Source: https://datafa.st/docs/mcp-introduction
Markdown source: https://datafa.st/docs/mcp-introduction.md
Description: Connect Codex, Claude Code, Cursor, or any MCP client to query analytics and manage your DataFast account through natural language.

# DataFast MCP server

The DataFast MCP server lets MCP-compatible clients such as Codex, Claude Code, and Cursor query your analytics and manage your account through natural language. It provides the same functionality, permissions, and safety checks as the [REST API](/docs/api) and [CLI](/docs/cli-introduction).


![Connect DataFast to an MCP client](/datafast-mcp-configuration.png)

> It uses Streamable HTTP at `https://datafa.st/api/mcp`.

## Step 1 — Create an account token

Open [Account Settings → API / MCP](https://datafa.st/dashboard/settings?tab=api), choose which websites and permissions the client can access, then create a token. Copy the `dft_` token when it appears—you will use it in the next step, and it is only shown once.

[![Where to create a DataFast account token](/blog-how-to-get-datafast-account-api-key.jpg)](https://datafa.st/dashboard/settings?tab=api)

Every MCP request uses the permissions and website access you selected for the token.

## Step 2 — Connect your client

### Codex

Save the copied token in a `DATAFAST_TOKEN` environment variable, then add DataFast:

```sh
codex mcp add datafast \
  --url https://datafa.st/api/mcp \
  --bearer-token-env-var DATAFAST_TOKEN
```

### Claude Code

```sh
claude mcp add --transport http datafast https://datafa.st/api/mcp \
  --header "Authorization: Bearer dft_xxx"
```

### Cursor, Claude Desktop, and other config-based clients

```json
{
  "mcpServers": {
    "datafast": {
      "url": "https://datafa.st/api/mcp",
      "headers": {
        "Authorization": "Bearer dft_xxx"
      }
    }
  }
}
```

### Clients that only support stdio

Bridge with [mcp-remote](https://www.npmjs.com/package/mcp-remote):

```json
{
  "mcpServers": {
    "datafast": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://datafa.st/api/mcp",
        "--header",
        "Authorization: Bearer dft_xxx"
      ]
    }
  }
}
```

## Tools

See the [full tool reference](/docs/mcp-tools) — analytics, websites, API keys, team, goals, funnels, visitors, alerts, account, access tokens, and integration status. Tool names follow `datafast_<resource>_<action>`, e.g. `datafast_analytics_overview`, `datafast_websites_list`.

## Safety

- **Confirmation gate:** irreversible or credential-issuing tools (delete, roll, mint API keys/tokens) require an explicit `confirm: true` argument. Calling without it returns a preview of what would happen instead of doing it, so an agent can't fire a sensitive action on the first try.
- **No secret exfiltration:** listing endpoints for API keys and access tokens never return secret values, only metadata (id, name, prefix, dates) — same as the REST API.
- **Website deletion is dashboard-only:** there is no MCP tool to delete a website; deletion can't be automated by design.
- **Payment connect/disconnect is dashboard-only:** MCP can report integration status, but connecting or disconnecting payment providers (and handling their credentials) stays in the dashboard.
- **Scoped by token, not by tool:** every tool call re-validates permissions against the real route — the transport resolves the bearer once per request, then reuses that result for in-process auth (no elevated MCP-only privilege).

## Advanced: Limit MCP to one website

For a more restricted setup, use a `df_` website API key instead of an account token. It limits the client to one website and mostly read-only analytics. Create one from that website's **Settings → API / MCP** page and see [authentication and scopes](/docs/api/authentication) for details.

## Related

- [Tool reference](/docs/mcp-tools)
- [Authentication and scopes](/docs/api/authentication)
- [DataFast CLI](/docs/cli-introduction)
- [Account API](/docs/api/account)
