MCP Configuration

MidLyr’s MCP server is a Streamable HTTP remote MCP server, centrally hosted and managed. There is nothing to install or run locally — point any MCP-compatible client at the endpoint:

https://mcp.midlyr.com/mcp

MidLyr implements OAuth 2.1 with Dynamic Client Registration (RFC 7591), so your MCP client provisions itself on first connect. There is no app to register and no client ID or secret to paste — sign in interactively and you’re done.

Authentication

Path	Use when	How it looks on the wire
OAuth (default)	Any MCP client that natively speaks remote MCP — most desktop, IDE, and chat clients.	Client registers itself via DCR, runs the OAuth flow on first connect, and sends Authorization: Bearer <oauth_token> afterwards. Nothing to configure beyond the URL.
Bearer API key	Headless agents, CI/CD, server-to-server, restricted-scope tokens, or any flow where interactive sign-in isn’t possible.	Generate an API key (mlyr_…) from the MidLyr dashboard and send it as Authorization: Bearer mlyr_….

A single header — Authorization: Bearer … — carries either token type, so client configurations don’t need to switch shape based on auth mode.

Treat API keys like passwords: store them in a secret manager or shell environment, never in committed config files.

Supported Clients

Client	Setup style	Config location
ChatGPT	Native UI	Custom apps / connectors
Claude (Web, Desktop)	Native UI	Settings → Connectors
Claude Code	CLI command	claude mcp add
Cursor	Config file	~/.cursor/mcp.json or .cursor/mcp.json
VS Code	Config file	.vscode/mcp.json
Codex	Prompt + CLI auth	Codex-managed MCP config
Zed	Config file	~/.config/zed/settings.json
Windsurf	Config file	~/.codeium/windsurf/mcp_config.json
Anything else	Config file	Client-specific

Pick your client below for copy-paste configuration. Examples default to OAuth (just the URL); each tab shows the Bearer variant if you need a programmatic flow. Clients that don’t natively speak remote MCP use the mcp-remote bridge under the hood — you’ll see it in the relevant tabs.

ChatGPT

These steps use ChatGPT on the web (chatgpt.com). The desktop app does not yet expose the Create app flow.

1. Click your avatar → Settings → Apps.

2. Under Advanced settings, click Create app.

3. In the New App dialog:

   • Name: MidLyr (or anything you like)
   • MCP Server URL: https://mcp.midlyr.com/mcp
   • Authentication: leave as OAuth
   • Check I understand and want to continue

4. Open Advanced OAuth settings. Confirm Dynamic Client Registration (DCR) is selected, then make these two changes:

   1. Under Scopes → Default scopes, uncheck openid. Leave profile and email checked.
   2. Under OpenID support, uncheck OIDC enabled.

   Both steps are required

   ChatGPT’s DCR flow registers OAuth clients without the openid scope, then asks for openid at sign-in time anyway, so authorization fails with “There was a problem connecting…”. Removing openid from Default scopes stops the request; turning OIDC enabled off stops ChatGPT from re-introducing it via the OIDC flow. You need both — turning off only one leaves the bug in place. Track the OpenAI bug thread for resolution.

5. Click Create, then open the new app from your Drafts and click Connect. Sign in to MidLyr in the popup.

If Connect fails with “There was a problem connecting…”, both openid and OIDC enabled must be off. Re-check both, delete the draft, and create the app again — the OAuth client re-registers from scratch.

Claude

In Claude Web (Team, Enterprise) or Claude Desktop (Free, Pro), open Settings → Connectors and add MidLyr as a custom connector with this URL:

https://mcp.midlyr.com/mcp

Claude handles OAuth interactively on first use.

Claude Code

Register MidLyr as a remote HTTP MCP server, then run /mcp inside any Claude Code session to authenticate and manage the connection:

claude mcp add --transport http midlyr https://mcp.midlyr.com/mcp

Cursor

Add a server entry to ~/.cursor/mcp.json (global) or .cursor/mcp.json (project). Cursor runs the OAuth flow on first connect — no header configuration needed:

{
  "mcpServers": {
    "midlyr": {
      "url": "https://mcp.midlyr.com/mcp"
    }
  }
}

For headless or CI setups, add a Bearer header carrying an API key:

{
  "mcpServers": {
    "midlyr": {
      "url": "https://mcp.midlyr.com/mcp",
      "headers": {
        "Authorization": "Bearer ${env:MIDLYR_API_KEY}"
      }
    }
  }
}

VS Code

Add a server entry to .vscode/mcp.json (project) or your user-level MCP configuration. VS Code’s modern MCP support handles OAuth automatically:

{
  "servers": {
    "midlyr": {
      "type": "http",
      "url": "https://mcp.midlyr.com/mcp"
    }
  }
}

For Bearer auth, prompt for the API key so the raw value never lands on disk:

{
  "inputs": [
    {
      "type": "promptString",
      "id": "midlyr-api-key",
      "description": "MidLyr API key",
      "password": true
    }
  ],
  "servers": {
    "midlyr": {
      "type": "http",
      "url": "https://mcp.midlyr.com/mcp",
      "headers": {
        "Authorization": "Bearer ${input:midlyr-api-key}"
      }
    }
  }
}

Codex

Start in Codex with a prompt instead of hand-editing configuration:

Install the MCP server named MidLyr at https://mcp.midlyr.com/mcp

Codex will add the remote MCP server to its shared MCP configuration. Then authenticate from your terminal:

codex mcp login midlyr

If you prefer the CLI-only path, add the server first and then run the same login command:

codex mcp add midlyr --url https://mcp.midlyr.com/mcp
codex mcp login midlyr

Zed

Zed speaks stdio MCP, so the config spawns the mcp-remote bridge to handle the HTTP transport and OAuth flow. Add this to ~/.config/zed/settings.json under context_servers:

{
  "context_servers": {
    "midlyr": {
      "command": {
        "path": "npx",
        "args": ["-y", "mcp-remote", "https://mcp.midlyr.com/mcp"]
      }
    }
  }
}

The OAuth flow opens in your browser on first connect and caches the token under ~/.mcp-auth. For Bearer API key auth, append a header argument:

{
  "context_servers": {
    "midlyr": {
      "command": {
        "path": "npx",
        "args": [
          "-y",
          "mcp-remote",
          "https://mcp.midlyr.com/mcp",
          "--header",
          "Authorization: Bearer ${MIDLYR_API_KEY}"
        ]
      }
    }
  }
}

Windsurf

Windsurf speaks stdio MCP, so the config spawns the mcp-remote bridge. Add this to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "midlyr": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.midlyr.com/mcp"]
    }
  }
}

For Bearer API key auth, append a header argument:

{
  "mcpServers": {
    "midlyr": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.midlyr.com/mcp",
        "--header",
        "Authorization: Bearer ${MIDLYR_API_KEY}"
      ]
    }
  }
}

Generic JSON

If your client speaks remote MCP natively, point it at the URL and let OAuth/DCR handle auth:

{
  "mcpServers": {
    "midlyr": {
      "url": "https://mcp.midlyr.com/mcp"
    }
  }
}

For programmatic auth, add a Bearer header:

{
  "mcpServers": {
    "midlyr": {
      "url": "https://mcp.midlyr.com/mcp",
      "headers": {
        "Authorization": "Bearer ${MIDLYR_API_KEY}"
      }
    }
  }
}

If your client only speaks stdio MCP, use the mcp-remote bridge instead:

{
  "mcpServers": {
    "midlyr": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.midlyr.com/mcp"]
    }
  }
}

Some clients use a different top-level wrapper or config-file path. Keep the MidLyr server entry intact and adapt only the surrounding scaffolding.

Verify the Connection

Ask your MCP client to list available MidLyr tools. A working connection exposes:

Tool	Purpose
browseRegulatoryLibrary	Search the regulatory library.
queryRegulations	Pull the passages most relevant to a natural-language question.
readRegulatoryDocument	Inspect document metadata and structure.
readRegulatoryContent	Pull source text by byte range.
complianceScreening	Run a compliance screening, waiting inline for the result by default.
getJob	Poll a screening job for results.
listJobs	List recent screening jobs for the current team.

If any are missing, double-check the endpoint URL and that auth completed successfully — most clients log the OAuth handshake or the response status of the first request.

FAQ

Question	Answer
Do I need to register an OAuth app?	No. MidLyr implements OAuth 2.1 Dynamic Client Registration (RFC 7591), so any compliant MCP client provisions itself on first connect.
Does the server support Streamable HTTP?	Yes — https://mcp.midlyr.com/mcp is the Streamable HTTP endpoint. It’s the only transport you need.
Can I authenticate with an API key instead of OAuth?	Yes. Send Authorization: Bearer mlyr_... with any request. Use this for headless agents, CI/CD, or restricted-scope integrations.
Where do I get an API key?	Generate one from the MidLyr dashboard. See Authentication for details.
How do I clear stale OAuth credentials?	For clients that use mcp-remote, delete the cached token directory: rm -rf ~/.mcp-auth. Native MCP clients usually have a “disconnect” or “reset” option in their connector UI.
My client doesn’t speak remote MCP — what now?	Use the mcp-remote bridge — see the Zed, Windsurf, or Generic JSON tabs for the stdio config shape. It works for any stdio-only MCP runtime and handles OAuth on your behalf.