Slash raises $100M Series C at a $1.4B valuation

Learn more

How to Connect to Slash with Model Context Protocol (MCP)

Last updated May 19, 2026

Overview

Model Context Protocol (MCP) is an open standard that lets AI assistants connect to external services and use their data and actions as tools.

Slash runs a hosted MCP server at https://mcp.slash.com that exposes the Slash Public API to any MCP-compatible client — like Claude Desktop, Cursor, or your own agent. Once connected, the AI can read your balances, list transactions, issue cards, and call any other endpoint your API key has access to.

This guide walks you through generating an API key, connecting from popular clients, and verifying the connection works.

Before You Begin

To connect to Slash via MCP, you will need:

  • A Slash account with API access enabled.
  • A Slash API key with the scopes you want your AI client to use. IMPORTANT: Do not share your Slash API key with anyone you do not trust. Treat this key like a password.
  • An MCP-compatible client. The most common are Claude Desktop, Cursor, Windsurf, or other clients that support the Streamable HTTP transport.

How to Connect to Slash Using MCP

Step 1: Generate a Slash API Key

  1. Log in to your Slash dashboard at https://app.slash.com.
  2. Open SettingsAPI Keys.
  3. Click Create API key, give it a descriptive name (for example, "Claude Desktop" or "Cursor"), and select the scopes you want this key to grant.
  4. Copy the key value immediately and store it in a secure place — you will not be able to view it again after closing the dialog.

For best security, create a separate API key per AI client. That way you can revoke access for one client without affecting the others.

Step 2: Connect Your AI Client

The Slash MCP server speaks the standard MCP Streamable HTTP transport. Server URL: https://mcp.slash.com. Authentication: pass your API key in the X-API-Key header, or as the ?apiKey=... query parameter if your client only supports URL-based config.

Claude Desktop

Claude Desktop supports remote MCP servers through its Connectors settings.

  1. Open Claude Desktop and go to SettingsConnectors.
  2. Click Add custom connector.
  3. Enter a name (for example, Slash) and the server URL https://mcp.slash.com.
  4. When prompted for authentication, choose the option to add a custom HTTP header. Add X-API-Key as the header name and paste your Slash API key as the value.
  5. Save the connector. Claude will negotiate with the server and the three Slash tools (list_endpoints, get_endpoint_schema, call_api_endpoint) will appear in your tool list.

Cursor

Cursor reads MCP servers from a JSON config file. Open SettingsMCPAdd new MCP server, or edit ~/.cursor/mcp.json directly and add an entry like:

{ "mcpServers": { "slash": { "url": "https://mcp.slash.com", "headers": { "X-API-Key": "YOUR_SLASH_API_KEY" } } } }

Save the file and reload Cursor. The Slash tools will be available to the agent in any chat or composer session.

Other MCP Clients

Any client that supports remote MCP servers over Streamable HTTP can connect using the same URL and header. The minimum configuration is:

  • Transport: Streamable HTTP (MCP protocol version 2024-11-05 or newer).
  • Endpoint: https://mcp.slash.com
  • Authentication header: X-API-Key: <your Slash API key>

If your client cannot send custom headers, you can authenticate with a query parameter instead: https://mcp.slash.com/?apiKey=YOUR_SLASH_API_KEY. Header-based auth is preferred when supported, since it keeps the secret out of URLs and logs.

Step 3: Verify the Connection

Once your client is connected, ask it something simple to confirm the integration is working. For example:

  • "List my Slash accounts and current balances."
  • "Show me my last 10 card transactions."
  • "What endpoints are available on the Slash API?"

Behind the scenes, the AI will call list_endpoints to discover what is available, get_endpoint_schema to learn how to call the right endpoint, and call_api_endpoint to actually fetch the data.

What You Can Do With the Slash MCP Server

The MCP server is a thin wrapper over the Slash Public API. It exposes three generic tools that, between them, let an AI client interact with every endpoint:

  • list_endpoints — discover every available Slash API endpoint.
  • get_endpoint_schema — inspect parameters, request body, and response schema for a specific endpoint.
  • call_api_endpoint — actually call an endpoint (GET, POST, PUT, PATCH, or DELETE).

Because every action runs through the Slash Public API, your AI client inherits the exact same permissions as the API key it authenticates with — nothing more, nothing less.

Security and Permissions

The MCP server enforces the same permission model as the Slash Public API. Any tool call from an AI client is scoped to whatever the API key can do — it cannot escalate beyond that.

  • Use a dedicated key per client. This makes it easy to revoke access for a single AI tool without affecting others.
  • Limit scopes. If your AI assistant only needs read access (for example, to summarize spending), generate a read-only key.
  • Rotate regularly. Treat MCP API keys like any other production credential and rotate them on a schedule.
  • Confirm sensitive actions. When using AI to issue cards, send transfers, or change account settings, configure your client to ask for confirmation before tool calls that modify data.

Troubleshooting

The client cannot connect or returns 401 Unauthorized

Confirm your API key is being sent. The server response API key required. Pass via ?apiKey= query parameter or X-API-Key header. indicates the request reached Slash but did not include credentials. Check that your client is configured with the X-API-Key header (some clients need the header added explicitly even when an "auth" field is filled in).

The client connects but no tools appear

Most often the client is using an older MCP transport. The Slash MCP server requires the Streamable HTTP transport (protocol version 2024-11-05 or newer). If you see a Not Acceptable error in client logs, your client must accept both application/json and text/event-stream; upgrading the client typically resolves this.

A specific tool call returns an API error

Errors from individual API calls (for example, missing required body fields, invalid IDs, or permission errors) come through as standard Slash Public API error responses. The full error message and identifier are passed back to the AI client so it can correct and retry. If you keep seeing the same error, inspect the request your AI is sending against the schema returned by get_endpoint_schema.

Need More Help?

For the full Slash Public API reference, see https://api.slash.com/openapi. For help configuring MCP, troubleshooting connections, or reporting an issue, contact Slash support by using the in-app chat in your dashboard.

Can’t find what you’re looking for?

Our support team is available 24/7 to help you with any questions.

Contact SupportTalk to Sales

Read more from API

Slash API: Receiving Real-Time Webhook NotificationsSlash API: Move Funds Between AccountsSlash API: Retrieve Balances and Transaction DataSlash API: Issue and Control CardsSlash API: Create and Manage Virtual Accounts
View all API articles