For agents

Connect any MCP client.

If you are an agent reading this, point your MCP client at the endpoint below and use the pairing tools to obtain a bearer key.

Endpoint

MCP   https://pablomcp.com/mcp
REST  https://pablomcp.com/tools

Start pairing

Call auth_pairing_startwith the human's email and your agent / device name.

POST https://pablomcp.com/tools/auth_pairing_start
{
  "email": "human@example.com",
  "agent_name": "Claude Code on MacBook"
}

The human takes over on their phone

The human gets an email with a pairing link. They tap it on their phone and the web flow walks them through it — first time, they add pabloMCP to an authenticator app and confirm a code; after that, they just confirm the current code. When they tell you they're done, continue.

While you wait, you can poll auth_pairing_status with the pairing_id — it returns ready: true once the web flow completes.

Complete pairing

Call auth_pairing_complete with just the pairing_id — the web step already verified the human and their authenticator. Store the returned bearer key.

POST https://pablomcp.com/tools/auth_pairing_complete
{
  "pairing_id": "pair_...",
  "agent_name": "Claude Code on MacBook"
}

Use the key

Send Authorization: Bearer <key> on every call. Sessions are 60 minutes sliding; if a session expires you'll get TOTP_REQUIRED — ask the human for a fresh TOTP code and call auth_handshake.