Salfio
MCP

Connect from Claude Desktop

Wire Salfio into Claude Desktop (and other API-key MCP clients) with a Service or User key.

Claude Desktop, Cursor, and the MCP Inspector all authenticate to remote MCP servers with a Bearer token passed at connect time — not via OAuth. For Salfio, that token is an sk_live_… key minted from the dashboard.

If you're on Claude.ai web, use the OAuth flow instead — it's simpler and the connection is managed from the Salfio dashboard directly.

Mint a key

  1. In app.salfio.com, open Settings → API Keys.
  2. Click Create key.
  3. Pick a type:
    • User key — acts as you; sees the same data you see in the app.
    • Service key — acts as the organization; sees all org data. Best for shared MCP connectors.
  4. Give it a descriptive name (e.g. claude-desktop-macbook, cursor-laptop).
  5. Copy the sk_live_… token immediately — it's shown once and never again. Paste it into your password manager.

See Authentication for the full key policy, limits, and rotation story.

Claude Desktop

Claude Desktop reads its MCP server list from a local JSON config file. You edit the file, paste the URL + token, and restart Claude.

Where the config file lives:

OSPath
macOS~/Library/Application Support/Claude/claude_desktop_config.json
Windows%APPDATA%\Claude\claude_desktop_config.json

Add a mcpServers entry. Claude Desktop talks to remote MCP servers through the mcp-remote bridge — install it globally first:

npm install -g mcp-remote
# or
npx -y mcp-remote --version

Then edit the config:

{
  "mcpServers": {
    "salfio": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.salfio.com/sse",
        "--header",
        "Authorization:Bearer sk_live_PASTE_YOUR_KEY_HERE"
      ]
    }
  }
}

Save, fully quit Claude Desktop (menu bar → Quit, not just close the window), and re-open. In a new conversation, the Salfio tools appear under the attachments/MCP icon.

Node 18 warning: mcp-remote needs Node 20+. If Claude Desktop starts but the Salfio entry hangs, check that your system Node is 20 or newer (node --version). On macOS, installing from nodejs.org or via nvm install 20 fixes the most common hang.

Cursor

Cursor uses the same MCP config shape. Open Cursor's settings (Cmd+, → search "MCP") or edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "salfio": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.salfio.com/sse",
        "--header",
        "Authorization:Bearer sk_live_PASTE_YOUR_KEY_HERE"
      ]
    }
  }
}

Restart Cursor. The tools are available to the agent in the sidebar.

MCP Inspector (smoke test)

Use this to verify connectivity without involving an LLM:

npx @modelcontextprotocol/inspector

In the Inspector UI:

  • Transport: SSE
  • URL: https://mcp.salfio.com/sse
  • Headers: Authorization: Bearer sk_live_…

Click Connect. You should see initialize returning {serverInfo: {name: "Salfio", version: "v1.0.0"}} and tools/list returning 10 tools. tools/call list_clients should return a wrapper envelope with your organization's clients.

Revoke a key

In Settings → API Keys, click Revoke next to the key. Within the auth cache TTL (10 seconds), any MCP client using it will start failing with 401. Rotate by minting a new key first, updating the client config, then revoking the old one — there's no in-place rotation by design.

Troubleshooting

"Server disconnected" the moment Claude Desktop starts. Nine times out of ten this is a Node version mismatch. mcp-remote requires Node 20+. Check with node --version and upgrade if needed.

"The Salfio entry shows, but tools don't work and the log says 401." The key is wrong, revoked, or expired. Mint a fresh one in the dashboard and update the config.

"I'm seeing empty results everywhere." The key is minted against a different organization than the data you expect. Check Settings → API Keys to confirm which org the key belongs to. Organization is baked into the key at mint time — you can't repoint a key to a different org.

"I want a rate-limit that doesn't share with my API server." Not available by design. MCP and the Public API share a single org-level rate bucket (100 req/min). A caller can't double quota by splitting across surfaces. See Rate Limits.

Security notes

  • Treat sk_live_… keys as production secrets. A Service key grants full org-wide read and write access. Store in a secret manager; don't commit to git.
  • Keys are hashed at rest (argon2id). Server-side compromise doesn't leak the plain-text.
  • Revoke liberally. Revocation is free; rotating is cheap. Don't leave stale keys around because "it still works".

Connect from Claude.ai web

Add Salfio as a connector on claude.ai in about a minute, using OAuth — no tokens to copy.

Changelog

Significant changes to Salfio. Automation is a follow-up — this is a placeholder for now.

On this page

Mint a keyClaude DesktopCursorMCP Inspector (smoke test)Revoke a keyTroubleshootingSecurity notes