Authentication
The MCP server is:Protected resource metadata
MCP clients can discover StoreInspect’s protected-resource metadata from the MCP origin:Resource-bound tokens
Access tokens are issued for the MCP resource:Scopes and permissions
StoreInspect MCP uses narrow scopes:| Scope | Permission |
|---|---|
usage:read | Read usage and quota state. |
stores:read | Read store intelligence and taxonomy. |
contacts:search | Search contact previews. |
contacts:reveal | Reveal contact channels after confirmation. |
Revocation
Manage connected MCP clients from the StoreInspect dashboard:Contact credit controls
Thereveal_contacts tool can spend contact credits only when the tool input includes:
Logging
StoreInspect logs MCP usage for account visibility, support, abuse monitoring, and quota enforcement. Logs may include:- Request ID
- User/account ID
- OAuth client ID
- MCP tool name
- Status and error code
- Rows returned
- Credits spent
- Latency
Troubleshooting
For setup, OAuth, permission, quota, and reveal-confirmation issues, see MCP troubleshooting.Recommended usage
- Review high-impact actions before confirming them in your AI client.
- Revoke clients you no longer use.
- Ask agents to preview contacts before revealing contact channels.