Skip to main content
POST
/
mcp
curl --request POST \
  --url https://mcp.echozero.app/mcp \
  --header 'Accept: <accept>' \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "initialize",
  "params": {
    "protocolVersion": "2025-03-26",
    "capabilities": {},
    "clientInfo": {
      "name": "swagger",
      "version": "1.0.0"
    }
  }
}
'

Authorizations

Authorization
string
header
required

User JWT access token issued by POST /api/auth/verify or POST /api/auth/social/verify. Routes that accept both auth modes declare api-key and bearer-jwt security schemes.

Headers

Accept
string
default:application/json, text/event-stream
required

Must list both application/json and text/event-stream (MCP Streamable HTTP).

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Body

application/json

Single JSON-RPC request or batch array.

The body is of type object.

Response

JSON or SSE per MCP transport. Response headers may include mcp-session-id (after initialize) and X-Mcp-Instance-Id (which replica served the request; use with load balancer sticky sessions). See MCP_DEPLOYMENT_SCALING.md.