AI tools

MCP server

MCP server

One read-only Model Context Protocol server at https://mcp.mountaya.com/ that gives AI agents the Mountaya Data API as tools. Connect an assistant over OAuth, or send an API key pair from a client you configure yourself.

The Mountaya MCP server exposes the read-only Data API to AI agents over the Model Context Protocol, served as MCP Streamable HTTP at the host root. The public endpoint is https://mcp.mountaya.com/ (the bare host root, with a trailing slash). Point any MCP client at it and the agent gains read-only tools for outdoor routing, places, and geometry analysis, plus a resource that serves the full Data API schema. No tool creates, updates, or deletes anything.

There are two ways to authenticate, on the same endpoint:

  • An interactive assistant connects over OAuth. Claude, ChatGPT, and other MCP-compatible assistants connect through a sign-in screen, with no keys in a config file. See Connect your assistant (OAuth).
  • A non-interactive client sends an API key pair. A client you configure yourself sends a publishable and secret key pair on every request, and the server brokers session tokens for it. See Connect a non-interactive client (key pair).

Same endpoint, same tools.

What you can do

The server exposes the read-only Data API operations as tools. Grouped by what they do:

Routing

Compute directions between waypoints, generate route suggestions shaped to a target distance, draw reachability isochrones, and build travel-time and distance matrices, each for a chosen activity.

Places

Geocode free text into named places, reverse-geocode a coordinate, list points of interest in an area, and run a unified search across places, points of interest, ways, and the itineraries, collections, and zones your credential may view.

Analysis

Classify the surface, way type, and slope of an existing line for an activity.

Coordinates are [longitude, latitude] in WGS 84, distances are in meters, and durations are in seconds, the same conventions as the Data API. For the exact parameters of each tool, see Tools below.

Connect your assistant (OAuth)

Use this path for an interactive assistant like Claude or ChatGPT: you connect once through a sign-in screen, with no app to register and no keys to paste into a config file. The connector URL is the bare MCP host root, https://mcp.mountaya.com/, with a trailing slash and no path after it. The assistant discovers the protocol and the OAuth server from it.

Connect once

Connecting is a one-time browser flow. After it, the assistant holds a token and calls the tools on its own; you do not sign in again per request.

1

Add the connector URL

In your assistant's connector settings, add a new MCP server and paste the connector URL (https://mcp.mountaya.com/). The per-assistant steps are in Set up your assistant below.

2

The assistant discovers the OAuth server

The assistant reads the connector and discovers Mountaya's OAuth server automatically, then registers itself with Dynamic Client Registration. There is no app to create and no client id or secret to copy: the assistant handles registration for you.

3

Sign in with your Mountaya account

The flow opens a Mountaya sign-in page in your browser. Sign in with the same account you use for the app. This proves who you are; it does not yet decide which data the assistant can read.

4

Pick a publishable key on the consent screen

After signing in you land on a consent screen. It names the assistant that is asking and what it will be able to do, and asks you to choose which publishable key the assistant should use. The picker groups your keys by organization and shows them by name, so you select a key without ever seeing its raw value. If you have no usable key yet, you can create one inline (it is created with the Data product scope it needs) when you are an owner or admin of an organization.

5

Authorize

Choose a key and select Authorize. The browser returns to your assistant, which stores the connection. From here the assistant can call the read-only Data API tools whenever your conversation needs them.

How access is scoped

The assistant acts with the publishable key you chose on the consent screen, and nothing wider.

  • One organization. A publishable key belongs to one organization, so the assistant can read only that organization's data. To let an assistant work with a different organization, connect again and pick a key in that organization.
  • Metered to that organization. Calls the assistant makes count against the chosen key's organization under the same rate limits as any other Data API call.
  • No secret key, ever. The flow binds a publishable key, by id, never its raw value and never a secret key. The assistant cannot see or use your secret key, and the consent screen never exposes one.
  • Read-only. Every tool is a read; nothing in the tool set creates, updates, or deletes your data.

For the full model, see OAuth for MCP connectors in the authentication guide.

Set up your assistant

The connect flow is the same everywhere: paste the connector URL, sign in, pick a key, authorize. Each assistant just exposes that field in a slightly different place, and a few have quirks worth knowing.

Use Claude.ai or Claude Desktop, both of which support custom connectors.

  1. Open Settings → Connectors (Claude.ai) or the connector settings in Claude Desktop.
  2. Choose to add a custom connector and paste the connector URL (https://mcp.mountaya.com/).
  3. Complete the sign-in and consent flow when Claude opens it, and pick the publishable key the connector should use.

The Claude Code CLI cannot complete this OAuth flow today; see Troubleshooting to connect the CLI with a key pair instead.

Connect a non-interactive client (key pair)

Prefer this path for a non-interactive client you configure yourself: a local agent, a CLI, or a server-side runtime that authenticates without a person signing in. The client sends a publishable key in X-API-Key and a secret key in X-Secret-Key on every request. The server validates the pair, mints (or reuses a cached) Data API session token on your behalf, and proxies the operation, so your client never calls the session endpoint itself. A missing or malformed key pair is rejected at the edge with 401 Unauthorized.

Add the server to your client with the public endpoint and your key pair. Keep the two keys as placeholders below and replace them with your own. Create keys in your organization's API settings and enable the data scope.

Register the server with the claude mcp add command. The --transport http flag selects MCP Streamable HTTP, and each --header carries one credential.

claude mcp add mountaya \
  --transport http \
  --header "X-API-Key: pk_your_publishable_key" \
  --header "X-Secret-Key: sk_your_secret_key" \
  https://mcp.mountaya.com/

The client sends both keys and the server does the rest:

X-API-Key

pk_…

Your publishable key. Identifies your organization and must carry the data scope. Sent on every request.

X-Secret-Key

sk_…

Your secret key. The server uses it to mint a short-lived session token for the Data API. Sent on every request.

See authentication for how the underlying key pair and session tokens work.

Tools

The server registers read-only tools, each proxying one Data API GraphQL query. Coordinates are [longitude, latitude] in WGS 84, distances are in meters, and durations are in seconds. A GraphQL-level failure is returned as a tool error carrying the Data API's {message, path, extensions} envelope, so the agent can read the error code and self-correct.

Routing

directions

→ directions

Compute directions between waypoints for an activity. Returns one or more routes with distance, duration, geometry, and analysis. Parameters: activity, waypoints ([[lng, lat], …], at least two, required); speed (km/h, optional).

suggestions

→ suggestions

Generate route suggestions shaped to a target distance for an activity. Returns multiple candidates with elevation data. Parameters: activity, distance (meters), start ([lng, lat]), end, ascent, candidates (1 to 10).

isochrones

→ isochrones

Compute reachability polygons from one or more locations for an activity. Parameters: activity, locations ([[lng, lat], …]), range (values in seconds or meters), rangeType (time or distance).

matrix

→ matrix

Compute a time-distance matrix between locations for an activity. Parameters: activity, locations ([[lng, lat], …]), sources and destinations (index arrays, optional), metrics (duration, distance).

Places

geocode

→ geocode

Forward geocode free text into ranked named places. Parameters: query (required); language, limit (1 to 50), focus ([lng, lat]), bbox, layers, categories (optional).

reverseGeocode

→ reverseGeocode

Reverse geocode a [lng, lat] point into the closest named places. Parameters: point (required); language, radiusMeters, limit, layers (optional).

pois

→ pois

List points of interest matching categories inside a bounding box or a buffered geometry. Parameters: categories (required, 1 to 10); bbox or buffered (mutually exclusive); language, limit (optional).

search

→ search

Unified full-text search across places, POIs, ways, and your own itineraries, collections, and zones. Parameters: query (required); targets (per-target enable flags, at least one true); language, limit, focus, bbox (optional). Owned-entity results are scoped to what your credential may view.

Analysis

analyzeGeometry

→ analyzeGeometry

Classify the surface, way type, and slope of an existing line. Parameters: activity, coordinates ([[lng, lat], …], required).

Schema resource

The server also exposes the Data API schema as an MCP resource, so a client can fetch the full SDL the tools are generated from.

URI

mountaya://data/schema

The Data API schema (SDL). Served as application/graphql. This is the same schema documented in the Data API reference.

Limits

The MCP surface inherits the Data API's behavior.

  • Read-only. Every tool is a query. There are no mutations.
  • Rate limits. Calls count against the same rate limits as the Data API, keyed to your organization. See authentication for limits and the 429 response.
  • Error parity. Tool errors carry the Data API's GraphQL error envelope verbatim, including each entry's code and path, so a failure surfaces the same machine-readable detail you would get calling the Data API directly.

Troubleshooting

If an OAuth-connected assistant's Mountaya tools start failing, the connection's key or organization has changed out from under it. A connection is bound to the specific publishable key you chose, so it breaks when:

  • the key was revoked or deleted,
  • the key lost the Data product (its data scope or the organization's Data access was removed),
  • the organization was deactivated, or
  • you were removed from the organization.

The fix is to reconnect and choose another key. A token refresh alone keeps the old binding, so it will keep failing for the same reason; an explicit reconnect is what lets you bind a different, working key.

1

Remove the connector

In your assistant, remove the Mountaya connector (or sign it out), so the next add starts a fresh sign-in rather than reusing the stale binding.

2

Add it again and pick a working key

Add the connector URL again, sign in, and on the consent screen choose a key that still carries the Data product in an organization you are an active member of. Create one inline if you need to. Authorize, and the tools come back.

See also