Overview
Connect any MCP-compatible AI assistant to your Flowmingo hiring data — read your jobs and candidates and take guarded actions (invite, move, reject), securely, with your permission. New to MCP? It's the open standard that lets AI assistants talk to tools like Flowmingo. Learn what MCP is.
Transport: Streamable HTTP (the modern remote transport). There is no legacy SSE — always point your client at /mcp, never /sse.
Treat your API key like a password. Prefer OAuth, a prompted input, or an environment variable over pasting a raw
fl_...key into a file you might commit to git (e.g..vscode/mcp.json,~/.cursor/mcp.json, your Continue config).
Authentication — two options
A — Sign in with Flowmingo (OAuth, recommended). Your browser opens a Flowmingo consent page; you paste your API key there once. The assistant only ever stores a short-lived, revocable token — never your raw key. There is no client ID or secret to create (Flowmingo uses Dynamic Client Registration). On clients that show "Advanced" OAuth settings (e.g. Claude.ai), leave the Client ID and Secret blank.
B — Static API key (header). Send your key as either header:
x-api-key: fl_YOUR_KEY
Authorization: Bearer fl_YOUR_KEY
Get your key in Flowmingo → Settings → Integrations → API Keys (tick at least the Read scopes; add Manage pipeline / Invite candidates for write actions).
Which to pick? Most clients support both; a few (e.g. ChatGPT) are OAuth-only — each tab notes what that client supports. In general, OAuth suits interactive assistants (Claude.ai, ChatGPT, VS Code); the API-key header suits CLIs, headless/CI, and editors where you'd rather drop in a key.
What you can do
Two groups: reads return immediately; writes always preview the change and ask you to confirm inside the client before anything happens. Everything is scoped to your organisation.
Read
| Capability | What it does |
|---|---|
| List job posts | Browse your organisation's open and closed roles. |
| List interview sets & projects | See your interview sets and hiring projects. |
| List your candidate pipeline | View applications by stage across a project. |
| Read interview results & scores | Pull a candidate's interview outcome and scores. |
| Look up a candidate | Fetch one candidate's name, email, and CV. |
| Search candidates | Find candidates by name or email. |
| Compare candidates | Line up several candidates side by side. |
| Hiring overview | Funnel for a project: candidates per stage, completed vs in-progress, and average score. |
| Top candidates | The highest-ranked candidates, ordered by interview score. |
| Interview result detail | One interview's per-competency scores plus the AI summary. |
| Job post detail | The full detail of a single job post. |
| Upcoming interviews | Interviews scheduled or invited and not yet completed. |
Write — guarded (preview, then confirm)
| Capability | What it does |
|---|---|
| Invite a candidate to an interview | Previews the invite, then asks you to confirm before sending. |
| Move a candidate to another stage | Previews the stage change, then asks you to confirm. |
| Reject an application | Previews the rejection, then asks you to confirm. |
| Add a note to a candidate | Previews the note, then asks you to confirm before it's saved. |
| Rate a candidate | Previews the rating, then asks you to confirm. |
| Shortlist a candidate | Previews adding the candidate to your shortlist, then asks you to confirm. |
| Tag / add to talent collection | Previews the tag or talent-collection change, then asks you to confirm. |
Security & trust
- Your data is org-scoped — the assistant can never see another company's data.
- OAuth tokens are revocable any time from Flowmingo settings.
- Every request is Origin-checked (and can be locked to an allowlist), sessions are bound to the presenting credential, and OAuth tokens are revocable.
For how to authenticate, see Authentication — two options; for the exact reads and guarded writes, see What you can do. When you're ready, jump to Connect your assistant and pick your client.
MCP server URL
Connect your assistant
Claude Code (CLI)
One command adds Flowmingo over native Streamable HTTP. Lead with OAuth; the static --header is the alternative.
Steps: 1) add the server, 2) log in (browser → paste key), 3) claude mcp list to verify.
claude mcp add --transport http flowmingo https://mcp.flowmingo.ai/mcp
claude mcp login flowmingo # browser opens; paste your fl_ key on the consent page
# Static API key instead (pick ONE header):
claude mcp add --transport http flowmingo https://mcp.flowmingo.ai/mcp \
--header "x-api-key: fl_YOUR_KEY"
# or: --header "Authorization: Bearer fl_YOUR_KEY"
# Share with a repo team (writes a git-committable .mcp.json):
claude mcp add --transport http --scope project flowmingo https://mcp.flowmingo.ai/mcp
claude mcp list && claude mcp get flowmingo
Gotcha: flags must come before the name, and always use --transport http (never sse).
Verify it works — ask: "list my open jobs."
Cursor
The static header is the simplest path. Cursor can also use OAuth (it supports Dynamic Client Registration) — for that, drop the headers block.
Steps: 1) add the server to ~/.cursor/mcp.json (below), 2) set FLOWMINGO_API_KEY=fl_... in your shell profile, 3) in Settings → MCP, toggle the server off and on to reload.
{
"mcpServers": {
"flowmingo": {
"url": "https://mcp.flowmingo.ai/mcp",
"headers": { "Authorization": "Bearer ${env:FLOWMINGO_API_KEY}" }
}
}
}
OAuth instead — drop the headers block; Cursor runs Dynamic Client Registration and opens a browser consent page on first connect:
{
"mcpServers": {
"flowmingo": {
"url": "https://mcp.flowmingo.ai/mcp"
}
}
}
Verify it works — ask: "list my open jobs."
VS Code (Copilot, agent mode)
Tools appear only in Copilot Chat → Agent mode. The root key is servers (not mcpServers) and the type is http. The prompted-key path below is the reliable setup.
Steps: 1) create .vscode/mcp.json (or run MCP: Add Server → HTTP), 2) when you start the server, VS Code prompts for your key (it is not written into the file), 3) use it in Agent mode.
{
"servers": {
"flowmingo": {
"type": "http",
"url": "https://mcp.flowmingo.ai/mcp",
"headers": { "Authorization": "Bearer ${input:flowmingo_key}" }
}
},
"inputs": [
{ "id": "flowmingo_key", "type": "promptString", "description": "Flowmingo API key (fl_...)", "password": true }
]
}
VS Code can also attempt OAuth, but the documented OAuth config expects a client ID; use the prompted-key path above for a reliable setup.
Verify it works — ask: "list my open jobs."
Claude — claude.ai & Claude Desktop
Both use the same Connectors UI and the same paste-the-URL flow. OAuth only (there is no header field in the UI).
Steps (web or desktop):
- Open Settings → Connectors and click Add custom connector.
- Name it
Flowmingoand paste the MCP server URL above. Leave Advanced → OAuth Client ID / Secret blank. - Click Add → Connect. On the Flowmingo consent page, paste your
fl_API key and authorise. - Verify — ask Claude: "list my open jobs."
Remote MCP server URL: https://mcp.flowmingo.ai/mcp
Advanced → OAuth Client ID / Secret: (leave blank — Flowmingo uses Dynamic Client Registration)
Team / Enterprise: an Owner adds it once under Organization Settings → Connectors → Custom; members then click Connect.
Need a static key on Claude Desktop instead? Use the Any client (mcp-remote) tab.
Your browser opens a Flowmingo consent page on first connect — paste your API key and authorise. Tokens are revocable any time.
ChatGPT & OpenAI Codex CLI
Both are OpenAI. ChatGPT uses Developer Mode for custom connectors (OAuth only); Codex connects natively from the CLI.
ChatGPT (web)
- On chatgpt.com (Plus / Pro / Business / Enterprise / Edu — not mobile), open Settings → Apps → Advanced and toggle Developer mode ON.
- Apps → Create → name
Flowmingo, paste the URL below, transport Streamable HTTP, auth OAuth. - Open the draft, toggle the tools on, and Refresh.
- Attach it via the + menu in a chat.
Connector URL: https://mcp.flowmingo.ai/mcp
Transport: Streamable HTTP
Auth: OAuth (leave any static OAuth client ID / secret blank — Flowmingo uses Dynamic Client Registration)
ChatGPT's Developer Mode connects with OAuth only — it does not accept a static x-api-key / custom API-key header. Plain and deep-research connectors use only search + fetch (you have both). Write tools (invite / move / reject) require Developer Mode, and each write asks you to confirm.
OpenAI Codex CLI
No bridge needed — Codex speaks Streamable HTTP natively.
[mcp_servers.flowmingo]
url = "https://mcp.flowmingo.ai/mcp"
bearer_token_env_var = "FLOWMINGO_API_KEY" # export FLOWMINGO_API_KEY=fl_...
startup_timeout_sec = 20
tool_timeout_sec = 120
# Static API key (bearer from env) — simplest:
codex mcp add flowmingo --url https://mcp.flowmingo.ai/mcp --bearer-token-env-var FLOWMINGO_API_KEY
# export FLOWMINGO_API_KEY=fl_... (or set it in ~/.codex/config.toml [mcp_servers.flowmingo])
# OAuth instead (no key stored):
codex mcp add flowmingo --url https://mcp.flowmingo.ai/mcp
codex mcp login flowmingo
codex mcp list
Verify it works — ask: "list my open jobs."
Gemini CLI & Code Assist
The Gemini CLI (and Gemini Code Assist agent mode) reach a remote MCP server through ~/.gemini/settings.json. The consumer Gemini app can't add custom MCP connectors — this path is CLI / Code Assist only.
Steps: 1) add the server under mcpServers in ~/.gemini/settings.json, 2) export FLOWMINGO_API_KEY=fl_..., 3) run gemini and /mcp to confirm the tools are listed.
{
"mcpServers": {
"flowmingo": {
"httpUrl": "https://mcp.flowmingo.ai/mcp",
"headers": { "Authorization": "Bearer ${FLOWMINGO_API_KEY}" },
"timeout": 30000
}
}
}
httpUrl selects native Streamable HTTP. The ${FLOWMINGO_API_KEY} placeholder is expanded from your environment, so no raw key is written into the file. Prefer OAuth? Gemini CLI can do it natively — drop the headers block and add "authProviderType": "dynamic_discovery" to the server entry. The CLI detects the 401 challenge, discovers our OAuth metadata, and performs dynamic client registration on its own (no client id to set).
Verify it works — in
gemini, ask: "list my open jobs."
Other clients — Windsurf · Zed · Cline · Continue
Each client below works against the same server — most support both OAuth and a static header. The snippets use a static key via an environment variable; drop the headers to let a client run OAuth where it supports it. Watch the per-client key-name traps called out below.
Windsurf (Cascade)
~/.codeium/windsurf/mcp_config.json — Windsurf accepts serverUrl or url, and supports OAuth (omit headers to trigger it).
{ "mcpServers": { "flowmingo": {
"serverUrl": "https://mcp.flowmingo.ai/mcp",
"headers": { "Authorization": "Bearer ${env:FLOWMINGO_API_KEY}" }
} } }
Zed
~/.config/zed/settings.json — the key is context_servers; omit headers for native OAuth. Set FLOWMINGO_API_KEY=fl_... in your environment rather than pasting a raw key.
{ "context_servers": { "flowmingo": {
"url": "https://mcp.flowmingo.ai/mcp",
"headers": { "Authorization": "Bearer ${env:FLOWMINGO_API_KEY}" }
} } }
Cline
MCP Servers → Configure — set type: "streamableHttp" (camelCase), or it defaults to dead SSE.
{ "mcpServers": { "flowmingo": {
"type": "streamableHttp",
"url": "https://mcp.flowmingo.ai/mcp",
"headers": { "Authorization": "Bearer ${env:FLOWMINGO_API_KEY}" },
"disabled": false, "autoApprove": []
} } }
Continue.dev
~/.continue/config.yaml — connect via the mcp-remote bridge. Set FLOWMINGO_AUTH_HEADER = Bearer fl_YOUR_KEY.
name: Flowmingo MCP
version: 0.0.1
schema: v1
mcpServers:
- name: Flowmingo
command: npx
args: ["-y", "mcp-remote", "https://mcp.flowmingo.ai/mcp", "--transport", "http-only", "--header", "Authorization:${{ secrets.FLOWMINGO_AUTH_HEADER }}"]
Verify it works — ask: "list my open jobs."
Any client (mcp-remote)
For any stdio-only client (or a future client with no native remote transport), bridge to Flowmingo with the mcp-remote stdio command. --transport http-only is required — the server has no SSE.
Steps: 1) ensure Node ≥ 18, 2) run the bridge as a stdio command in your client, 3) on the first OAuth run the browser opens — paste your key.
npx -y mcp-remote https://mcp.flowmingo.ai/mcp --transport http-only
# Static key (no browser): --header on its own arg is fine
npx -y mcp-remote https://mcp.flowmingo.ai/mcp --transport http-only \
--header "x-api-key: fl_YOUR_KEY"
{
"mcpServers": {
"flowmingo": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.flowmingo.ai/mcp",
"--transport", "http-only", "--header", "x-api-key:${FLOWMINGO_KEY}"],
"env": { "FLOWMINGO_KEY": "fl_YOUR_KEY" }
}
}
}
Rescue: if auth gets stuck, run rm -rf ~/.mcp-auth and retry. In a JSON args[], avoid a space after the header colon (npx escaping quirk).
Verify it works — ask: "list my open jobs."