Organization MCP
Use the Pocket MCP server with organization-scoped tools when you authenticate as an org member or with an organization API key
The Pocket MCP server (/mcp) automatically exposes organization-scoped tools alongside your personal conversation tools whenever the request is authenticated against an organization.
There is no separate /org/mcp endpoint — same URL, more tools when org context is available.
Endpoint
https://public.heypocketai.com/mcpThe endpoint speaks the MCP Streamable HTTP transport.
How org context is resolved
| Auth method | What appears in tool list |
|---|---|
| OAuth bearer (Firebase user) | The 4 personal *_pocket_* tools, plus the 12 org tools if you are an active member of at least one organization. |
User API key (Authorization: Bearer pk_user...) | Same as OAuth. |
Organization API key (Authorization: Bearer pk_org...) | Only the 12 org tools. No personal conversation tools (the key is not tied to a user). |
When you authenticate as a user that belongs to multiple organizations, your oldest active membership is selected automatically. There is no per-request org-switching today.
Permission model
Different gates depending on how you signed in:
User identity (OAuth or user API key)
The tool is available based on your role in the organization:
| Role | Read tools | Write tools |
|---|---|---|
viewer | yes | no |
member | yes | no |
admin | yes | yes |
owner | yes | yes |
Organization API key
Gated by the scopes assigned to the key when it was created (see API Keys):
| Tool | Scope |
|---|---|
list_org_recordings, get_org_recording, get_org_recording_audio_url, search_org_recordings, list_org_tags, get_org_analytics | recordings:read |
list_org_templates, get_org_template | templates:read |
create_org_template, update_org_template, delete_org_template | templates:write |
Calling a tool without the required scope returns insufficient scope: <scope> from the tool, not from the transport.
Tools
Recordings
list_org_recordings— Paginated list of recordings owned by org members. Supportsstart_date,end_date(YYYY-MM-DD, filtered oncreated_at),tag_ids,page,limit.get_org_recording— Fetch a single recording byrecording_idwith decrypted transcripts and summarizations.get_org_recording_audio_url— Generate a pre-signed S3 URL for audio download (expires_in60–86400 seconds, default 3600).search_org_recordings— Semantic search across all active organization member recordings (transcripts, meeting sections, action items). Required:query. Optional:limit(1–20, default 8),dateFrom,dateTo,recordingIds,tagIds,folderIds. Backed by the per-org Turbopuffer namespaces; new members are dual-written into the org index automatically and a backfill task seeds existing data.
Tags
list_org_tags— All tags belonging to org members, with usage counts.
Templates
list_org_templates/get_org_template— Read the org's shared templates.create_org_template— Create a new template. Required:name,sections. Optional:description,icon,meeting_context,generate_action_items,generate_mind_map,category,routing_instructions. When called by a real user, the user is recorded as the template creator.update_org_template— Patch fields on an existing template (only provided fields are changed).delete_org_template— Soft-delete a template byid.
Analytics
get_org_analytics— Aggregated recording statistics for the organization, broken down by member, for an inclusive date range (filtered oncreated_at, matchinglist_org_recordings). Defaults to the last 30 days (UTC). Returnsperiod,totals(recordings / total_duration_seconds / summarizations), and per-member rows.
Client configuration
Claude Desktop / Cursor
Add to your MCP client config (e.g. claude_desktop_config.json):
{
"mcpServers": {
"pocket": {
"url": "https://public.heypocketai.com/mcp",
"headers": {
"Authorization": "Bearer pk_your_key_here"
}
}
}
}For OAuth-capable clients, point them at the same URL and complete the OAuth flow when prompted; the org tools become visible automatically if your account is in an organization.
Manual test
curl -X POST https://public.heypocketai.com/mcp \
-H "Authorization: Bearer pk_xxx" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'Errors
| Status / Tool error | Meaning |
|---|---|
401 unauthorized | Missing, malformed, or invalid auth header (no API key or OAuth token recognized). |
429 | Per-key rate limit hit (see X-RateLimit-* response headers). |
this tool requires user authentication | An org pk_ key tried to call a personal *_pocket_* tool. |
this tool requires organization context | A user API key / OAuth token has no active org membership. |
user is not an active member of this organization | Membership row was deactivated between auth and tool call. |
write access requires the admin or owner role | A member or viewer tried to call a template write tool. |
insufficient scope: <scope> | Org pk_ key lacks the scope required by the tool. |
recording not found / template not found | The resource isn't owned by this org or has been deleted. |