48 Typed Tools28 for reading, 14 for writing, and 6 high-risk ones. Which of them an agent actually sees depends on the scopes and policies approved for that connection.
What Agents Can ReadWorkspaces and integrations, platform capabilities, drafts and scheduled posts, content counts, campaigns, taxonomy, hashtag groups, media with folders, labels and usage history, grid tiles, analytics, demographics, and integration health.
What Agents Can WriteWith mcp:write, an editor or admin can create a draft, schedule existing content, update planning notes, run the two-step media upload, and tidy media folders and labels. None of it skips the validation the app already does.
Dangerous Actionsmcp:dangerous unlocks the tools that go public or cannot be taken back: publish_now, retry_content, archive_content, restore_content, delete_content, and the preview-first organize_media_assets.
Confirmation SafeguardsEvery dangerous action needs an exact confirmation tied to the action and its target ID. Server-side auto-confirm exists, but only for named actions a policy has deliberately switched on.
AuthenticationApprove the client in your browser: the authorization page checks PKCE, shows exactly which scopes are requested, lets you pick the organization, and only then hands over a scoped token. An API key still works for headless setups.
Org And Workspace ChecksA browser-approved grant is tied to one organization, but every call still names a workspace, and the server checks you can reach it before anything is read or changed.
Token Expiry And RevocationAccess tokens last six hours and refresh tokens rotate for up to ninety days. Approved clients show up under MCP Connections, where you can cut off access straight away.
Server-Side LoggingEvery tool call is logged: the tool, who ran it, how they authenticated, the client, scopes, organization, workspace, targets, confirmation mode, duration, and outcome.
Rate And Origin ControlsThe MCP endpoint is capped at 60 requests a minute and held to the same allowed-origin rules as the API. Downstream actions still answer to each platform's own limits.
Outside MCP On PurposeThe Inbox, approvals, and client review are separate surfaces. MCP also does not generate PDF reports, reorder grid tiles, or manage API keys. Those live in the app, REST API, or CLI.