plausible-mcp
Provides tools to query traffic and conversion metrics from Plausible Analytics, including timeseries, breakdowns, conversions, and period comparisons.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@plausible-mcpHow did our traffic change this month compared to last month?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
plausible-mcp
MCP server for Plausible Analytics — query traffic, conversions, and compare time periods from any AI tool that supports Model Context Protocol.
Built for teams that want to ask questions like:
"Did our deploy on Tuesday affect traffic to /pricing?"
"What's the signup conversion rate on /blog this month?"
"How does this week's bounce rate compare to last week?"
Tools
Tool | Description |
| Traffic and conversion metrics over time (daily/weekly/monthly) |
| Break down by page, source, country, device, browser, OS, UTM params |
| Goal conversion rates, optionally per-page |
| Side-by-side comparison of two date ranges with absolute and % deltas |
All tools are read-only and annotated with readOnlyHint: true.
Related MCP server: plausible-whenever-mcp
Quick Start
Remote (Hosted)
A hosted instance is available at https://plausible-mcp.sentry.dev.
With your own Plausible API key (any user):
claude mcp add --transport http plausible https://plausible-mcp.sentry.dev/mcp --header "Authorization: Bearer YOUR_PLAUSIBLE_API_KEY"Keep the URL before
--header.--headeris variadic, so if it comes last it swallows the URL and the CLI fails witherror: missing required argument 'commandOrUrl'.
Or add manually to your MCP client config (Claude Desktop, Cursor, etc.):
{
"mcpServers": {
"plausible": {
"url": "https://plausible-mcp.sentry.dev/mcp",
"headers": {
"Authorization": "Bearer YOUR_PLAUSIBLE_API_KEY"
}
}
}
}Sentry employees (via OAuth 2.1 + Cloudflare Access):
The /internal endpoint is an OAuth 2.1 server — no API key needed. Add it as a remote/custom connector in any OAuth-capable MCP client (Cowork, Claude.ai connectors, Claude Desktop):
https://plausible-mcp.sentry.dev/internalThe client discovers the OAuth endpoints automatically, sends you through Sentry SSO (Cloudflare Access), and only @sentry.io identities are granted access. Queries run against a shared, server-side Plausible API key — you never handle a key.
The hosted
/internalatplausible-mcp.sentry.devis Sentry-only and can't be used outside the org. To run/internalfor a different organization, self-host and setALLOWED_EMAIL_DOMAINto your own domain. (The public/mcpbring-your-own-key endpoint has no such restriction.)
Local (STDIO)
If you prefer to run it locally:
git clone https://github.com/getsentry/plausible-mcp.git
cd plausible-mcp
pnpm install
pnpm buildAdd to Claude Code:
claude mcp add plausible -e PLAUSIBLE_API_KEY=your-key -- node /path/to/plausible-mcp/dist/index.jsOr Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"plausible": {
"command": "node",
"args": ["/path/to/plausible-mcp/dist/index.js"],
"env": {
"PLAUSIBLE_API_KEY": "your-key"
}
}
}
}Self-Hosting (Cloudflare Workers)
Deploy your own instance:
git clone https://github.com/getsentry/plausible-mcp.git
cd plausible-mcp
pnpm install
npx wrangler deployThe worker exposes two endpoints:
/mcp— bring-your-own-key. Each user passes their own Plausible API key via theAuthorization: Bearerheader. No shared secrets needed on the server. Works with any header-capable MCP client (Claude Code, Cursor, MCP Inspector)./internal— Access-protected MCP endpoint for managed connectors (Cowork, Claude.ai). A Cloudflare Access application with Managed OAuth fronts the whole Worker hostname (see the constraint below): Access runs the OAuth 2.1 handshake with the client and forwards each request to the Worker with aCf-Access-Jwt-Assertionheader. The Worker verifies that header and queries a shared, server-side Plausible API key. Access is gated to the email domain(s) inALLOWED_EMAIL_DOMAIN(defaults tosentry.io) — not tied to Sentry when you self-host; set it to your own domain.
Because the Managed OAuth application must cover the bare hostname with no path (Cloudflare rejects a path when OAuth is enabled — domain can not have a path if oauth is configured), it also gates /mcp. To keep the bring-your-own-key /mcp endpoint public you add a second, more-specific Access application scoped to the /mcp path with a Bypass policy. Cloudflare matches the most specific hostname+path first, so /mcp requests bypass Access entirely while everything else goes through OAuth. Both apps live on one hostname; no separate subdomain is required.
Beta / client requirement. Cloudflare Access Managed OAuth is in Beta and requires an MCP client that supports RFC 8707 (resource indicators). Confirm your connector supports it before relying on this path.
Setting up the /internal endpoint (Cloudflare Access Managed OAuth)
The Worker runs no OAuth server — Cloudflare Access is the authorization server. There is no OAUTH_KV, no cookie key, and no OAuth client id/secret. You create two Access applications on the same hostname.
Create the Managed OAuth application over the bare hostname (Zero Trust → Access → Applications): a self-hosted app or MCP server application whose domain is
plausible-mcp.sentry.devwith no path.⚠️ Do not scope it to
/internal. Once Managed OAuth is enabled, Cloudflare rejects any path withaccess.api.error.invalid_request: domain can not have a path if oauth is configured. The app must be the whole host; the Worker enforces the/internalroute itself.Add an Access policy (Action
Allow) restricting to your email domain (e.g.@acme.com) and identity provider.Enable Managed OAuth (Advanced settings → Managed OAuth) and set Allowed redirect URIs to your connector's actual callback — for Claude/Cowork that is
https://claude.ai/api/mcp/auth_callback. Public HTTPS callbacks must be listed or Dynamic Client Registration fails withinvalid_client_metadata: redirect_uri is not allowed by the account configuration; loopback (http://localhost:*) callbacks are allowed by default.Copy the application's AUD tag → this becomes
CF_ACCESS_AUD.
Carve
/mcpback out with a second, path-scoped Bypass application. Because step 1 covers the whole host,/mcp(bring-your-own-key) is now gated too. Create another self-hosted app, domainplausible-mcp.sentry.devpathmcp, with Managed OAuth OFF, and a policy whose Action isBypasswith the selectorEveryone.Bypass≠Allow: anAllowpolicy still forces an interactive login (the client gets an HTML302to the login page and fails withUnexpected content type: text/html). OnlyBypasslets the request through with no authentication, so the Worker's own Bearer-key check applies.
Set the worker secrets:
npx wrangler secret put CF_ACCESS_TEAM_DOMAIN # https://<team>.cloudflareaccess.com (no trailing slash) npx wrangler secret put CF_ACCESS_AUD # the Managed OAuth application's AUD tag (from step 1) npx wrangler secret put PLAUSIBLE_API_KEY # shared key for /internal queriesSet the
[vars]inwrangler.toml:ALLOWED_EMAIL_DOMAIN— the email domain(s) allowed to sign in, comma-separated,@optional (defaultsentry.io). Enforced in code in addition to the Access policy in step 1, so set it to your own domain — otherwise every login is rejected.
Deploy (
npx wrangler deploy), then point an RFC 8707-capable MCP client athttps://<your-worker-host>/internal.
Troubleshooting. All of these are Cloudflare Access configuration, not the Worker — a request only reaches the Worker (and its Sentry spans) once Access forwards it:
Symptom (in the connector) | Cause | Fix |
| Connector callback isn't in Allowed redirect URIs | Add the exact callback (step 1); read the rejected |
| Managed OAuth app scoped to a path | Rescope app 1 to the bare host (step 1) |
|
| Set the app-2 policy Action to |
| No | Create app 2 (step 2) |
Configuration
Environment Variable | Required | Default | Description |
| Yes (STDIO) | — | Your Plausible API key (get one here) |
| No |
| URL of your Plausible instance (for self-hosted) |
| No | — | Default site domain so you don't have to pass |
| Yes (Worker | — |
|
| Yes (Worker | — | The Access application's Application Audience (AUD) tag — checked against the assertion's |
| No (Worker |
| Comma-separated email domain(s) allowed to sign in to |
On the Worker, the /mcp endpoint needs no server-side key — each user passes their own via Authorization: Bearer. The /internal endpoint is fronted by Cloudflare Access Managed OAuth and uses a shared server-side PLAUSIBLE_API_KEY secret (see self-hosting).
Plausible API
This server wraps the Plausible Stats API v2 (POST /api/v2/query). It works with both Plausible Cloud and self-hosted instances.
Supported Metrics
visitors, visits, pageviews, views_per_visit, bounce_rate, visit_duration, events, scroll_depth, percentage, conversion_rate, group_conversion_rate, average_revenue, total_revenue, time_on_page
Supported Dimensions
event:page, event:goal, event:hostname, visit:entry_page, visit:exit_page, visit:source, visit:referrer, visit:channel, visit:utm_medium, visit:utm_source, visit:utm_campaign, visit:utm_content, visit:utm_term, visit:device, visit:browser, visit:browser_version, visit:os, visit:os_version, visit:country, visit:region, visit:city
Development
pnpm install
pnpm build # TypeScript compilation
pnpm test # Run unit + integration tests
pnpm test:watch # Watch modeTesting with MCP Inspector
pnpm build
PLAUSIBLE_API_KEY=your-key npx @modelcontextprotocol/inspector node dist/index.jsLLM Evals
Verifies Claude picks the right tool for natural language analytics questions:
ANTHROPIC_API_KEY=sk-... pnpm evalArchitecture
src/
├── index.ts # STDIO entry point (local use)
├── worker.ts # Cloudflare Worker entry point (remote)
├── server.ts # Creates McpServer, registers all tools
├── plausible.ts # PlausibleClient — standalone API client
├── schemas.ts # Shared Zod schemas and filter helpers
└── tools/
├── get-timeseries.ts
├── get-breakdown.ts
├── get-conversions.ts
└── compare-periods.tsPlausibleClient has zero MCP dependency and can be used standalone.
License
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/getsentry/plausible-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server