POST
/
{tenant}
/
mcp
curl --request POST \
  --url https://api.kambrium.com/{tenant}/mcp \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "jsonrpc": "2.0",
  "id": "init-123",
  "method": "initialize",
  "params": {
    "protocolVersion": "2025-03-26",
    "capabilities": {
      "roots": {
        "listChanged": true
      },
      "sampling": {}
    },
    "clientInfo": {
      "name": "my-mcp-client",
      "version": "1.0.0"
    }
  }
}'
{
  "jsonrpc": "2.0",
  "id": "<string>",
  "result": {
    "protocolVersion": "2025-03-26",
    "capabilities": {
      "tools": {
        "listChanged": true
      },
      "resources": {
        "subscribe": true
      },
      "prompts": {
        "listChanged": true
      }
    },
    "serverInfo": {
      "name": "kambrium-mcp-server",
      "version": "1.0.0"
    }
  }
}

Protocol Overview

This endpoint provides three server feature utility methods as defined in the MCP 2025-03-26 specification:

  1. completion/complete - Argument autocompletion for prompts and resource URIs
  2. logging/setLevel - Set minimum log level for server notifications
  3. Cursor-based pagination - For paginating large result sets in list operations

All methods use JSON-RPC 2.0 over HTTP with tenant-specific endpoints.

Prerequisites

  1. Valid OAuth Token - Bearer token from Cognito authentication
  2. MCP Session - Initialized via initialize method
  3. Tenant Context - Valid tenant path (e.g., /pipedrive/mcp, /hubspot/mcp)

Completion Utility

completion/complete

Provides argument autocompletion suggestions for prompts and resource URIs. Enables rich, IDE-like experiences where users receive contextual suggestions while entering argument values.

Request

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "completion/complete",
  "params": {
    "ref": {
      "type": "ref/prompt",
      "name": "code_review"
    },
    "argument": {
      "name": "language",
      "value": "py"
    }
  }
}

Parameters

FieldTypeRequiredDescription
refObjectYesReference to prompt or resource
ref.typeStringYesEither "ref/prompt" or "ref/resource"
ref.nameStringConditionalRequired for ref/prompt
ref.uriStringConditionalRequired for ref/resource
argumentObjectYesArgument being completed
argument.nameStringYesName of the argument
argument.valueStringYesCurrent partial value

Response

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "completion": {
      "values": ["python", "pytorch", "pyside"],
      "total": 3,
      "hasMore": false
    }
  }
}

Completion Features

  • Prompt Arguments: Contextual suggestions based on argument names (language, type, status, format)
  • Resource URIs: URI completion based on available resources
  • Maximum Results: Limited to 100 suggestions per request
  • Fuzzy Matching: Partial string matching for suggestions

Logging Utility

logging/setLevel

Sets the minimum log level for server notifications. Uses RFC 5424 standard log levels and controls which notifications/message events are sent to clients.

Request

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "logging/setLevel",
  "params": {
    "level": "info"
  }
}

Parameters

FieldTypeRequiredDescription
levelStringYesLog level (debug, info, notice, warning, error, critical, alert, emergency)

Response

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {}
}

Log Levels (RFC 5424)

LevelDescriptionExample Use Case
debugDetailed debugging informationFunction entry/exit points
infoGeneral informational messagesOperation progress updates
noticeNormal but significant eventsConfiguration changes
warningWarning conditionsDeprecated feature usage
errorError conditionsOperation failures
criticalCritical conditionsSystem component failures
alertAction must be taken immediatelyData corruption detected
emergencySystem is unusableComplete system failure

Log Message Notifications

Once a level is set, the server sends notifications/message for qualifying log events:

{
  "jsonrpc": "2.0",
  "method": "notifications/message",
  "params": {
    "level": "error",
    "logger": "database",
    "data": {
      "error": "Connection failed",
      "details": {
        "host": "localhost",
        "port": 5432
      }
    }
  }
}

Pagination Utility

Cursor-based Pagination

Our implementation supports cursor-based pagination for all list operations that may return large result sets. Pagination uses opaque cursor tokens instead of numbered pages.

Supported Operations

  • resources/list - List available resources
  • resources/templates/list - List resource templates
  • prompts/list - List available prompts
  • tools/list - List available tools

Pagination Request

{
  "jsonrpc": "2.0",
  "id": 3,
  "method": "resources/list",
  "params": {
    "cursor": "eyJvZmZzZXQiOjUwLCJwYWdlX3NpemUiOjUwfQ=="
  }
}

Pagination Response

{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "resources": [
      {
        "uri": "file:///example.txt",
        "name": "example.txt",
        "mimeType": "text/plain"
      }
    ],
    "nextCursor": "eyJvZmZzZXQiOjEwMCwicGFnZV9zaXplIjo1MH0="
  }
}

Pagination Features

  • Opaque Cursors: Base64-encoded tokens containing position information
  • Default Page Size: 50 items per page
  • Maximum Page Size: 100 items per page
  • Total Count: Not exposed (cursor-based approach)
  • Stable Ordering: Consistent results across pagination requests

Pagination Flow

  1. First Request: Send list request without cursor parameter
  2. Check Next Cursor: Look for nextCursor in response
  3. Continue Pagination: Use nextCursor value in subsequent requests
  4. End Detection: Missing nextCursor indicates no more results

Error Handling

All utilities follow standard JSON-RPC 2.0 error responses:

Common Error Codes

CodeMessageDescription
-32601Method not foundUtility method not supported
-32602Invalid paramsMissing or invalid parameters
-32603Internal errorServer-side processing error

Error Response Format

{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32602,
    "message": "Invalid params: missing level parameter"
  }
}

Security Considerations

Completion Security

  • Input validation on all completion parameters
  • Rate limiting to prevent abuse
  • Access control based on OAuth permissions
  • No sensitive data in completion suggestions

Logging Security

  • Log messages must not contain credentials or secrets
  • Personal identifying information is filtered
  • Internal system details are sanitized
  • Rate limiting prevents log flooding

Pagination Security

  • Cursor validation prevents injection attacks
  • Access control applied to all paginated resources
  • Consistent permissions across pagination requests
  • Resource filtering based on OAuth scope

Implementation Notes

Server Capabilities

These utilities are declared in the server’s capabilities during initialization:

{
  "capabilities": {
    "completions": {},
    "logging": {}
  }
}

Note: Pagination is implicit in list operations and does not require a separate capability declaration.

Rate Limiting

  • Completion: Debounced requests recommended
  • Logging: Message emission rate controlled by server
  • Pagination: Standard HTTP rate limits apply

Client Integration

  • Completion: Implement debouncing for real-time suggestions
  • Logging: Handle notifications asynchronously
  • Pagination: Cache cursors appropriately but do not persist across sessions

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Headers

Mcp-Session-Id
string

MCP session ID (required after initialization)

Example:

"session_abc123"

Path Parameters

tenant
string
required

Tenant identifier (e.g., 'pipedrive', 'salesforce', 'hubspot')

Example:

"pipedrive"

Body

application/json

Response

200
application/json

JSON-RPC 2.0 response

The response is of type object.