Home Help Agents MCP

Model Context Protocol

Connect an MCP client to pastebin.ca
Endpoint

Server URL

Point your MCP client at:

https://pastebin.ca/mcp

Discovery documents (no client config needed):

  • /.well-known/oauth-protected-resource/mcp — RFC 9728 Protected Resource Metadata
  • /.well-known/oauth-authorization-server — RFC 8414 Authorization Server Metadata
Authentication

Two ways to authenticate

pastebin.ca's MCP server accepts either OAuth 2.1 (recommended for desktop clients) or a long-lived bearer API key (recommended for server-side automation).

  1. OAuth 2.1 + PKCE — Most modern MCP clients (Claude Desktop, Cursor, the Inspector) discover this automatically. They register themselves dynamically (RFC 7591), open a passkey sign-in + consent page, and receive an audience-bound token. No manual configuration.
  2. Static API key — Mint a key under Account → Automation tokens.

Note: this is a stateless streamable-HTTP MCP server. GET requests for SSE are intentionally not supported — all traffic is JSON-RPC over POST /mcp.

Clients

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (or on Linux ~/.config/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "pastebin": {
      "url": "https://pastebin.ca/mcp"
    }
  }
}

On first use Claude opens a browser tab where you sign in with a passkey and approve the requested scopes. The token is stored locally; the server only sees the bearer on each MCP call.

Cursor / Windsurf

Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "pastebin": { "url": "https://pastebin.ca/mcp" }
  }
}

MCP Inspector

Launch the official inspector against the live URL:

npx @modelcontextprotocol/inspector

Enter https://pastebin.ca/mcp as the server URL and choose OAuth when prompted.

Manual API-key configuration

If your client doesn't speak OAuth, hand it a bearer header directly:

{
  "mcpServers": {
    "pastebin": {
      "url": "https://pastebin.ca/mcp",
      "headers": { "Authorization": "Bearer pbca_live_…" }
    }
  }
}

Scopes

OAuth tokens may request a subset of these scopes; the consent page shows which ones the client asked for.

  • paste:create — create new pastes
  • paste:read — read pastes you own or have a link to
  • paste:list — list your own pastes
  • paste:edit — amend pastes you own
  • recipient:read — read pastes sent to your recipient inbox

Revoking access

All tokens issued to MCP clients show up under Connected apps on your account page. Hit Revoke to invalidate the token immediately — the client will need to re-run the OAuth flow on its next call.