Raster

Authentication

Connect with OAuth as yourself, or use an org-scoped API key.

The MCP server accepts two credentials: OAuth — the recommended way to connect an agent as yourself — and the same API keys as the REST and GraphQL APIs for server-to-server integrations. Every MCP request carries its credential as a bearer token.

Add https://mcp.raster.app/ as a remote MCP server in your client (Claude, Cursor, or any client that speaks MCP authorization). The client discovers the authorization server automatically, registers itself, and opens a Raster consent page where you sign in and pick one organization the connection may access. The connection gets your library access within that organization and follows it live — change a role or remove a library and the connection follows.

Pick your client for a connect button or short setup steps:

Add a remote MCP server with this URL:

https://mcp.raster.app/

Claude Desktop: Settings → Connectors → Add custom connector, then paste the URL.

Claude Code: Run claude mcp add --transport http raster with the URL.

Then approve the Raster sign-in and pick one organization.

Add to Cursor

Opens Cursor and a Raster sign-in — pick one organization at consent.

If Cursor doesn’t open, add the server to it manually with this URL:

https://mcp.raster.app/
Add to VS Code

Opens VS Code and a Raster sign-in — pick one organization at consent.

If VS Code doesn’t open, add the server to it manually with this URL:

https://mcp.raster.app/

Add a remote MCP server with this URL:

https://mcp.raster.app/
  1. Run codex mcp add raster --url https://mcp.raster.app/, or add it to ~/.codex/config.toml as a streamable-HTTP server.
  2. Run codex mcp login raster, approve the Raster sign-in in your browser, then pick one organization.

Add a remote MCP server with this URL:

https://mcp.raster.app/
  1. In Antigravity, open Manage MCP Servers and add a custom server with the URL.
  2. Then Settings → Customizations → Installed MCP Servers → Authenticate, and approve in the browser.

Add a remote MCP server with this URL:

https://mcp.raster.app/
  1. In v0, open settings and add an MCP server.
  2. Use the URL, then approve the Raster sign-in and pick one organization.

Or have your agent add it — paste this prompt:

Add the Raster MCP server to this client: a remote Streamable HTTP server named "raster" at https://mcp.raster.app/ over OAuth. Then walk me through the OAuth sign-in for this client (reload it if needed, approve in the browser) and confirm its tools load.

Manage every connection under Settings → Connected apps, where one click revokes it.

No-account agent endpoint

Agents that have no Raster account yet connect to a separate endpoint:

https://mcp.raster.app/anonymous

This endpoint takes no credential. It serves the MCP handshake and one tool, create_organization, which mints an organization, a starter library, and an API key. The agent then connects to the main endpoint https://mcp.raster.app/ with that key as a bearer token to upload and manage assets, and the user claims the organization within 30 days via the emailed link.

API keys

You manage keys in each organization's settings, where you can:

  1. Create a key when you need one.
  2. Scope it by enabling access only to specific libraries.
  3. Regenerate it if it is ever exposed.
  4. Delete it when it is no longer needed.

Creating a key

Open organization settings

Go to Organization name → Settings in the Raster app.

Generate a new key

In the API keys section, generate a new key. Copy it immediately — for security, the full key is shown only once.

Grant library access

Enable Read access for every library the key should reach. Add Write access if the connection will upload, delete, tag, or move assets. Save your changes.

Treat API keys like passwords. Never commit them to source control or expose them in client-side code. If a key leaks, regenerate it immediately — the old value stops working at once.

Access levels

Each key carries a per-library access level. Tools check this level before running:

A tool that targets a library the key cannot reach fails with API_KEY_NOT_AUTHORIZED_FOR_LIBRARY (404) — the same response as an unknown library, so the key learns nothing about libraries it has no access to. See Errors.

Authenticating the connection

Send your key as a bearer token in the Authorization header on every request to https://mcp.raster.app/:

Authorization: Bearer <API_KEY>

In MCP clients that support a custom Authorization header, you paste the key once when adding the remote server and the client attaches it to every request.

Requirements

  • HTTPS only. Requests over plain HTTP are rejected.
  • Authentication required. A missing or malformed Authorization header is rejected with 401 before any tool runs.
  • Scope matters. The key must have the right access level for every library a tool touches.

On this page