# Connect an MCP client

> Create a delegated Console MCP credential, configure a trusted client, verify read-only access, and revoke it safely.

Canonical: https://entirefeed.com/docs/agents/connect

Console MCP is a hosted remote server. You do not need to install a package, clone a server, or expose a local process.

Create a separate credential for each trusted client or environment. The credential is displayed in full after creation and remains valid until you revoke it; it is not a single-use key.

Connection verification is read-only. You do not need to run a workflow, create media, or schedule a post to confirm that the client is connected.

## Create a delegated credential

Open [Console MCP settings](https://console.entirefeed.com/mcp) while signed in to the organization the agent should operate. Create a named credential for one trusted client or environment.

- The credential starts with `efmcp_live_...` and is separate from Public REST API keys.
- Its full value is displayed after creation. Store it then; the value remains valid until revoked.
- Create separate credentials for separate clients so access can be revoked independently.

## Configure the MCP client

Use the hosted Streamable HTTP endpoint `https://api.entirefeed.com/mcp/`. Console provides setup instructions for Claude Code, Codex, Cursor, GitHub Copilot, Windsurf, and other remote MCP clients. Keep the bearer credential in a local-only secret or environment variable and out of committed files.

### Remote HTTP connection

```json
{
  "name": "entirefeed-console",
  "transport": "streamable-http",
  "url": "https://api.entirefeed.com/mcp/",
  "headers": {
    "Authorization": "Bearer <paste the credential shown after creation>"
  }
}
```

### Codex config

```toml
[mcp_servers.entirefeed-console]
url = "https://api.entirefeed.com/mcp/"
bearer_token_env_var = "ENTIREFEED_MCP_TOKEN"
```

### Local environment

```shell
export ENTIREFEED_MCP_TOKEN="<paste the credential shown after creation>"
```

## Verify access without spending

Restart or refresh the client, confirm that `entirefeed-console` can list tools, then make one read-only guidance call. This verifies the connection without creating media, running a workflow, or changing a post:

### get_console_agent_best_practices

```json
{
  "tool": "get_console_agent_best_practices",
  "arguments": {
    "topic": "topics"
  }
}
```

## Rotate or revoke access

Revoke an exposed, unused, or retired credential from [Console MCP settings](https://console.entirefeed.com/mcp). Revocation takes effect on the next request. A replacement credential requires updating the client secret and reconnecting.

- Authority: Delegated current-user authority.
- Organization: The organization where the credential was created.
- Evaluation: Current membership, role, and capabilities on every request.
- Revocation: Rejected immediately after revocation.
