Api
MCP server
Connect AI assistants like Claude Code, Claude Desktop, and Cursor to FormBackend via the Model Context Protocol
FormBackend exposes a Model Context Protocol (MCP) server at:
https://www.formbackend.com/mcp
Connecting it to your AI assistant lets you ask things like “list my forms”, “show submissions to my contact form from this week”, or “create a newsletter signup form called Beta List” and have the assistant call the FormBackend API for you.
Authentication
You can authenticate two ways:
- OAuth (recommended for desktop assistants) — you add the server URL to your client, a browser pops up, you log in to FormBackend and approve the consent screen. The client stores a token automatically. No copy-pasting required.
- API key (recommended for scripts and CI) — pass an API key in the
Authorization: Bearer <token>header.
Both modes respect the same set of scopes:
| Scope | What it allows |
|---|---|
forms_read |
List forms and read their settings |
forms_write |
Create new forms and update existing form settings |
submissions_read |
Read form submissions |
When you authorize via OAuth you’ll see exactly which scopes the client is requesting on the consent screen. With API keys, scopes map to the permission checkboxes on the API keys page.
Setup
Claude Code (CLI)
claude mcp add --transport http formbackend https://www.formbackend.com/mcp
The first request triggers the OAuth flow — your browser will open, you log in, approve the consent screen, and the client stores the access token. Subsequent commands work transparently.
To use an API key instead:
claude mcp add --transport http formbackend https://www.formbackend.com/mcp \ --header "Authorization: Bearer YOUR_API_KEY"
Claude (web and Desktop)
Custom remote MCP connectors are added on claude.ai (Pro, Max, Team, or Enterprise plans). Once added, they’re available in both the web app and Claude Desktop because the connector lives on your Anthropic account.
In claude.ai, open Settings → Connectors, click Add custom connector, and paste:
https://www.formbackend.com/mcp
Click Add. The first time you enable the connector or call a FormBackend tool, you’ll be sent to FormBackend to log in and approve the consent screen.
Cursor
Edit ~/.cursor/mcp.json and add:
{ "mcpServers": { "formbackend": { "url": "https://www.formbackend.com/mcp" } } }
Restart Cursor. The first time you use a FormBackend tool in Composer, Cursor opens your browser for the OAuth flow.
For API key auth instead, replace the entry with:
{ "mcpServers": { "formbackend": { "url": "https://www.formbackend.com/mcp", "headers": { "Authorization": "Bearer YOUR_API_KEY" } } } }
Other clients
Any client that speaks the modern Streamable HTTP transport and supports OAuth 2.1 with Dynamic Client Registration will work. Point it at https://www.formbackend.com/mcp — the discovery endpoints at /.well-known/oauth-authorization-server and /.well-known/oauth-protected-resource advertise the rest.
Available tools
| Tool | Required scope | Description |
|---|---|---|
list_forms |
forms_read |
Returns every form in your account with its token, name, and submission count |
get_form |
forms_read |
Returns the full settings for a single form by token |
create_form |
forms_write |
Creates a new form. Only name is required; the form is auto-assigned to your default project |
update_form_settings |
forms_write |
Updates settings on an existing form. Only the fields you pass are changed |
list_submissions |
submissions_read |
Returns submissions for a form, with optional filtering by spam/trash status and date range |
The full input schema for each tool is returned by the tools/list JSON-RPC call — your AI assistant queries this automatically when the connection starts.
Managing connected applications
Visit your authorized applications page to see every AI assistant you’ve connected and revoke access individually. Revoking immediately invalidates the access and refresh tokens for that client; you’ll need to reconnect to keep using it.
Limitations
- The MCP server operates against your first account (the same one the rest of the API uses). Multi-account users can’t yet pick which account a connected client targets.
- Non-admin team members only see and modify forms in projects they have membership for, mirroring the web app’s permission rules.
- Form quotas, plan limits, and paid-only fields (custom redirect URL, additional notification recipients) are enforced exactly as they are on the web app.