Frequently Asked Questions

Product Overview & Key Features

What is the Hygraph MCP server and what does it do?

The Hygraph MCP server connects Hygraph directly to AI assistants via the Model Context Protocol (MCP). It acts as a bridge between AI tools (such as Claude, Cursor, Windsurf, or VS Code) and Hygraph’s Content API, allowing large language models (LLMs) to interact with your Hygraph project using natural language commands in a secure, structured, and standardized way. [Source]

What tasks can I automate with the Hygraph MCP server?

You can automate tasks such as fetching blog posts, generating social media summaries, creating and publishing new product entries, updating draft posts, checking content models, listing posts with authors, moving content between environments, performing bulk updates, and generating/publishing content automatically based on prompts or structured data. [Source]

Which AI assistants and IDEs are compatible with the Hygraph MCP server?

The MCP server is compatible with Claude Code, Cursor IDE, VS Code, Windsurf IDE, and Claude Desktop. Each client has specific setup instructions for connecting to the MCP server. [Source]

What operations are supported by the MCP server?

The MCP server supports discovery, querying, CRUD operations (Create, Read, Update), and publishing. Delete and unpublish operations are currently not supported via MCP. [Source]

Is the Hygraph MCP server available for all projects?

Yes, the Hygraph MCP server is available for all projects and is currently in Early Access. [Source]

How do I retrieve the Permanent Auth Token (PAT) for MCP server authentication?

To retrieve the PAT, go to Project Settings in your Hygraph project, select Access, then Permanent Auth Tokens, and copy the PAT you want to use. The MCP server authenticates using this bearer token. [Source]

What permissions are required for the PAT to use the MCP server?

To fully leverage the MCP server, your PAT should have Read, Create, Update, and Publish permissions. For read-only operations, only the Read permission is needed. [Source]

How do I find the MCP Server API endpoint for my project?

In your Hygraph project, go to Project Settings, select Access, then Endpoints. Under MCP Server API, copy the endpoint URL provided. [Source]

How do I set up the MCP client for Claude Code?

Claude Code supports HTTP MCP servers with auth headers. You can set your token as an environment variable and reference it in the command, or add the server with your bearer token directly. For verification, use claude mcp list and claude to test the setup. [Source]

How do I configure the MCP client for Cursor IDE?

In Cursor IDE, add the MCP server in Settings or via the .cursor/mcp.json file in your repository. Paste the configuration with your endpoint and token. Models selected through Auto mode cannot handle the MCP server; select a model manually. [Source]

How do I set up the MCP client for VS Code?

VS Code has built-in MCP support. Add the MCP server configuration to the .vscode/mcp.json file, specifying the endpoint and authorization header. Alternatively, use mcp-remote with environment variables for token management. [Source]

How do I configure the MCP client for Windsurf IDE?

In Windsurf IDE, add the MCP server in Settings under Cascade → MCP Servers. Paste the configuration in ~/.codeium/windsurf/mcp_config.json with your endpoint and token, then refresh servers. [Source]

How do I set up the MCP client for Claude Desktop?

Edit your config file at ~/Library/Application Support/Claude/claude_desktop_config.json (Mac) or %APPDATA%/Claude/config.json (Windows), adding the MCP server configuration. Restart Claude Desktop to apply changes. [Source]

What are some example prompts I can use with the MCP server?

Examples include: listing all blog posts and creating Markdown files, finding and updating draft posts with 'urgent' in the title, and generating TypeScript types for all content models in Hygraph. [Source]

What troubleshooting steps should I follow for authorization errors?

Check if the token works in the Hygraph API playground, verify required permissions, ensure the header format is correct (Authorization: Bearer YOUR_TOKEN), and remove any extra quotes around the token. [Source]

How do I resolve 'server not found in client' errors?

For stdio clients, verify npx is installed and test mcp-remote manually. For Claude Code, check the config and logs. For Claude Desktop, ensure your Node version is 22 or higher. [Source]

What should I do if MCP server tools are not displayed in my client?

Restart your IDE or client, check the MCP server list/status, review server logs, and verify network access and token permissions. [Source]

How do I troubleshoot mcp-remote connection issues?

Update to the latest version of mcp-remote, use the absolute path of npx in your config, and ensure your Node version is at least 20.18.1. [Source]

What are the security best practices for using the MCP server?

Store tokens in environment variables, avoid committing tokens to remote repositories, set up secret management in CI/CD, create role-specific tokens, use read-only tokens for read-only workflows, use separate tokens per environment, configure Content API permissions, and audit token usage regularly. [Source]

Security, Compliance & Governance

How does the Hygraph MCP Server handle security and access control?

The MCP Server reuses the same models and permissions as Hygraph’s Permanent Auth Token (PAT), ensuring that AI assistants respect existing security and access control policies. All operations are subject to the same access controls configured in the project. [Source]

What are the recommended practices for secure token storage with the MCP server?

Use environment variables for token storage, avoid committing tokens to remote repositories, and set up secret management in your CI/CD pipeline. [Source]

How should token permissions be managed for different environments?

Create role-specific tokens, use read-only tokens for read-only workflows, and use separate tokens for each environment (e.g., production, staging). [Source]

How does the 'Control' functionality of the MCP Server ensure governance and compliance for AI actions?

The Control functionality enables publishing, unpublishing, and deleting content with robust governance. It features JWT-based access, leverages existing Hygraph permissions, and provides logging, observability, and auditability at scale, helping prevent accidental changes and ensuring compliance requirements are met. [Source]

What compliance certifications does Hygraph hold?

Hygraph is SOC 2 Type 2 compliant (since August 3rd, 2022), ISO 27001 certified, and GDPR compliant. These certifications demonstrate Hygraph's commitment to security and compliance. [Source]

Technical Requirements & Troubleshooting

What are the minimum Node.js requirements for MCP server clients?

For Claude Desktop, ensure your Node version is 22 or higher. For mcp-remote, Node version must be at least 20.18.1. [Source]

How do I verify that my MCP server is correctly configured?

Use client-specific commands such as claude mcp list and claude for Claude Code, or check the MCP server list/status in your IDE. You should see Hygraph listed as a configured server. [Source]

What should I do if I encounter authorization failed / 401 errors?

Test your token in the Hygraph API playground, verify permissions, check the header format, and ensure there are no extra quotes around the token. [Source]

How do I audit token usage for security?

Regularly review token usage in your Hygraph project and configure Content API permissions to ensure only authorized actions are performed. [Source]

How does the MCP server interact with Hygraph’s Content API?

The MCP server acts as a bridge, allowing AI assistants to interact with Hygraph’s Content API for reading, creating, updating, and publishing content using natural language commands. [Source]

What is the Model Context Protocol (MCP) and why is it important for AI agents?

The Model Context Protocol (MCP) is a standard that enables Large Language Models (LLMs) to dynamically discover and utilize external tools. MCP allows AI agents to understand what tools they can call at runtime, providing real-world awareness and dynamic capabilities beyond basic chat functionalities. [Source]

What benefits does the Model Context Protocol (MCP) unlock for AI agents?

MCP enables dynamic tool discovery, standardized schemas, and plug-and-play agent extensions, allowing AI agents to gain advanced capabilities without relying on brittle prompt injection or custom wrappers. [Source]

How was the AI agent and MCP server connected in the Hygraph guide, and what security tip was provided?

The AI agent and MCP server were connected using a lightweight Express app with endpoints for managing chats and triggering the AI+MCP pipeline. The guide recommends managing the full conversation server-side to prevent prompt injection attacks, ensuring message history is not exposed to the frontend. [Source]

What specific functionalities does the basic MCP client built in Hygraph's guide have?

The basic MCP client allows an AI agent to receive a user message, dynamically query an MCP server, use an external tool (e.g., weather API), and return a structured, intelligent response. It is built using TypeScript, Node.js, and a simple frontend. [Source]

How should I securely store tokens for the MCP server?

Tokens should be stored in environment variables, not committed to remote repositories, and managed via secret management in your CI/CD pipeline. [Source]

What are the key aspects of using the Hygraph MCP server, including example usage, troubleshooting, and security best practices?

You can interact with models and entries using prompts, troubleshoot common issues like authorization failures and connection errors, and follow security best practices such as secure token storage, granular token permissions, and access control configuration. [Source]

Help teams manage content creation and approval in a clear and structured way
Hygraph
Docs

#MCP server

The Hygraph MCP server connects Hygraph directly to AI assistants through the Model Context Protocol (MCP). It allows MCP-compatible tools, such as Claude, Cursor, Windsurf, or VS Code, to securely interact with your Hygraph project using natural language commands.

The Hygraph MCP server acts as a bridge between AI assistants and Hygraph’s Content API, allowing large language models (LLMs) to interact with your Hygraph project in a structured, secure, and standardized way.

#What you can do

The MCP server enables developers and platform teams to build intelligent, compliant AI integrations that feel native to Hygraph, without reinventing API logic for every project. The MCP server reuses the same model and permissions as your PAT. You can configure which models you want to be editable.

It exposes tools that handle discovery, querying, CRUD operations, and publishing. Once connected, AI assistants can read, create, update, and publish content through your existing Hygraph APIs, turning your CMS into an AI-native content platform. Currently, we do not allow delete or unpublish operations via MCP.

Once you have the MCP server up and running, you could perform the following tasks:

  • Fetch all blog posts published this week and generate a social media summary.
  • Create a new product entry with the specified details and publish it.
  • Update all draft posts tagged ‘urgent’ and change their status.
  • Check which content models exist in this project.
  • Show me the structure of the Product model.
  • List all posts with their authors.
  • Move content between environments.
  • Perform bulk updates or cleanups.
  • Generate and publish content automatically based on prompts or structured data.

#Get started

#Availability

  • The Hygraph MCP server is available for all projects and is currently in Early Access.

#Steps

To set up the MCP server, perform the following steps:

  1. Retrieve the Permanent Auth Token (PAT) from Hygraph Studio.
    • Currently, we do not support OAuth for authentication.
  2. Retrieve the MCP Server API endpoint.
  3. Configure your MCP client.

#Retrieve the Permanent Auth Token (PAT)

Hygraph MCP authenticates using a bearer token. You need to supply the Permanent Auth Token (PAT) as the bearer token. If you have not created a PAT, follow the steps here.

To retrieve the PAT, follow these steps:

  1. In your Hygraph project, go to Project Settings.
  2. Under Access, click Permanent Auth Tokens.
  3. Copy the PAT that you want to use to configure the MCP server.

#Retrieve the MCP Server API endpoint

To find the MCP Server API endpoint, follow these steps:

  1. In your Hygraph project, go to Project Settings.
  2. Under Access, select Endpoints.
  3. Under MCP Server API, copy the endpoint.
    • https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp

#Set up the MCP client

Each MCP client handles HTTP servers and authentication differently.

#Claude Code

Claude Code has native support for HTTP MCP servers with auth headers.

Method 1 (Recommended) - Use environment variables

# set your token as an env var
export HYGRAPH_TOKEN="your_token_here"


# reference it in the command
claude mcp add --transport http \
  --header "Authorization: Bearer ${HYGRAPH_TOKEN}" \
  hygraph https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp

Method 2 - Add the server with your bearer token

claude mcp add --transport http \
  --header "Authorization: Bearer YOUR_HYGRAPH_TOKEN" \
  hygraph https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp

Verification

# list configured servers
claude mcp list


# start claude and test
claude
> /mcp
# you should see hygraph listed

To define the project scope, use these arguments:

  • --scope local - only this project (default)
  • --scope user - all your projects
  • --scope global - system-wide

#Cursor IDE

  1. In Cursor, navigate to Settings.

  2. In the MCP Servers section, click Add Server or Add Custom MCP.

  3. As per your requirement, paste one of the following configuration:

    • Project-specific configuration - In .cursor/mcp.json file in your repository
    {
      "mcpServers": {
        "hygraph": {
          "command": "npx",
          "args": [
            "-y",
            "mcp-remote@latest",
            "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
            "--header",
            "Authorization: Bearer YOUR_TOKEN_HERE"
          ]
        }
      }
    }
    • Global configuration - In .cursor/mcp.json file in your repository
    {
      "mcpServers": {
        "hygraph": {
          "command": "npx",
          "args": [
            "-y",
            "mcp-remote@latest",
            "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
            "--header",
            "Authorization: Bearer ${HYGRAPH_TOKEN}"
          ],
          "env": {
            "HYGRAPH_TOKEN": "your_token_here"
          }
        }
      }
    }

#VS Code

VS Code has built-in MCP support. For more information on adding an MCP server, read the VS Code docs.

In the .vscode/mcp.json file, add the following configuration:

{
  "servers": {
    "hygraph": {
      "url": "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
      "type": "http",
      "headers": {
        "Authorization": "Bearer ${HYGRAPH_TOKEN}"
      }
    }
  },
  "inputs": [
    {
      "type": "promptString",
      "id": "HYGRAPH_TOKEN",
      "description": "Hygraph API Token",
      "password": true
    }
  ]
}

Alternatively, you can use mcp-remote:

{
  "servers": {
    "hygraph": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
        "--header",
        "Authorization: Bearer ${HYGRAPH_TOKEN}"
      ],
      "env": {
        "HYGRAPH_TOKEN": "your_token_here"
      }
    }
  }
}

#Windsurf IDE

  1. Navigate to Windsurf Settings.

  2. Scroll to Cascade → MCP Servers.

  3. Click Add Server.

  4. In the ~/.codeium/windsurf/mcp_config.json file, paste the following configuration:

    {
      "mcpServers": {
        "hygraph": {
          "command": "npx",
          "args": [
            "-y",
            "mcp-remote@latest",
            "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
            "--header",
            "Authorization: Bearer ${HYGRAPH_TOKEN}"
          ],
          "env": {
            "HYGRAPH_TOKEN": "your_token_here"
          }
        }
      }
    }

  5. Click Refresh Servers.

#Claude Desktop

  1. Edit your config file at:

    • Mac: ~/Library/Application\ Support/Claude/claude_desktop_config.json
    • Windows: %APPDATA%/Claude/config.json

    If you can't find the config file, in Claude Desktop, go to Settings > Developer, and click Edit Config. This takes you directly to the file. Open it and follow the steps below.

  2. Add the following to your config file:

    "mcpServers": {
        "hygraph": {
          "command": "npx",
          "args": [
            "mcp-remote@latest",
            "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
            "--header", "Authorization: Bearer YOUR_HYGRAPH_TOKEN"
          ]
        }
      }

  3. Quit and reopen Claude Desktop.

For more information on setting up an MCP server, see Claude documentation.

#Use MCP server tools

Once your MCP server is running, you can start interacting with models and entries in your Hygraph project.

For example, you can write the following prompts:

  • List all blog posts from Hygraph, and then create individual Markdown files for each post with front matter including slug, title, and publish date.
  • Find all posts with status DRAFT that have 'urgent' in the title, update their priority field to 'high', then publish them.
  • Generate TypeScript types for all content models in Hygraph.

#Troubleshooting

#Authorization failed / 401 error

Check if:

  • You can test the token in the Hygraph API playground.
  • The token has the required permissions for the operation.
  • The header format is correct — Authorization: Bearer YOUR_TOKEN.
  • There are no extra quotes around the token.

#Server not found in client error

For stdio clients (Cursor/Windsurf):

  • Verify npx is installed (which npx).
  • Test mcp-remote manually. 
    npx -y mcp-remote@latest YOUR_ENDPOINT --header "Authorization: Bearer TOKEN"

For Claude Code:

  • Run claude mcp get hygraph to check the config.
  • Run claude mcp logs hygraph to check logs.

For Claude Desktop:

  • If you’re using NPM to manage Node versions, make sure you uninstall any NPM versions earlier than 22.

#MCP server tools not displayed

  1. Restart your IDE or client.
  2. Check the MCP server list/status.
  3. Check server logs.
  4. Verify network access to Hygraph endpoint, and permissions associated with the Hygraph token.

#mcp-remote connection issues

The mcp-remote package is used to connect stdio-based MCP clients, such as Cursor or Windsurf to HTTP endpoints. For more information, see the official docs. If you face mcp-remote connection issues, you can:

  • Update to the latest version - npm install -g mcp-remote@latest.
  • Use the absolute path of npx in the config file. Run which npx to find the absolute path.
  • Check if node version is >=20.18.1.

#Security best practices

Token storage:

  • Use environment variables to store tokens. Do not commit tokens to a remote repository.
  • Set up secret management in CI/CD.

Token permissions:

  • Create role-specific tokens in Hygraph.

  • Use read-only tokens for read-only workflows.

  • Use separate tokens per environment. An example config for multi-environment configuration:

    {
      "mcpServers": {
        "hygraph-prod": {
          "command": "npx",
          "args": [
            "mcp-remote",
            "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
            "--header",
            "Authorization: Bearer ${HYGRAPH_PROD_TOKEN}"
          ],
          "env": {
            "HYGRAPH_PROD_TOKEN": "token_here"
          }
        },
        "hygraph-staging": {
          "command": "npx",
          "args": [
            "mcp-remote",
            "https://mcp-YOUR_PROJECT_HOSTED_REGION.hygraph.com/YOUR_PROJECT_IDENTIFIER/YOUR_ENVIRONMENT_NAME/mcp",
            "--header",
            "Authorization: Bearer ${HYGRAPH_STAGING_TOKEN}"
          ],
          "env": {
            "HYGRAPH_STAGING_TOKEN": "token_here"
          }
        }
      }
    }

Access control: