> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flowyte.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List a connected MCP endpoint's tools

> For an MCP-backed connector like Zapier, lists the tools equipped on your connected MCP endpoint — each tool's name, description, input schema, and any annotations. This is the discovery step for authoring an `mcp` skill: pick a tool, then freeze it into a skill. The call is SSRF-guarded and domain-allow-listed. Returns 409 if the connector isn't connected, 400 if the provider isn't MCP-backed, or 502 if the MCP endpoint is unavailable.



## OpenAPI

````yaml /openapi.yaml get /integrations/{kind}/tools
openapi: 3.1.0
info:
  title: Flowyte V2 Control-Plane REST API
  version: 1.0.0
  description: >-
    The single REST API for the Flowyte platform (base path `/api/v1`).
    Authenticate every request with a secret API key — `Authorization: Bearer
    flowyte_sk_…` — and each operation lists the scope the key must hold.
    Successful responses use the `ApiResponse<T>` envelope; list responses use
    cursor-based `PaginatedResponse<T>`. Errors are RFC 9457 problem+json.
    Streaming endpoints return Server-Sent Events
    (`event:<type>\ndata:<json>\n\n`, terminating with `event: done`).
  contact:
    name: Flowyte Platform
  license:
    name: Proprietary
servers:
  - url: /api/v1
    description: Flowyte control-plane (versioned URI; additive in v1).
security:
  - apiKey: []
tags:
  - name: Agents
    description: The single user-facing entity.
  - name: Support
    description: In-app "Get help" form → support inbox email.
  - name: Skills
    description: >
      Agent capabilities / tools. A skill is ONE atomic action — typically a
      single API call the agent makes in one step (look up an order, create a
      record, send a message, transfer the call). Use a skill when the task is a
      single step. When a task needs several details gathered across turns
      BEFORE acting, build a Playbook (which gathers the inputs and then calls
      skills) — see the Playbooks tag.
  - name: Integrations
    description: Native OAuth integrations.
  - name: Knowledge
    description: RAG knowledge sources & preview.
  - name: Playbooks
    description: >
      Multi-turn conversation scripts — a node graph (gather → confirm → branch)
      the agent follows to collect several inputs IN ORDER across turns before
      acting. Build a playbook when a single skill call isn't enough because the
      agent must gather MANY details first, or run a SEQUENCE of skills, before
      it can finish (e.g. take a full service request: gather the problem,
      address, and time, confirm, THEN file it; qualify a lead; a multi-step
      intake). A playbook does NOT call an integration itself — it owns the
      conversation and holds the state across turns; the actual action is
      performed by the SKILL(s) it gathers the inputs for. So a playbook
      ORCHESTRATES skills. Rule of thumb — one API call → a Skill; "gather N
      things in order, then submit" → a Playbook that drives the conversation
      and calls the skill(s) at the end.
  - name: Variables
    description: >
      The agent-wide interaction-variable registry (B.4b) — DERIVED at read time
      from the agent's playbooks and skills (collect slots, skill output
      bindings, {var} placeholders) and merged with a thin annotation overlay
      (notes, declared type hints, manual declarations). Read-only observation,
      NEVER a gate: it never validates a reference and never affects authoring,
      publish, or runtime behaviour.
  - name: Guardrails
    description: Deterministic guardrail policies & caller verification.
  - name: Numbers
    description: Phone numbers / DIDs.
  - name: Test
    description: Test, simulate, talk-token, probe.
  - name: Observe
    description: Post-call analytics, conversations, receipts, transcripts.
  - name: Billing
    description: Plans, wallet, usage, fixed phrases.
  - name: Voices
    description: Voice catalog.
  - name: Webhooks
    description: Webhook endpoints & deliveries.
  - name: Records
    description: >
      Caller Context Store — pre-synced external records the agent greets a
      caller from, plus the learned object-type field registry. Fed by the
      Zapier app's Create/Update Record action and directly by this REST API;
      read at call time by the context_lookup skill (a sub-100ms local lookup,
      no Zapier round-trip).
  - name: AuditLogs
    description: API/key activity logs.
  - name: Chat
    description: Chat channel — sessions, messages, OpenAI-compatible, widget.
  - name: PublishableKeys
    description: Browser-safe, one-agent publishable keys.
  - name: Widget
    description: Embed widget config + snippet.
  - name: Uploads
    description: Multipart file uploads backing file_id params
  - name: Meta
    description: Platform metadata (language/SKU/tier capabilities).
paths:
  /integrations/{kind}/tools:
    parameters:
      - $ref: '#/components/parameters/IntegrationKindPath'
    get:
      tags:
        - Integrations
      summary: List a connected MCP endpoint's tools
      description: >-
        For an MCP-backed connector like Zapier, lists the tools equipped on
        your connected MCP endpoint — each tool's name, description, input
        schema, and any annotations. This is the discovery step for authoring an
        `mcp` skill: pick a tool, then freeze it into a skill. The call is
        SSRF-guarded and domain-allow-listed. Returns 409 if the connector isn't
        connected, 400 if the provider isn't MCP-backed, or 502 if the MCP
        endpoint is unavailable.
      operationId: listIntegrationMcpTools
      responses:
        '200':
          description: The equipped MCP tools plus the connected server's classified mode.
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    $ref: '#/components/schemas/IntegrationMcpToolList'
        '400':
          $ref: '#/components/responses/ValidationError'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - apiKey:
            - integrations:read
components:
  parameters:
    IntegrationKindPath:
      name: kind
      in: path
      required: true
      schema:
        $ref: '#/components/schemas/IntegrationKind'
  schemas:
    IntegrationMcpToolList:
      type: object
      required:
        - tools
        - serverMode
      properties:
        tools:
          type: array
          items:
            $ref: '#/components/schemas/IntegrationMcpTool'
        serverMode:
          type: string
          enum:
            - classic
            - agentic
          description: >-
            classic = one concrete typed tool per enabled action (cleanly
            pinnable); agentic = a dynamic-discovery server exposing generic
            executor meta-tools Flowyte can't pin into a skill yet.
        needsEnable:
          type: boolean
          description: >-
            AGENTIC-ONLY: true when the connected server has NO enabled actions
            yet, so the picker shows the discover→enable affordance instead of
            an empty dead-end. Absent on a classic response.
    IntegrationKind:
      type: string
      enum:
        - google_calendar
        - google_sheets
        - calendly
        - hubspot
        - square
        - opentable
        - shopify
        - postgres
        - mysql
        - zapier
    IntegrationMcpTool:
      type: object
      properties:
        name:
          type: string
          description: >-
            The MCP tool name (stamped into execution_config.tool_name at
            freeze).
        description:
          type: string
          description: >-
            What the tool does — surfaced to the operator when picking a tool to
            freeze.
        inputSchema:
          type: object
          description: >-
            The tool's raw JSON Schema for its arguments (passed through
            untouched).
        annotations:
          type: object
          nullable: true
          description: >-
            Optional MCP tool annotations (e.g. title, readOnlyHint,
            destructiveHint) when the server provides them.
        selectedApi:
          type: string
          description: >-
            AGENTIC-ONLY: the app's internal resolve handle (never shown to
            users) — pass it back to resolve/freeze.
        action:
          type: string
          description: 'AGENTIC-ONLY: the action `key` — pass it back to resolve/freeze.'
        executor:
          type: string
          enum:
            - read
            - write
          description: >-
            AGENTIC-ONLY: the fail-closed read/write hint (anything not proven a
            read → write).
        needsParentPin:
          type: array
          items:
            type: string
          description: >-
            AGENTIC-ONLY: dynamic-enum fields whose parents aren't pinned yet
            (populated by the resolve endpoint; empty in the shallow /tools
            projection).
      required:
        - name
    ProblemDetails:
      description: RFC 9457 problem+json.
      type: object
      properties:
        type:
          type: string
          format: uri
          default: about:blank
        title:
          type: string
        status:
          type: integer
        detail:
          type: string
        instance:
          type: string
        code:
          type: string
        errors:
          type: array
          items:
            type: object
            properties:
              field:
                type: string
              message:
                type: string
    ApiResponse_Void:
      allOf:
        - $ref: '#/components/schemas/ApiResponseBase'
        - type: object
          properties:
            data:
              type:
                - object
                - 'null'
    ApiResponseBase:
      type: object
      required:
        - success
      properties:
        success:
          type: boolean
        message:
          type: string
        errors:
          type: array
          items:
            type: object
            required:
              - field
              - message
            properties:
              field:
                type: string
              message:
                type: string
  responses:
    ValidationError:
      description: Validation failure (errors[] populated on the envelope).
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ProblemDetails'
        application/json:
          schema:
            $ref: '#/components/schemas/ApiResponse_Void'
    NotFound:
      description: Resource not found in org scope.
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ProblemDetails'
  securitySchemes:
    apiKey:
      type: oauth2
      description: >
        Flowyte secret API key (`Authorization: Bearer flowyte_sk_live_…`).
        Scope-gated; is scoped to your organization — a key can never reach
        another tenant. The listed scopes in each operation's `apiKey`
        requirement are the scopes that key must hold. The `tokenUrl` is
        nominal: keys are minted in the dashboard.
      flows:
        clientCredentials:
          tokenUrl: /api/v1/api-keys
          scopes:
            agents:read: Read agents.
            agents:write: Create/update/delete agents, publish, rollback.
            knowledge:read: Read knowledge sources & preview.
            knowledge:write: Add/remove knowledge sources, uploads.
            skills:read: Read skills & skill-types.
            skills:write: Create/update/delete skills.
            playbooks:read: Read playbooks & graphs.
            playbooks:write: Create/update/delete playbooks & graphs.
            guardrails:read: Read guardrail policies & caller-verification.
            guardrails:write: Update guardrail policies & caller-verification.
            numbers:read: Read phone numbers / search availability.
            numbers:write: Purchase / assign / release numbers.
            sms:read: Read the org's SMS (10DLC) registration status and numbers.
            sms:write: Save/submit the 10DLC registration and toggle numbers for SMS.
            outbound:read: Read outbound contact lists and campaigns.
            outbound:write: >-
              Create/import contact lists, create/launch/pause/resume/cancel
              outbound campaigns, and enqueue single outbound calls.
            integrations:read: Read connected native integrations (status only — never tokens).
            integrations:write: Discover schemas, set data scoping, and disconnect a connection.
            integrations:connect: >-
              Connect a data source (submit credentials / begin OAuth) — a
              SEPARATE, higher-privilege scope because connecting INGESTS
              credentials and opens a new egress path; a discover/scope/author
              key need not carry it.
            records:read: >-
              Read the pre-synced Caller Context Store records and object-type
              field registry.
            records:write: >-
              Upsert / delete / bulk-import / purge caller-context records and
              edit type metadata.
            calls:read: Read conversations, receipts, transcripts, analytics.
            analytics:read: >-
              Read the Observe history list, per-agent analytics (the
              answer-rate summary), and the raw knowledge-gap list.
            analytics:write: >-
              Curate knowledge gaps (dismiss / mark in-progress). [M4 —
              reserved]
            billing:read: Read plans, wallet, usage.
            audit:read: Read API/key activity logs.
            webhooks:write: Manage webhook endpoints.
            keys:write: Manage secret API keys.
            chat:read: Read chat sessions & messages.
            chat:write: Create chat sessions & send messages (server-side).
            widgets:read: Read widget config & embed snippet.
            widgets:write: Update widget config.
            pubkeys:read: Read publishable keys.
            pubkeys:write: Manage publishable keys.

````