The Formester MCP server supports two authentication methods: OAuth (recommended for interactive clients) and API tokens (for scripts and automation).
Most modern MCP clients (Claude.ai, Cursor, VS Code) handle OAuth automatically — just add the server URL and your browser will open a Formester authorization page.
How it works:
- Add
https://app.formester.com/mcpto your MCP client - Your browser opens the Formester authorization page
- You approve the requested permissions
- The client connects — no token needed
For scripts, automation, or clients that don't support OAuth.
- Log in to Formester
- Click API in the left sidebar
- Click Create Token
- Enter a name (e.g. "My Script")
- Forms Access — leave empty to access all forms in your organization, or select specific forms to restrict access
- Permissions — select what the token is allowed to do:
- View Submissions — read submission data and attachment metadata
- Update Submissions — write custom fields back to submissions
- View Forms — read form metadata
- Click Create and copy the token — it won't be shown again
To revoke a token, click Revoke next to it on the same page.
Select only what your agent needs:
| If your agent... | Select |
|---|---|
| Only reads submissions | View Submissions |
| Reads and writes insights back | View Submissions + Update Submissions |
| Also needs form structure | Add View Forms |
Pass the token in the Authorization header:
Authorization: Bearer YOUR_TOKEN_HERE
See the README for per-client configuration examples.