Zebflow Documentation

Sessions

MCP session management

MCP Sessions

Each MCP connection is scoped to a project and authenticated via a session token.

Getting a token

# Using cookie auth
curl -H "Cookie: zebflow_session=superadmin" \
  http://localhost:10610/api/projects/superadmin/default/mcp/session

# Response includes:
# { "session": { "token": "...", ... } }

Using the token

curl -X POST http://localhost:10610/api/projects/superadmin/default/mcp \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "pipeline_list",
      "arguments": {}
    }
  }'

Important headers

The Accept: application/json, text/event-stream header is required — without it you get a 406 error.

Session lifecycle

  • Sessions are persisted to the platform's Sekejap store
  • Sessions support optional auto_reset_seconds for automatic expiry
  • Expired sessions are lazily cleaned up on lookup