The Swoop MCP server supports two authentication methods. All requests must include a valid Bearer token in theDocumentation Index
Fetch the complete documentation index at: https://docs.swoop.it/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header:
- OAuth 2.0
- API Keys
Swoop supports OAuth 2.0 with the authorization code flow. Most of this is handled automatically by the MCP client — you only need to sign in and approve the consent screen.Best for: Interactive use from desktop AI clients like Claude Desktop.This returns the resource metadata including the authorization server URL and required scopes (This endpoint returns the full authorization server configuration, including the authorization endpoint, token endpoint, and supported grant types.Clients should use this URI to discover the authorization server and initiate the OAuth flow.
How it works
- Your MCP client discovers the authorization server via
/.well-known/oauth-protected-resource - A browser window opens for you to sign in with your Swoop account
- You review and approve the requested permissions on a consent screen
- The client receives an access token and includes it automatically with each request
OAuth discovery
The Swoop MCP server implements RFC 9728 (OAuth Protected Resource Metadata) for OAuth discovery. Clients can retrieve the OAuth configuration metadata at:profile, email). Clients use this information to locate the authorization server and initiate the OAuth flow.The authorization server metadata is available at:Dynamic Client Registration
The authorization server supports Dynamic Client Registration (DCR). Clients can discover the registration endpoint URL from the authorization server’s metadata (obtained via the OAuth Protected Resource metadata endpoint) and register automatically without manual configuration.Authentication errors
When authentication fails, the server returns a401 Unauthorized response with a WWW-Authenticate header similar to: