Skip to Content
ReferenceMCP Server

MCP Server

Vitae.ai runs a hosted Model Context Protocol  (MCP) server so you can use Vitae directly from an AI client such as Claude Code or ChatGPT. Once connected, the client can search candidates, manage jobs and clients, drive the ATS pipeline, run sourcing searches, trigger workflows, and talk to the Ask Vitae agent on your behalf, using your own Vitae permissions.

Endpoint: https://mcp.vitae.ai/mcp

Transport: Streamable HTTP.

Visit https://mcp.vitae.ai in a browser for a short connect page with client-specific Claude Code and ChatGPT tabs plus the personal-access-token fallback.

Connect Claude Code

Claude Code connects remote HTTP MCP servers from the terminal, then completes OAuth inside Claude Code:

  1. Run claude mcp add --transport http vitae --scope user https://mcp.vitae.ai/mcp.
  2. Start Claude Code and run /mcp.
  3. Choose vitae, then complete the Vitae OAuth flow in your browser.
  4. Verify with claude mcp list or reopen /mcp.

Connect ChatGPT

ChatGPT connects the same endpoint as a custom connector:

  1. Open ChatGPT settings, go to Apps & Connectors, open Advanced settings, and enable developer mode if your workspace allows it.
  2. Go to Settings > Connectors > Create.
  3. Use Vitae as the connector name and paste https://mcp.vitae.ai/mcp as the connector URL.
  4. After ChatGPT lists the tools, open a new chat, click the plus button, choose More, and add the Vitae connector to the conversation.

Behind the scenes the client runs standard MCP discovery: it reads the protected resource metadata at https://mcp.vitae.ai/.well-known/oauth-protected-resource, follows it to the Vitae authorization server, registers itself, and runs an OAuth 2.1 authorization code flow with PKCE. The token it receives is a long lived Vitae credential scoped to vitae:mcp.

Connect with a personal access token

For clients without OAuth support, generate a personal access token and paste it as the bearer credential:

  1. Open MCP access tokens in your Vitae settings at https://app.vitae.ai/settings/personal/mcp-access-tokens.
  2. Generate a token and copy it once. It starts with vmcp_ and is shown only at creation time.
  3. In your client, set the MCP endpoint and send the token in the Authorization header.
Authorization: Bearer vmcp_<prefix>_<secret>

Tokens are stored as a hash only: Vitae never keeps the plaintext, so a lost token must be revoked and replaced rather than recovered. Revoke a token from the same settings page at any time; revocation takes effect immediately.

What the agent can do

The server exposes Vitae as a set of MCP tools. Each call runs with your account’s permissions and organization scope. Capabilities include:

  • Ask Vitae agent: start and list conversation threads, ask the agent questions, pin and archive threads.
  • Candidates: search, create, update, and delete candidates; manage candidate pools; read resumes and best matches.
  • Jobs: draft, list, update, and archive jobs.
  • Clients: create, list, update, and churn clients; view the client portfolio.
  • ATS pipeline: read the pipeline board, move applicants individually or in bulk, and summarize pipeline state.
  • Sourcing and search: start sourcing searches, review search history and results, and inspect search details.
  • Workflows: draft, list, run, and trigger workflows, and resolve approvals.
  • Reporting: read dashboards, list adaptive surface blocks, and export reports.

Authentication model

OAuth and personal-token connections both produce an opaque vmcp_ token scoped to vitae:mcp. The MCP server forwards your token to the Vitae API on each tool call, so every action is authorized exactly as if you performed it in the app. See Authentication for the broader token model and Public Developer API for server to server API keys, which are a separate credential type.

Security

  • Always use the HTTPS endpoint.
  • Treat a personal access token like a password. Do not commit it or paste it into shared logs.
  • Revoke tokens you no longer use, and revoke immediately if a token may have leaked.
  • OAuth connected clients can be disconnected from the client side; revoke the underlying token in Vitae settings if you want to be certain access is cut.

Troubleshooting

  • Client cannot discover the server: confirm the URL is exactly https://mcp.vitae.ai/mcp and that your client supports the Streamable HTTP transport.
  • Unauthorized errors: confirm the token is sent in the Authorization header as Bearer <token>, that it has not been revoked, and that your Vitae user has access to the feature you are calling.
  • OAuth consent loop: clear the connector in your client and re-add it so it re-runs discovery from a clean state.
Last updated on
AuthenticationREST Conventions