Core Unified API

The Unified MCP Server has two personalities:

  • Connection mode — point it at a single end-customer connection and it exposes that connection's integration-specific tools (CRM contacts, accounting invoices, HRIS employees, and so on).
  • Core Unified API mode — authenticate with only a workspace API key (no connection ID) and it exposes the Core Unified API management tools for your own workspace configuration data.

This page covers Core Unified API mode.

Note: Core Unified API mode operates on your workspace configuration data (connections, webhooks, integrations, API-call logs, issues, environments). It does not read or write your end-customers' data inside their connections — use a per-connection URL for that (see get_unified_connection_mcp_url).

Authentication

Provide a Unified.to workspace API key as the only credential. This is the "Private Workspace-only Authentication" method described in Authentication.

The token may be supplied either way:

LocationExample
URL parameterhttps://mcp-api.unified.to/mcp?token=<workspace-api-key>
Authorization headerAuthorization: bearer <workspace-api-key>

All other options must be passed as URL parameters.

Warning: A workspace API key grants access to all of your connections and your entire Unified.to account. Treat it as a secret and never expose it in a shareable URL. To hand out access to a single connection, generate a connection-scoped URL with get_unified_connection_mcp_url.

Endpoints

TransportUSEU
Streamable HTTPhttps://mcp-api.unified.to/mcphttps://mcp-api-eu.unified.to/mcp
SSE (deprecated)https://mcp-api.unified.to/ssehttps://mcp-api-eu.unified.to/sse

Client configuration

Streamable HTTP:

{
  "mcpServers": {
    "unified-core": {
      "type": "streamable-http",
      "url": "https://mcp-api.unified.to/mcp?token=<workspace-api-key>"
    }
  }
}

Via mcp-remote (for clients that only speak stdio):

{
  "mcpServers": {
    "unified-core": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp-api.unified.to/mcp?token=<workspace-api-key>"]
    }
  }
}

Tools

Core Unified API mode exposes the following tools.

Connections

ToolDescription
list_unified_connectionsList the connections in your workspace
get_unified_connectionRetrieve a single connection by ID
create_unified_connectionCreate a connection
update_unified_connectionUpdate a connection
remove_unified_connectionDelete a connection
get_unified_connection_mcp_urlGenerate a connection-scoped MCP remote URL (see below)

Webhooks

ToolDescription
list_unified_webhooksList webhooks
get_unified_webhookRetrieve a webhook by ID
create_unified_webhookCreate a webhook
update_unified_webhookUpdate a webhook
remove_unified_webhookDelete a webhook
update_unified_webhook_triggerTrigger a webhook

Integrations

ToolDescription
list_unified_integrationsList the available integrations and their supported capabilities

Issues

ToolDescription
list_unified_issuesList issues / tickets raised against your workspace
get_unified_issueRetrieve a single issue by ID

API calls

ToolDescription
list_unified_apicallsList recent API-call logs
get_unified_apicallRetrieve a single API-call log by ID

Environments

ToolDescription
list_unified_environmentsList authentication environments
create_unified_environmentCreate an environment
remove_unified_environmentDelete an environment

get_unified_connection_mcp_url

This is the bridge from Core Unified API mode into connection mode: manage your connections with your workspace API key, then generate a ready-to-use MCP remote URL for any individual connection. The URL exposes that connection's integration-specific tools over both Streamable HTTP (/mcp) and SSE (/sse).

Parameters

ParameterRequiredDescription
connection_idyesThe ID of the connection to generate an MCP remote URL for
modenoAuthentication method for the generated URL — api (default) or user. See Modes
permissionsnoComma-separated permission scopes to limit the tools the URL exposes (e.g. crm_contact_read,crm_company_read)
toolsnoComma-separated tool IDs or wildcard patterns to limit which tools the URL exposes (e.g. list_*,*invoices*)
aliasesnoCustom description aliases (key:alt1,alt2;key2:alt3) to improve tool matching (e.g. employee:user;employees:users)
defer_toolsnoDefer tool loading to reduce context usage — all or a comma-separated list of tool IDs
dcnoPreferred data center / region (us, eu, au, dev)
hide_sensitivenoWhen true, strips PII and other sensitive fields from tool responses before they reach the LLM
include_external_toolsnoWhen true, exposes the vendor's raw passthrough endpoints as additional callable MCP tools

Any option supplied is baked into the returned URLs as a query parameter. See Server options for the full behavior of each one.

Modes

The mode parameter selects the authentication method embedded in the generated URL:

modeGenerated URLSharing
api (default)…/mcp?connection=<connectionId>&token=<workspace-api-key>Embeds your workspace API key — grants full-account access. Do not share. The key can instead be moved out of the URL and sent via the Authorization: bearer <token> header.
user…/mcp?token=<connectionId>-<nonce>-<signature>Uses a connection-scoped signed token. Safe to share — it grants access only to that single connection and never exposes your workspace API key.

Response

{
  "connection_id": "682e20be9ca303793060370f",
  "integration_type": "hubspot",
  "mode": "user",
  "mcp_url": "https://mcp-api.unified.to/mcp?token=682e20be9ca303793060370f-<nonce>-<signature>",
  "sse_url": "https://mcp-api.unified.to/sse?token=682e20be9ca303793060370f-<nonce>-<signature>",
  "note": "USER mode: this URL uses a connection-scoped signed token. It is safe to share and grants access only to this single connection."
}

Example

Generate a shareable, read-only CRM URL for one connection by calling get_unified_connection_mcp_url with:

  • connection_id: 682e20be9ca303793060370f
  • mode: user
  • permissions: crm_contact_read,crm_company_read
  • hide_sensitive: true

The returned mcp_url can be dropped straight into any MCP client and only exposes the read-only CRM tools for that connection, with PII stripped from responses.

Are we missing anything? Let us know
Was this page helpful?