MCP Sessions
Each MCP connection is scoped to a project and authenticated via a session token.
Getting a token
# Using cookie auth
curl -H "Cookie: zebflow_session=superadmin" \
http://localhost:10610/api/projects/superadmin/default/mcp/session
# Response includes:
# { "session": { "token": "...", ... } }
Using the token
curl -X POST http://localhost:10610/api/projects/superadmin/default/mcp \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "pipeline_list",
"arguments": {}
}
}'
Important headers
The Accept: application/json, text/event-stream header is required — without it you get a 406 error.
Session lifecycle
- Sessions are persisted to the platform's Sekejap store
- Sessions support optional
auto_reset_secondsfor automatic expiry - Expired sessions are lazily cleaned up on lookup