Fload MCP Server

Connect Claude, ChatGPT, Cursor, or any MCP-compatible AI client to your Fload data with one click. No API-key gymnastics — OAuth 2.1 + PKCE, scoped permissions, revoke anytime.

What you get

37 tools spanning your entire mobile app business:

• Apps — portfolio overview, metadata, data-source status
• Reviews — fetch, filter, generate AI reply drafts, send replies
• Analytics — 30+ metrics (proceeds, downloads, subscriptions, crashes, ad spend) with dimensional breakdowns
• Anomalies — detected metric changes with severity, confidence, suggested actions
• Ads — campaign performance across Apple Search Ads, Google Ads, Meta Ads, TikTok Ads, plus experiment history and revert
• ASO — keyword tracking, recommendations, experiments, locale snapshots
• Agents — list, status, run history, pause, resume, trigger
• Pending actions — approve or reject AI-generated drafts

Ask your AI agent questions like:

"Why did iOS installs drop yesterday?" "Draft replies to my last 5 one-star reviews in my brand voice" "What's my ROAS across all ad platforms this week?" "Audit my ASO for my top-grossing app and suggest title changes"

Connect Claude Desktop

Open your Claude Desktop MCP config:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

Add:

{
  "mcpServers": {
    "fload": {
      "url": "https://api.fload.com/mcp",
      "type": "streamable-http"
    }
  }
}

Restart Claude. The first time you use a Fload tool, Claude opens a browser → you sign in to Fload, pick an organization, approve scopes, done.

Connect Cursor

Settings → MCP → Add remote server → https://api.fload.com/mcp.

Cursor handles Dynamic Client Registration automatically and walks you through the consent screen.

Connect ChatGPT (Team/Enterprise)

Admin portal → Connectors → Add custom connector → enter https://api.fload.com/mcp as the server URL. ChatGPT auto-discovers OAuth via the WWW-Authenticate header on the first request.

Scopes (16 total)

Grant only what each agent needs. You can add more scopes later by reconnecting.

Identity

Read

Write (actions on your behalf)

Security

• OAuth 2.1 + PKCE — the only supported auth flow. No static secrets shared with agents.
• Short-lived JWTs — access tokens expire in 1 hour. Refresh tokens rotate.
• Per-organization scoping — if you belong to multiple Fload organizations, you pick which one the agent can access during consent. Tokens never span organizations.
• Dynamic Client Registration — agents register themselves as public clients following RFC 7591. We issue no long-lived client secrets.
• Full revoke — cancel access anytime at platform.fload.com/settings/connected-apps. Existing JWTs expire naturally within the hour; refresh tokens are revoked immediately.

For agent authors and marketplace reviewers

Fload implements the MCP Authorization specification end-to-end.

Discovery

• https://api.fload.com/.well-known/oauth-authorization-server — RFC 8414 metadata
• https://api.fload.com/.well-known/oauth-protected-resource — RFC 9728 resource metadata
• Mirrors at https://fload.com/.well-known/oauth-* for apex-based discovery

Endpoints

First contact

An agent that doesn't yet have a token should POST to https://api.fload.com/mcp and receive a 401 response with:

WWW-Authenticate: Bearer resource_metadata="https://api.fload.com/.well-known/oauth-protected-resource"

Follow that URL, discover the authorization server, register a public client via DCR, launch the authorization code flow with PKCE (S256 required), and exchange the resulting code for a JWT access token. Include resource=https://api.fload.com/mcp in the token request to receive a JWT-shaped access token (without it we issue opaque tokens).

Legal + contact

• Privacy policy
• Terms of service
• Support: support@fload.com