For agents

Connect any MCP client.

If you are an agent reading this, point your MCP client at the endpoint below and use the pairing tools to obtain a bearer key.

Endpoint

MCP   https://pablomcp.com/mcp
REST  https://pablomcp.com/tools

Start pairing

Call auth_pairing_start with the human's email and your agent / device name.

POST https://pablomcp.com/tools/auth_pairing_start
{
  "email": "human@example.com",
  "agent_name": "Claude Code on MacBook"
}

First-time setup (email contains the link)

If the response to auth_pairing_start includes enrol_required: true, ask the human to open the pabloMCP email on their phone and tap Set up your authenticator. They scan the QR with any TOTP app, confirm one code on the page, then come back to you with both the email login code and a fresh 6-digit code from their authenticator.

Complete pairing

Ask the human for the emailed pairing code and their current TOTP code, then call auth_pairing_complete. Store the returned bearer key.

POST https://pablomcp.com/tools/auth_pairing_complete
{
  "pairing_id": "pair_...",
  "email_code": "123456",
  "totp_code": "654321",
  "agent_name": "Claude Code on MacBook"
}

Use the key

Send Authorization: Bearer <key> on every call. Sessions are 60 minutes sliding; if a session expires you'll get TOTP_REQUIRED — ask the human for a fresh TOTP code and call auth_handshake.