Skip to main content
This page walks through enabling MCP access for your APIs and connecting your first AI agent. You’ll log into the self-service admin portal, browse your API catalog, enable operations as MCP tools, and generate subscription keys. Pre-configured common operations are ready immediately; custom operations go through automated security validation.

Step 1: Identify candidate operations

Start with read-only operations on low-sensitivity data. Operations like getAccountBalance or getTransactionHistory are good first candidates - they retrieve information without modifying state. Idempotent operations that can be safely retried (like calculateLoanEligibility) work well because AI agents might invoke them multiple times while reasoning through a problem. Operations on public data like product catalogs or interest rate tables carry less risk than customer PII. Avoid operations with irreversible consequences or high risk. DELETE operations, financial transactions like initiatePayment, and operations that modify credit limits should require human approval. Even if your backend has safeguards, AI agents can make mistakes in parameter construction or invoke operations based on misunderstood user intent. Start conservatively - expose getAccountBalance before transferFunds, validateIBAN before processPayment. Well-documented APIs translate to better AI behavior. When your OpenAPI specification includes clear descriptions for operations and parameters, Grand Central generates tool definitions that help agents understand when and how to use them. An operation described as “Retrieve customer account balance and available credit” gives agents better context than just “Get balance.” The quality of your API documentation directly impacts how effectively agents can use your tools.

Step 2: Enable tools in admin portal

Log into the Grand Central admin portal and navigate to the MCP Tools section. You’ll see your API catalog with operations tagged by data sensitivity and common use cases. Many standard banking operations (account balances, transaction history, customer profiles) are pre-configured and ready to enable immediately. Enable pre-configured tools for your use case. Browse the catalog and select operations you need - start with read-only operations on low-sensitivity data like getAccountBalance rather than write operations like deleteAccount. For each tool you enable, configure rate limits, authentication requirements, and which subscriptions have access. Changes take effect immediately. The system runs automated validation as you configure, checking that operations don’t expose high-sensitivity data without proper authorization and confirming authentication requirements match your API’s security model. For custom operations not yet in the catalog, the portal walks you through adding them. Upload or link your OpenAPI specification, select operations to expose, and the system runs automated security validation. Operations classified as low-risk (read-only, public data) enable immediately. Higher-risk operations (write access, PII exposure) get flagged for review - platform support typically approves within 1-3 business days. Automated validation checks data classification, compliance requirements, and security implications before making operations available.

Step 3: Generate subscription key

Once you’ve enabled tools, generate your subscription key directly in the admin portal. Navigate to the Subscriptions section, create a new subscription (or use an existing one), and click Generate Key. The portal displays your MCP endpoint URL (like https://your-instance.example.com/mcp) and your subscription key immediately - copy both and store them securely in environment variables or secret management systems. The portal shows which tools are accessible to each subscription key and the rate limits that apply. You can generate multiple keys for different environments (development, staging, production) and revoke them instantly if compromised.

Step 4: Connect your AI agent

Connect your AI agent to Grand Central using one of the following methods.

Claude desktop

Add Grand Central to Claude’s MCP configuration file at ~/Library/Application Support/Claude/claude_desktop_config.json: 
{
  "mcpServers": {
    "grandcentral": {
      "url": "https://your-instance.example.com/mcp",
      "headers": {
        "Ocp-Apim-Subscription-Key": "your-subscription-key-here"
      }
    }
  }
}
Restart Claude Desktop and tools appear in the MCP panel automatically. When you start a conversation, Claude calls tools/list to discover available operations, then invokes them as needed based on your requests.

Custom client (Python)

Build your own AI agent using the MCP SDK: 
from mcp import Client

# Initialize client with Grand Central endpoint
client = Client(
    url="https://your-instance.example.com/mcp",
    headers={"Ocp-Apim-Subscription-Key": "your-subscription-key"}
)

# Discover what tools are available
tools = await client.list_tools()
print(f"Found {len(tools)} tools: {[t.name for t in tools]}")

# Invoke a tool
result = await client.call_tool(
    name="getAccountBalance",
    arguments={"accountId": "ACC-123456"}
)
print(f"Balance: {result.content[0].text}")

Custom client (TypeScript)

For Node.js applications: 
import { MCPClient } from '@modelcontextprotocol/sdk';

const client = new MCPClient({
  url: 'https://your-instance.example.com/mcp',
  headers: {
    'Ocp-Apim-Subscription-Key': process.env.GC_SUBSCRIPTION_KEY
  }
});

// Discover tools
const tools = await client.listTools();
console.log(`Available tools: ${tools.map(t => t.name).join(', ')}`);

// Invoke tool
const result = await client.callTool(
  'calculateLoanEligibility',
  { 
    income: 75000,
    creditScore: 720,
    loanAmount: 250000 
  }
);

Step 5: Test your connection

Verify tool discovery works by calling the /tools/list endpoint: 
curl -X POST https://your-instance.example.com/mcp \
  -H "Content-Type: application/json" \
  -H "Ocp-Apim-Subscription-Key: your-subscription-key" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/list",
    "id": 1
  }'
You should receive a JSON-RPC response with available tools and their schemas: 
{
  "jsonrpc": "2.0",
  "result": {
    "tools": [
      {
        "name": "getAccountBalance",
        "description": "Retrieve current account balance and available credit",
        "inputSchema": {
          "type": "object",
          "properties": {
            "accountId": {
              "type": "string",
              "description": "Account identifier (e.g., ACC-123456)"
            }
          },
          "required": ["accountId"]
        }
      }
    ]
  },
  "id": 1
}
Test tool invocation with a real operation: 
curl -X POST https://your-instance.example.com/mcp \
  -H "Content-Type: application/json" \
  -H "Ocp-Apim-Subscription-Key: your-subscription-key" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "getAccountBalance",
      "arguments": {"accountId": "ACC-TEST-001"}
    },
    "id": 2
  }'

Troubleshooting common issues

401 Unauthorized means your subscription key is invalid or expired. Check for extra spaces when copying the key, verify it hasn’t been revoked in the admin portal, and confirm you’re using the header name Ocp-Apim-Subscription-Key exactly as shown. Check the portal’s Subscriptions section to see if the key is still active. 429 Too Many Requests indicates you’ve exceeded rate limits. Check your subscription tier’s quota in the admin portal under Usage and Quotas, implement exponential backoff in your client (wait longer between retries), or adjust your rate limits through the portal if legitimate usage patterns require higher throughput. Platform support can help if you need guidance on appropriate limits for your use case. Tools not appearing in Claude Desktop usually means configuration syntax errors. Verify the JSON in claude_desktop_config.json is valid (use a JSON validator), restart Claude Desktop completely, and double-check the endpoint URL and subscription key. If tools still don’t appear, test connectivity with curl to isolate whether it’s a client configuration issue or server connectivity problem.

Next steps

  • Architecture - Understand how Grand Central implements MCP protocol and integrates with backend APIs
  • Authentication - Learn about subscription keys, JWT tokens, and user-scoped operations
  • Best Practices - Patterns for building reliable, secure AI agents
  • Monitoring - Track usage, performance, and troubleshoot issues