Connect your AI to Sautikit over MCP
Connect Claude Code, Cursor, VS Code, or Windsurf to the hosted Sautikit MCP server, scope an API key for agent use, and browse all 42 tools.
Sautikit runs a hosted MCP server at
https://mcp.sautikit.com/mcp (Streamable HTTP). Connect any MCP-capable
client with a Sautikit API key and it gets 42 tools over your workspace:
calls, numbers, wallet, webhooks, voice agents, and broadcast campaigns —
the same public REST API your own code uses, with the same auth, rate limits,
and billing. Agent and broadcast endpoints additionally enforce key scopes server-side.
Create a key in the dashboard (Settings → API keys at app.sautikit.com). The JWT itself is the secret and is shown once — store it in your environment:
export SAUTIKIT_API_KEY="eyJhbGciOiJFUzI1NiIs..."claude mcp add --transport http sautikit https://mcp.sautikit.com/mcp \
--header "Authorization: Bearer $SAUTIKIT_API_KEY"Verify with claude mcp list — sautikit should show as connected.
Add to ~/.cursor/mcp.json (or .cursor/mcp.json in your project):
{
"mcpServers": {
"sautikit": {
"url": "https://mcp.sautikit.com/mcp",
"headers": { "Authorization": "Bearer YOUR_SAUTIKIT_API_KEY" }
}
}
}Add to .vscode/mcp.json — the promptString input keeps the key out of
the file:
{
"servers": {
"sautikit": {
"type": "http",
"url": "https://mcp.sautikit.com/mcp",
"headers": { "Authorization": "Bearer ${input:sautikit-key}" }
}
},
"inputs": [
{
"id": "sautikit-key",
"type": "promptString",
"password": true,
"description": "Sautikit API key"
}
]
}Add to ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"sautikit": {
"serverUrl": "https://mcp.sautikit.com/mcp",
"headers": { "Authorization": "Bearer YOUR_SAUTIKIT_API_KEY" }
}
}
}Treat an AI client like any other integration: mint it a narrow key.
scopes claim and advertises tools based on
your key's permissions. Scopes on agent and broadcast tools are enforced
by the API itself — a key without broadcasts.manage cannot start a broadcast,
whether through MCP or direct REST calls. For calls, numbers, wallet, and webhook
tools, scopes currently control which tools the MCP server advertises; API-side
enforcement for those families is rolling out.place_call, claim_number,
release_number, hangup_call, delete_webhook, start_broadcast,
resume_broadcast, send_agent_call, delete_agent, publish_agent)
carry MCP annotations, so well-behaved clients ask you to confirm before
running them. Keep confirmations on.upsert_agent_tool are write-only — no
read tool ever returns them, so secrets cannot leak into a model's
context.| Tool | Wraps | Behavior |
|---|---|---|
list_calls | GET /v1/calls | read-only; direction/status/date/number filters |
get_call | GET /v1/calls/{id} | read-only; includes the event timeline |
get_call_stats | GET /v1/calls/stats | read-only |
get_call_recording | GET /v1/calls/{id}/recording | read-only; URL + metadata |
place_call | POST /v1/calls | spends money — client confirms |
hangup_call | POST /v1/calls/{call_id}/hangup | destructive |
| Tool | Wraps | Behavior |
|---|---|---|
list_numbers | GET /v1/numbers | read-only |
get_number | GET /v1/numbers/{id} | read-only; call rates folded in |
search_available_numbers | GET /v1/numbers/available | read-only |
claim_number | POST /v1/numbers/{id}/claim | spends money — client confirms |
release_number | DELETE /v1/numbers/{id} | destructive — client confirms |
update_number_routing | PUT /v1/numbers/{id}/routing | write |
| Tool | Wraps | Behavior |
|---|---|---|
get_wallet_balance | GET /v1/wallet/balance | read-only |
list_wallet_statements | GET /v1/wallet/statements | read-only |
get_ai_spend | GET /v1/wallet/ai-spend | read-only |
| Tool | Wraps | Behavior |
|---|---|---|
list_webhooks | GET /v1/webhooks | read-only |
list_webhook_deliveries | GET /v1/webhooks/{id}/deliveries | read-only |
create_webhook | POST /v1/webhooks | write |
update_webhook | PATCH /v1/webhooks/{id} | write |
test_webhook | POST /v1/webhooks/{id}/test | write, safe |
delete_webhook | DELETE /v1/webhooks/{id} | destructive |
| Tool | Wraps | Behavior |
|---|---|---|
list_broadcasts | GET /v1/broadcasts | read-only; state filter, cursor |
get_broadcast | GET /v1/broadcasts/{id} | read-only; funnel + costs |
get_broadcast_report | GET /v1/broadcasts/{id}/report.csv | read-only; summary + outcomes |
create_broadcast | POST /v1/broadcasts | write |
add_broadcast_contacts | POST /v1/broadcasts/{id}/contacts | write; bulk variant folded in |
start_broadcast | POST /v1/broadcasts/{id}/start | spends money at scale — strongest confirm |
pause_broadcast | POST /v1/broadcasts/{id}/pause | write |
resume_broadcast | POST /v1/broadcasts/{id}/resume | spends money — client confirms |
| Tool | Wraps | Behavior |
|---|---|---|
list_agents | GET /v1/agents | read-only |
get_agent | GET /v1/agents/{id} | read-only |
create_agent | POST /v1/agents | write |
update_agent | PUT /v1/agents/{id} | write |
delete_agent | DELETE /v1/agents/{id} | destructive — client confirms |
publish_agent | POST /v1/agents/{id}/publish | write — client confirms |
list_agent_revisions | GET /v1/agents/{id}/revisions | read-only; optional revision param |
list_agent_tools | GET /v1/agents/{id}/tools | read-only; header keys only |
upsert_agent_tool | PUT /v1/agents/{id}/tools/{toolID} | write; header values write-only |
delete_agent_tool | DELETE /v1/agents/{id}/tools/{toolID} | destructive |
send_agent_call | POST /v1/agents/{id}/send | spends money — client confirms |
get_agent_limits | GET /v1/agents/limits | read-only |
| Tool | Wraps | Behavior |
|---|---|---|
validate_voice_actions | local schema validation | read-only; no API call, no cost |
Tool failures return the API's error code and message plus a hint — e.g.
wallet.insufficient_balance tells the agent to ask you to top up in the
dashboard, and a 401 means the key is invalid or revoked (mint a new one in
the dashboard). Docs resources ship with the server too: the OpenAPI spec,
the voice-actions JSON schema, and a quickstart are available to your
client as sautikit://docs/* resources.