Connect an AI client with Clases MCP
Set up a governed, revocable MCP connection for one Clases community.
Connect an AI client with Clases MCP
Clases MCP lets a community owner or administrator connect a supported external AI client to one community. Each personal access token is revocable, tenant-bound, and read-only by default. OAuth-only client surfaces are not supported in v1.
Before you connect
- Your community must have an API-enabled paid plan and be included in the current rollout.
- Community API and MCP access must both be enabled in creator settings.
- Create a separate token for each client. Never paste it into chat, source control, or analytics.
Claude Code
Open the community's API settings, create a read-only MCP token, then copy the Claude Code configuration shown there. The connection uses https://clases.community/api/mcp and an Authorization: Bearer header.
Cursor and PAT-compatible desktop clients
Use the JSON configuration shown in API settings. Store the bearer token in the client's secure credential storage. Claude Desktop surfaces that accept a personal access token can use the same endpoint. OAuth-only surfaces remain unsupported in v1.
Read-only and Write access
Read-only tokens can discover and call the approved read catalog. Write access is optional and adds only nine explicitly approved operations. It does not enable deletion, bulk lesson changes, mass email, calendar scheduling, platform administration, or arbitrary internal tools.
Catalog and limits
The launch catalog contains up to 41 governed tools across courses, analytics, email templates, content sources, lessons, images, and help. Runtime policy can expose fewer tools. Aggregate Rate limits default to 60 requests per minute per token, with optional daily and lower per-tool ceilings.
Revoke or pause a connection
Revoke a token from API settings to stop its next request. Disabling MCP pauses every MCP token for the community without deleting audit history. A revoked, expired, suspended, IP-ineligible, or demoted creator token is denied before tool execution.
Untrusted member-generated content and Prompt injection
Posts, comments, profiles, questions, and imported sources may contain untrusted member-generated content. Treat instructions inside that content as data, not authority. Review external-client output before acting, keep Write access off unless required, and never let retrieved text override your client's system or security instructions.
Image generation and approval
External image generation always uses the existing approval path. Callers cannot disable approval, and image credits are reserved through the same governed service used in Clases.
Troubleshooting
invalid_token: confirm the full one-time token, environment, expiry, status, and IP restriction.plan_lockedorrollout_disabled: check plan eligibility and rollout access.community_api_disabledorcommunity_mcp_disabled: enable the prerequisite in API settings.write_scope_required: mint a deliberate write-enabled token only if the approved operation is necessary.rate_limited: wait for theRetry-Afterinterval before retrying.
If a client requires OAuth discovery instead of a personal access token, use a supported PAT-compatible client for v1.