MCP Server

Jitsu runs an MCP server, so AI agents can manage your pipeline directly: create destinations, wire up streams, inspect Live Events, and edit Functions.

There is a single endpoint:

https://use.jitsu.com/mcp
Info

use.jitsu.com is the Jitsu Cloud console. If you self-host Jitsu, replace it with your own console host — the MCP server is served at /mcp on the same host.

For interactive clients, authentication is OAuth 2.1 — you don't paste an API key. The first time a client uses the server, a browser tab opens asking you to approve the connection. Approve it once and the client gets a scoped, revocable token. The connection shows up under your account and can be revoked any time (see Managing access).

In CI and other headless environments the browser flow can't run. There you authenticate with a personal API key instead — see Automation and CI.

Connect a client

The endpoint is the same everywhere; only the configuration format differs.

Add the server with one command:

claude mcp add --transport http jitsu https://use.jitsu.com/mcp

The next time the agent calls a Jitsu tool, Claude Code opens a browser tab for the OAuth approval. Run /mcp inside Claude Code to check the connection status or re-authenticate.

Automation and CI

OAuth needs a browser, so it doesn't work in CI, cron jobs, or any headless setup. For those, authenticate with a personal API key — the same key the Management API uses. The key maps to your user and inherits your workspace access, so an agent running with it can do anything you can.

Generate a key on the user settings page and pass it in an Authorization header. API keys have the format {keyId}:{keySecret}; the secret is shown only once at creation. Keys can be set to never expire, which is what you want for CI.

Authorization: Bearer <api-key>

With Claude Code, add the header on the command line:

claude mcp add --transport http jitsu https://use.jitsu.com/mcp \
  --header "Authorization: Bearer $JITSU_API_KEY"

For clients configured through a file, set a static header on the server — the same shape as in Connect a client, plus a headers block. Read the key from an environment variable rather than committing it. For Cursor (~/.cursor/mcp.json):

{
  "mcpServers": {
    "jitsu": {
      "type": "http",
      "url": "https://use.jitsu.com/mcp",
      "headers": {
        "Authorization": "Bearer ${JITSU_API_KEY}"
      }
    }
  }
}

VS Code uses a top-level servers key instead of mcpServers; add the same headers block to the jitsu entry shown in its tab above.

Revoke a key from the same API Keys page to cut off access.

What the agent can do

The tools mirror the Management API. Every configuration object — destination, stream, service, connection, function — follows the same list / get / create / update / delete shape, so an agent that learns one resource knows them all.

ToolWhat it does
list_workspacesList the workspaces you can access
list_resourcesList resources of a type in a workspace
get_resourceGet a single resource by id
get_resource_schemaGet the JSON Schema for creating/updating a resource type
create_resourceCreate a resource
update_resourceUpdate a resource by id
delete_resourceDelete a resource by id
list_event_sourcesList the sources — streams, connections, destinations — you can read events for
query_eventsRead recent Live Events for a stream, connection, or destination

Resource type is one of destination, stream, service, function, or connection. The agent typically calls get_resource_schema first to learn the exact payload, then create_resource or update_resource.

Live Events and Functions

query_events exposes the same real-time stream as the Live Events view in the UI: incoming events, function execution logs, and warehouse write statuses, with an errors-only filter. The agent calls list_event_sources first to find the stream, connection, or destination to watch. Combined with the config tools, this lets an agent verify its own work — create a connection, send a test event, check that it landed.

Because Functions are configuration objects too, the agent can read a function's code with get_resource and ship a fix with update_resource. So when Live Events shows a function throwing, the agent can find the bug and correct it without leaving the conversation.

Managing access

Each connected client holds a token issued through OAuth. To see or revoke them, open the API Keys section of your account. Revoking a key disconnects that client immediately; reconnecting re-runs the browser approval.