Getting connected
Kubeez MCP uses standard OAuth 2.1 so your client can act on your behalf with your consent.
#Authorization, in 4 steps
- Your client contacts the Kubeez server and opens a browser tab.
- You sign in to Kubeez and see the capabilities the client wants.
- You approve or deny. If approved, the client receives a token.
- The client sends that token with every request — generations use your credits.
You can revoke any client at any time from Settings → MCP.
#Capabilities (scopes)
| Scope | What it lets the client do |
|---|---|
generate:media | Start image, video, captions, audio-separation jobs + use upload tools |
generate:music | Start music generations |
generate:speech | Start text-to-dialogue / TTS |
generate:ads | Start ad-copy generations |
read:balance | Check your credit balance |
read:generations | List and inspect your generation history |
The client can only use what you approve. Missing scope → the call is refused with a clear error.
#Tokens
- The client receives a short-lived access token and uses it for every request.
- Tokens refresh automatically so you don't need to re-authorize on every session.
- If a token is missing or invalid, the client should prompt you to re-authorize.
No password or long-lived secret is shared with the client. Personal access tokens (the API-key alternative) are also revocable from Settings → MCP.
#Cursor — one-click
Opens Cursor directly. Complete OAuth in the browser when prompted (same flow as above).
#Claude Code — CLI
claude mcp add --transport http kubeez https://mcp.kubeez.com/mcp
Run in your terminal. Claude Code registers the server and opens OAuth in your browser on first use.
#Codex CLI
codex mcp add kubeez --url https://mcp.kubeez.com/mcp
Run in your terminal. Codex CLI saves the server to ~/.codex/config.toml and opens OAuth in your browser on first use.
Next: Media tools, Music tools, or Ads tools.