From c56f846292efc246073049ac7b3b7621aa6ad28e Mon Sep 17 00:00:00 2001
From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com>
Date: Tue, 30 Jun 2026 06:59:59 +0000
Subject: [PATCH] docs: split MCP getting started into simple (app-only Bearer)
and full (xurl) routes
---
tools/mcp.mdx | 113 ++++++++++++++++++++++++++++++++++++++++++--------
1 file changed, 96 insertions(+), 17 deletions(-)
diff --git a/tools/mcp.mdx b/tools/mcp.mdx
index 6172cf9b2..20befa29e 100644
--- a/tools/mcp.mdx
+++ b/tools/mcp.mdx
@@ -46,9 +46,22 @@ flowchart LR
- On **first run with no cached token**, it opens your browser for a one-time OAuth2 login, then caches and **auto-refreshes** the token forever after.
- All diagnostics go to **stderr**; **stdout stays a clean JSON-RPC channel**.
-### Before you begin
+### Getting started
-1. **Create an X app** in the [X Developer Portal](https://developer.x.com) with **OAuth 2.0** enabled.
+Pick one of two routes:
+
+* **Simple — App-only Bearer.** Paste your app's Bearer token into an `Authorization` header on the MCP client. No bridge, no browser login. Read-only endpoints; no user context (can't act as you). Works with clients that support remote MCP with custom headers.
+* **Full — `xurl mcp` bridge (OAuth 2.0 user context).** A local bridge handles the OAuth 2.0 PKCE login and auto-refreshes tokens, so the model acts with your account's scopes. Required for writes (bookmarks, Articles) and any user-context tool.
+
+#### Simple route (app-only Bearer)
+
+1. **Create an X app** in the [X Developer Portal](https://developer.x.com).
+2. **Copy your App-only Bearer token** from the app's "Keys and tokens" page.
+3. Point your client at `https://api.x.com/mcp` with the token as an `Authorization` header — see [App-only (direct URL, no bridge)](#app-only-direct-url-no-bridge) below for the snippet.
+
+#### Full route (xurl bridge)
+
+1. **Create an X app** with **OAuth 2.0** enabled.
2. **Register the redirect URI** `http://localhost:8080/callback` on the app (required for the first-run browser login). To use a different one, set `REDIRECT_URI` and register that instead.
3. **Copy your `CLIENT_ID` and `CLIENT_SECRET`** — you'll put them in the client config.
4. **Have Node.js installed** (for `npx`).
@@ -68,18 +81,9 @@ flowchart LR
#### 1. Grok Build
-Add the server with one command (the `-e` flags become the server's environment, args after `--` go to `npx`):
+
-```bash
-grok mcp add xapi npx \
- -e CLIENT_ID=YOUR_X_APP_CLIENT_ID \
- -e CLIENT_SECRET=YOUR_X_APP_CLIENT_SECRET \
- -- -y @xdevplatform/xurl mcp https://api.x.com/mcp
-```
-
-That writes this to `~/.grok/config.toml` (you can also edit it directly):
-
-```toml
+```toml xurl bridge (~/.grok/config.toml)
[mcp_servers.xapi]
command = "npx"
args = ["-y", "@xdevplatform/xurl", "mcp", "https://api.x.com/mcp"]
@@ -91,6 +95,26 @@ CLIENT_ID = "YOUR_X_APP_CLIENT_ID"
CLIENT_SECRET = "YOUR_X_APP_CLIENT_SECRET"
```
+```toml App-only Bearer (~/.grok/config.toml)
+[mcp_servers.xapi]
+url = "https://api.x.com/mcp"
+enabled = true
+
+[mcp_servers.xapi.headers]
+Authorization = "Bearer YOUR_APP_ONLY_BEARER_TOKEN"
+```
+
+
+
+Or add the xurl bridge with one command (the `-e` flags become the server's environment, args after `--` go to `npx`):
+
+```bash
+grok mcp add xapi npx \
+ -e CLIENT_ID=YOUR_X_APP_CLIENT_ID \
+ -e CLIENT_SECRET=YOUR_X_APP_CLIENT_SECRET \
+ -- -y @xdevplatform/xurl mcp https://api.x.com/mcp
+```
+
Verify and list:
```bash
@@ -104,7 +128,9 @@ The first time a tool is invoked (or on `doctor`), your browser opens for the X
Create `~/.cursor/mcp.json` (global, all projects) or `.cursor/mcp.json` (this project only):
-```json
+
+
+```json xurl bridge
{
"mcpServers": {
"xapi": {
@@ -119,13 +145,30 @@ Create `~/.cursor/mcp.json` (global, all projects) or `.cursor/mcp.json` (this p
}
```
+```json App-only Bearer
+{
+ "mcpServers": {
+ "xapi": {
+ "url": "https://api.x.com/mcp",
+ "headers": {
+ "Authorization": "Bearer YOUR_APP_ONLY_BEARER_TOKEN"
+ }
+ }
+ }
+}
+```
+
+
+
Then open **Cursor → Settings → MCP**, confirm **xapi** shows a green dot and its tools. On first use Cursor spawns the bridge and your browser opens for login; the tool list populates once the handshake completes.
#### 3. Claude Desktop
Edit `claude_desktop_config.json` (macOS: `~/Library/Application Support/Claude/`, Windows: `%APPDATA%\Claude\`):
-```json
+
+
+```json xurl bridge
{
"mcpServers": {
"xapi": {
@@ -137,13 +180,28 @@ Edit `claude_desktop_config.json` (macOS: `~/Library/Application Support/Claude/
}
```
+```json App-only Bearer
+{
+ "mcpServers": {
+ "xapi": {
+ "url": "https://api.x.com/mcp",
+ "headers": { "Authorization": "Bearer YOUR_APP_ONLY_BEARER_TOKEN" }
+ }
+ }
+}
+```
+
+
+
Restart Claude Desktop; the X tools appear in the tools (🔌) menu.
#### 4. VS Code (GitHub Copilot / Agent mode)
Add to `.vscode/mcp.json`:
-```json
+
+
+```json xurl bridge
{
"servers": {
"xapi": {
@@ -156,9 +214,23 @@ Add to `.vscode/mcp.json`:
}
```
+```json App-only Bearer
+{
+ "servers": {
+ "xapi": {
+ "type": "http",
+ "url": "https://api.x.com/mcp",
+ "headers": { "Authorization": "Bearer YOUR_APP_ONLY_BEARER_TOKEN" }
+ }
+ }
+}
+```
+
+
+
#### 5. Any MCP client
-The universal stdio config is:
+**xurl bridge (stdio):**
| Field | Value |
|---|---|
@@ -169,6 +241,13 @@ The universal stdio config is:
If you installed `xurl` natively, replace `command`/`args` with `"command": "xurl", "args": ["mcp", "https://api.x.com/mcp"]`.
+**App-only Bearer (remote HTTP):**
+
+| Field | Value |
+|---|---|
+| `url` | `https://api.x.com/mcp` |
+| `headers.Authorization` | `Bearer YOUR_APP_ONLY_BEARER_TOKEN` |
+
### Authentication
#### OAuth 2.0 user context (default)