What InstaChime MCP supports
InstaChime exposes a sessionless Streamable HTTP endpoint at `https://instachime.com/api/mcp`. It supports MCP protocol versions `2025-11-25`, `2025-06-18`, and `2025-03-26`, negotiates the version during initialization, and returns JSON responses rather than opening an SSE stream.
Authentication uses an InstaChime workspace API token supplied as a bearer token. Use an MCP client that allows a custom endpoint and Authorization header. Browser OAuth discovery is not required for this pre-issued-token connection.
- Read recent leads and one lead with its event history.
- Read response, funnel, source, sentiment, priority, and leaderboard analytics.
- Read workflow definitions and recent workflow runs.
- Create one controlled test lead only when the token has `leads:write`.
- Keep all tools workspace-scoped, permission-scoped, revocable, and audited.
InstaChime MCP does not send prospect messages, change live lead ownership, reveal integration secrets, or expose data from another workspace.
Create a scoped token
- Sign in to InstaChime and open `/settings`.
- Find API tokens & MCP.
- Name the token after the AI client or automation owner, such as `Ops assistant`.
- Keep `mcp:use` enabled. It is required for every MCP call.
- Add only the scopes the client needs: `leads:read`, `analytics:read`, `workflows:read`, or `leads:write` for controlled test leads.
- Set an expiration date for temporary testing tokens.
- Create the token and copy it immediately. InstaChime will not show the full value again.
Configure the client connection
Choose Streamable HTTP in the client, use the endpoint below, and configure the token as an Authorization bearer value. Never put the token in the URL.
- Endpoint: `https://instachime.com/api/mcp`.
- Transport: Streamable HTTP.
- Authorization: `Bearer ichm_your_token_here`.
- Content type: `application/json`.
- Accept: `application/json, text/event-stream`.
- Latest supported protocol: `2025-11-25`.
Initialize the connection
Initialization must be the first MCP request. InstaChime returns the negotiated protocol version, tool capability, server identity, and safe-use instructions.
curl https://instachime.com/api/mcp \
-H "content-type: application/json" \
-H "accept: application/json, text/event-stream" \
-H "authorization: Bearer ichm_your_token_here" \
--data '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-11-25","capabilities":{},"clientInfo":{"name":"Your AI client","title":"Your AI client","version":"1.0.0","websiteUrl":"https://example.com"}}}'Confirm initialization
After receiving the initialize result, send the initialized notification. A successful notification returns HTTP `202 Accepted` with no response body.
curl -i https://instachime.com/api/mcp \
-H "content-type: application/json" \
-H "accept: application/json, text/event-stream" \
-H "mcp-protocol-version: 2025-11-25" \
-H "authorization: Bearer ichm_your_token_here" \
--data '{"jsonrpc":"2.0","method":"notifications/initialized"}'List available tools
The tool list is filtered by token scope, so a read-only analytics token will not see write-capable tools.
curl https://instachime.com/api/mcp \
-H "content-type: application/json" \
-H "accept: application/json, text/event-stream" \
-H "mcp-protocol-version: 2025-11-25" \
-H "authorization: Bearer ichm_your_token_here" \
--data '{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}'Call a read-only lead tool
curl https://instachime.com/api/mcp \
-H "content-type: application/json" \
-H "accept: application/json, text/event-stream" \
-H "mcp-protocol-version: 2025-11-25" \
-H "authorization: Bearer ichm_your_token_here" \
--data '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"instachime.leads.list_recent","arguments":{"limit":5,"status":"new"}}}'Understand expected transport responses
- `POST initialize`, `tools/list`, and `tools/call` return HTTP 200 with one JSON-RPC response.
- Accepted notifications return HTTP 202 with no body.
- `GET /api/mcp` returns HTTP 405 because InstaChime does not offer a standalone server-to-client SSE stream.
- An unsupported `MCP-Protocol-Version` header returns HTTP 400.
- A missing, expired, revoked, or invalid token returns HTTP 401.
- A token without `mcp:use` or the tool-specific scope cannot use the requested tool.
Available tools
- `instachime.leads.list_recent` requires `leads:read`.
- `instachime.leads.get` requires `leads:read`.
- `instachime.analytics.summary` requires `analytics:read`.
- `instachime.workflows.list` requires `workflows:read`.
- `instachime.workflows.recent_runs` requires `workflows:read`.
- `instachime.leads.create_test` requires `leads:write` and creates one controlled test lead.
Troubleshoot a client connection
- Confirm the endpoint is exactly `https://instachime.com/api/mcp` and not the public help-page URL.
- Confirm the client sends the token in the Authorization header, not as a query parameter.
- Confirm the client supports remote Streamable HTTP plus custom bearer headers.
- Include both `application/json` and `text/event-stream` in the Accept header.
- Send `notifications/initialized` after the initialize response and before normal tool use.
- Use the same negotiated protocol version in `MCP-Protocol-Version` on later requests.
- Run `tools/list` before calling a tool and verify that the token includes the required scope.
- Create a new token if the original value was lost; full token values are shown only once.
Operate safely
- Use separate tokens per AI client or automation owner.
- Prefer read-only scopes for assistants that summarize leads or analytics.
- Grant `leads:write` only to clients that need a controlled test lead workflow.
- Revoke unused tokens from `/settings`.
- Review audit logs when a token is used by a new AI tool.
- Do not paste tokens into public docs, screenshots, issue trackers, or frontend JavaScript.
Verify before using real workspace data
- Initialize the connection and confirm protocol `2025-11-25` is returned.
- Send the initialized notification and confirm HTTP 202.
- Run `tools/list` and confirm only the intended tools are visible.
- Call `instachime.leads.list_recent` with a small limit and verify every returned lead belongs to the current workspace.
- If write scope is required, call `instachime.leads.create_test` once and confirm the controlled test lead appears in the dashboard.
- Review the API-token last-used time and workspace audit log.
- Revoke the test token and confirm subsequent requests return HTTP 401.
Official references
These vendor-owned pages explain the controls and requirements referenced in this guide.
- MCP 2025-11-25 lifecycle and version negotiationOfficial documentation used to verify this setup path and its current vendor requirements.
- MCP 2025-11-25 Streamable HTTP transportOfficial documentation used to verify this setup path and its current vendor requirements.
- MCP 2025-11-25 tools specificationOfficial documentation used to verify this setup path and its current vendor requirements.
- JSON-RPC 2.0Official documentation used to verify this setup path and its current vendor requirements.