References

Technical reference for Kick MCP endpoints, credentials, workspace selection, tool discovery, and common tool examples.

Use this page when you need exact MCP connection values or want to confirm how Kick MCP chooses credentials, workspaces, and available tools. For step-by-step setup, see Connect custom AI tools.

Hosted MCP endpoint

Remote MCP clients connect to:

https://use.kick.co/mcp

OAuth-capable clients can discover Kick's protected resource metadata at:

https://use.kick.co/.well-known/oauth-protected-resource

Kick MCP has two kinds of tools:

Read-only tools look up data and run reports without making any changes.
Write tools make changes you approve, like creating a transaction or posting a journal entry.

If your AI client uses OAuth, it requests these as the mcp:read and mcp:write scopes.

PAT bearer header

For PAT-based clients, send the token as a bearer header:

Authorization: Bearer kick_pat_...

Keep PATs out of prompts, source control, and shared docs. Revoke any token you suspect has been exposed.

Local stdio command

Local MCP clients can run the Kick CLI:

{
    "command": "kick",
    "args": ["mcp", "serve"]
}

To bind the local MCP session to a workspace, include the global workspace flag before mcp serve:

kick --workspace <workspace-id> mcp serve

If kick is not on your PATH, replace kick with the absolute path to your installed or built Kick binary.

Credential lookup order

The local MCP server resolves credentials the same way as the CLI:

--token <value>
KICK_PAT
KICK_API_TOKEN
OS keychain from kick login
~/.config/kick/credentials

KICK_API_TOKEN is the older environment variable name. Prefer KICK_PAT.

Workspace selection

Workspace-scoped MCP tools can receive workspaceId in tool arguments.

If local kick mcp serve does not receive workspaceId from the client, it falls back to:

--workspace <id>
The active profile's defaultWorkspaceId

For remote PAT sessions, workspace-bound PATs inject their bound workspace by default. User-scoped PATs and OAuth tokens should pass workspaceId.

Find available tools

Use the tool list shown by your AI client as the current source of truth. Available Kick tools can vary by token scope, workspace permissions, enabled features, and client cache state.

Common ways to inspect tools:

Open the client's MCP, tools, or connector panel and look for the Kick server.
Use a client command such as /mcp list, MCP: List Servers, or the equivalent command in your client.
Ask a safe read-only prompt:

List the Kick tools you can use. Identify which ones are read-only, then confirm the active workspace before looking up any client data.

If a tool was recently added or renamed, restart or reconnect the MCP client so it reloads the tool list.

Common tool examples

These examples are not a complete list. Use your MCP client's tool list for the up-to-date names available to your credential.

workspaces_list - list workspaces the credential can access.
workspaces_get - inspect a specific workspace.
transactions_find - search transactions with filters.
transactions_get - inspect a specific transaction.
reports_profit_loss_get - pull a profit and loss report.
reports_balance_sheet_get - pull a balance sheet.
reports_trial_balance_get - pull a trial balance.
activity_list - list recent activity.

Kick MCP tools use portable names, usually lower snake case. The available list can vary by token scope, workspace permissions, and feature flags.

Safety reminders

Use read-only access for lookup and reporting.
Use write access only when the workflow needs it.
Confirm workspace and entity IDs before using an assistant on client data.
Treat assistant output as a draft until an accountant reviews it.

For setup examples, see Connect custom AI tools. For more safety detail, see Permissions and Security.

PreviousTool Reference NextAdvanced Setup

Last updated 19 days ago

Was this helpful?