Metabase MCP Server
Metabase includes a built-in Model Context Protocol (MCP) server that lets AIclients connect directly to a Metabase instance. It uses the Streamable HTTPtransport and builds onMetabase's Agent API to expose tools for searching, exploring, querying, and visualizing data — allscoped to the connecting user's permissions.
Endpoint
The MCP server is available at:
https://{your-metabase.example.com}/api/mcp
Connecting a client
Point any MCP-compatible client at the /api/mcp endpoint. For example, with Claude Code:
claude mcp add metabase https://{your-metabase.example.com}/api/mcp --transport streamable-http
For Claude Desktop, create a custom connectorusing the same URL.
For Cursor, open Settings > MCP and add a new server with the type set to streamable-http and the URL:
https://{your-metabase.example.com}/api/mcp
Authentication
MCP clients authenticate via OAuth 2.0. Metabase runs its own embedded OAuth server — no external provider isneeded.
The flow for a first-time connection:
- The client discovers Metabase's OAuth endpoints.
- The client registers itself with Metabase.
- The user is redirected to Metabase to log in and approve the connection.
- The client receives an access token scoped to the user's Metabase permissions.
Browser-based sessions (cookie auth) are also supported and receive unrestricted scopes.
Scopes
Access tokens are scoped to limit what tools a client can use:
| Scope | Grants access to |
|---|---|
agent:table:read |
get_table, get_table_field_values |
agent:metric:read |
get_metric, get_metric_field_values |
agent:search |
search |
agent:query:construct |
construct_query |
agent:query |
query |
agent:query:execute |
execute_query |
Wildcard patterns (e.g. agent:*) match any scope with that prefix.
OAuth protected resource metadata is available at:
/.well-known/oauth-protected-resource/api/mcp
By default our consent screen grants access to all scopes without the opportunity to customize.
Available tools
The MCP server exposes these tools, dynamically generated from the Agent API endpoint metadata:
| Tool | Description |
|---|---|
search |
Search for tables and metrics using keyword or natural language search. |
get_table |
Get details about a table including its fields, related tables, and metrics. |
get_table_field_values |
Get sample values and statistics for a field in a table. |
get_metric |
Get details about a metric including its queryable dimensions. |
get_metric_field_values |
Get sample values and statistics for a field in a metric. |
construct_query |
Construct a query against a table or metric. Accepts the user's original prompt when available. Returns an opaque query_handle for use with execute_query or visualize_query. |
execute_query |
Execute a previously constructed query and return results with column metadata. |
query |
Query a table or metric directly. Supports pagination via continuation tokens. |
Query results are limited to 200 rows per request. When more rows are available, the response includes acontinuation_token that can be passed back to fetch the next page.
Resources
The server exposes MCP resources soclients can fetch supplementary content by URI without inflating tool descriptions.
| Resource URI | Description |
|---|---|
metabase://docs/construct-query.md |
Program syntax for construct_query and query — sources, operations, operator forms, worked examples, pitfalls. |
Supported JSON-RPC methods
| Method | Description |
|---|---|
initialize |
Initialize the MCP connection. Returns server capabilities and a session ID. |
notifications/initialized |
Client notification that initialization is complete. |
tools/list |
List available tools (filtered by the token's scopes). |
tools/call |
Call a tool with arguments. |
resources/list |
List available resources (filtered by the token's scopes). |
resources/read |
Read a resource by URI. Requires an initialized session. |
ping |
Keepalive ping. |
Requests can be sent individually or as a JSON-RPC batch. The server responds with JSON or SSE depending on theAccept header.
Architecture
The implementation lives in these files:
api.clj— The HTTP handler. Parses JSON-RPC requests, validates authentication and session headers,enforces origin checks (DNS rebinding protection), and dispatches to the appropriate method. Supports both JSON andSSE response formats.tools.clj— Tool dispatch and manifest generation. Builds the tool list from Agent API endpointmetadata, checks scopes, and routes tool calls through synthetic Agent API requests.resources.clj— MCP resource registry and handlers. Holds documentation resources (liketheconstruct_queryreference) keyed by URI, with scope-based access control onresources/listandresources/read.scope.clj— Scope matching logic. Supports exact matches, wildcard patterns, and the::unrestrictedsentinel for session-based auth.
Request flow
MCP client
→ POST /api/mcp (JSON-RPC)
→ Origin + session validation
→ Auth: OAuth bearer token or browser session
→ Scope check against requested tool
→ Synthetic request to Agent API endpoint
→ Response materialized as MCP content
→ JSON or SSE back to client
Further reading
- MCP user docs
- Agent API source
- Model Context Protocol specification
