectedConnection is ready to use
auth_requiredOAuth authorization needed. Includes setupUrl
input_requiredServer needs configuration (e.g., API keys). Includes setupUrl, http (the config schema), and missing (fields not yet provided)
errorConnection failed. Includes error message

Authentication

Smithery uses two authentication methods:
TokenUse CaseAccess
API KeyBackend onlyFull namespace access
Service TokenBrowser, mobile, agentsScoped access to specific connections
Get your API key from smithery.ai/account/api-keys.
Never expose your API key to untrusted clients or agents. Use scoped service tokens for browser and mobile apps.

OAuth Flow

When an MCP server requires OAuth:
  1. Create a connection—the response status will be auth_required with a hosted setupUrl
  2. Redirect the user to setupUrl
  3. User completes OAuth with the upstream provider (e.g., GitHub)
  4. User is redirected back to your app
  5. The connection is now ready—subsequent requests will succeed
You don’t need to register OAuth apps, configure redirect URIs, or handle token exchange. Smithery manages the OAuth relationship with upstream providers and stores credentials securely on your behalf.

Handling Authorization

When you need to send a user through OAuth, prefer creating or updating the connection first and redirecting to the hosted setupUrl. That gives you a stable connectionId to retry with after the user returns to your app. 
# Connect to a server that requires OAuth
smithery mcp add github

# If auth is required, the CLI outputs the setup URL:
# → auth_required
# → https://auth.smithery.ai/...
# → connection_id: abc-123-github
# Visit the URL to authorize, then retry
After the user completes authorization and returns to your app, retry with the saved connectionId: 
# After authorization, the connection is ready
smithery tool list abc-123-github

Handling Configuration (input_required)

When a server requires configuration that wasn’t provided, the connection returns input_required with:
  • setupUrl — a hosted Smithery setup page you can redirect the user to instead of building your own form
  • http — the config schema (headers and query parameters the server accepts)
  • missing — which fields still need to be provided
In a TTY terminal, the CLI prompts for missing values automatically. Otherwise, provide them explicitly: 
# Interactive: CLI prompts for missing fields
smithery mcp add browserbase --id my-browserbase

# Non-interactive: pass config upfront
smithery mcp add \
  'https://mcp.browserbase.com/mcp?browserbaseProjectId=your-project-id' \
  --id my-browserbase \
  --headers '{"browserbaseApiKey": "your-api-key"}'
MCP requests to a connection in input_required state will be rejected until the required configuration is provided. While input_required, the mcpUrl can be updated with query parameters as long as the host and path remain the same.

Service Tokens

Service tokens let you safely use Smithery from browsers, mobile apps, and AI agents without exposing your API key. Your backend mints a scoped token, then your client uses it to call tools directly. 
smithery auth token --policy '[{
  "namespaces": "my-app",
  "resources": "connections",
  "operations": ["read", "execute"],
  "metadata": { "userId": "user-123" },
  "ttl": "1h"
}]'
This token can only access connections in my-app where metadata.userId matches user-123. Initialize the client with the token: 
# Use the scoped token to call tools
SMITHERY_API_KEY=$TOKEN smithery tool list user-123-github
Need workspace-level scoping, read-only tokens, or token narrowing? See Token Scoping for the full guide.

Advanced

For full API documentation, see the API Reference.

Direct tool calls

Call tools directly over REST: 
# List available tools
smithery tool list user-123-github

# Call a tool
smithery tool call user-123-github search_repositories \
  '{"query": "mcp"}'

Hierarchical tool paths

Many MCP servers organize tools by category using dotted names (e.g. repo.search, repo.create, issue.create). Smithery surfaces these as slash-separated URL segments so you can browse them like folders: 
# List every tool on the connection
GET /my-app/user-123-github/.tools

# Category listing — returns all tools whose upstream name starts with "repo."
GET /my-app/user-123-github/.tools/repo

# Specific tool — corresponds to upstream MCP name "repo.search"
GET /my-app/user-123-github/.tools/repo/search

# Invoke the same tool
POST /my-app/user-123-github/.tools/repo/search
The server reverses the slashes back to dots before calling the upstream MCP server, so POST /.tools/repo/search becomes a tools/call with name: "repo.search". A trailing slash is ignored — /.tools/repo/ and /.tools/repo both return the same category listing.
Flat tool names (no dots) work without any special handling — /.tools/my_tool resolves to the tool named my_tool in one segment. The hierarchy only activates when a server publishes dotted names.