Strava MCP
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| STRAVA_CACHE | No | Optional read-through cache backend (e.g., sqlite). | |
| STRAVA_SCOPES | No | OAuth scopes requested from Strava. | read activity:read_all profile:read_all |
| STRAVA_CLIENT_ID | Yes | Your Strava API application client ID. | |
| STRAVA_PRIVACY_MODE | No | Privacy mode for GPS and route data: summary | structured | raw. | structured |
| STRAVA_REDIRECT_URI | No | OAuth redirect URI. Must match the one configured in your Strava app. | http://127.0.0.1:3000/callback |
| STRAVA_CLIENT_SECRET | Yes | Your Strava API application client secret. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| strava_data_inventoryA | Inventory supported Strava data domains, auth scope requirements, privacy boundary and recommended first calls. Does not call Strava APIs or expose user data. |
| strava_agent_manifestA | Machine-readable install, runtime and client guidance for AI agents. Includes Hermes direct tool names and anti-gateway-restart guidance. Does not call Strava or expose secrets. |
| strava_capabilitiesA | Explain supported Strava data, privacy boundaries, GPS handling, recommended agent workflow and project links. Does not call Strava or expose secrets. |
| strava_quickstartA | Personalized 3-step setup walkthrough for the human user. Adapts to current state (env vars set? token present? what's next?). Call this first when the user asks 'how do I connect Strava?' |
| strava_demoA | Returns realistic example payloads of strava_daily_summary, strava_training_context, and strava_list_activities so agents see the contract before calling real Strava APIs. |
| strava_get_auth_urlA | Generate a Strava OAuth authorization URL. Use this first when no local token exists. |
| strava_exchange_codeA | Exchange a Strava OAuth authorization code for local tokens. Tokens are stored locally with 0600 permissions and are never returned. |
| strava_get_athleteA | Get the authenticated Strava athlete profile. Requires read/profile scope depending on requested fields. |
| strava_get_zonesB | Get the authenticated athlete heart-rate and power zones when available. |
| strava_get_athlete_statsB | Get public-visible aggregate Strava stats for the authenticated athlete. |
| strava_list_activitiesA | List authenticated athlete activities. Supports after/before filters and Strava pagination. Requires activity:read or activity:read_all. |
| strava_list_routesA | List authenticated athlete routes. GPS/map geometry is redacted unless raw mode is requested. |
| strava_list_clubsB | List clubs joined by the authenticated athlete. |
| strava_get_activityA | Get detailed activity data by id. Summary/structured modes protect raw GPS details. |
| strava_get_activity_zonesB | Get heart-rate/power zones for an activity when available. |
| strava_get_routeA | Get route details by id. Summary/structured modes avoid full route geometry. |
| strava_get_gearB | Get gear/equipment details by id. |
| strava_get_activity_streamsA | Get Strava activity streams such as time, distance, heartrate, cadence, watts and altitude. GPS latlng is withheld unless include_gps=true or privacy_mode=raw. |
| strava_connection_statusA | Check local Strava config, token file, Node version, privacy mode, cache readiness and optional MCP client readiness without calling Strava or exposing secrets. |
| strava_cache_statusA | Show optional local SQLite cache status. Enable with STRAVA_CACHE=sqlite or STRAVA_CACHE=true. |
| strava_privacy_auditB | Return local privacy, cache, token-path, GPS redaction and env-presence posture without revealing secret values. |
| strava_revoke_accessA | Revoke the current Strava OAuth access grant and delete the local token file. Use only when the user explicitly wants to disconnect Strava. |
| strava_daily_summaryA | Build a practical daily training/load summary from recent Strava activities. Read-only and non-medical. |
| strava_weekly_summaryA | Build a weekly Strava scorecard with volume, intensity, sport mix, bottlenecks and next-week actions. Read-only and non-medical. |
| strava_training_contextA | Normalize recent Strava activity load into a compact training_context for workout recommendation engines. Includes fallback guidance when recent Strava activity is missing. |
| strava_profile_getA | Read the canonical Delx Wellness profile shared with the other wellness MCP connectors (Nourish, Cycle Coach, CGM, etc.). Read-only. Profile stores only what the user typed during onboarding — never OAuth tokens, API keys, or biomarkers. Note: this profile does NOT change Strava's GPS-redaction default; Strava continues to redact latlng and route geometry unless STRAVA_GPS_INCLUDE=true or include_gps=true is explicitly passed. |
| strava_profile_updateA | Persist a partial patch to the canonical Delx Wellness profile. Requires explicit_user_intent=true after the user confirms they want to save. Rejects secret-like fields (oauth, token, api_key, password, cookie, refresh, session). Strava's GPS-redaction default is unaffected by profile changes. |
| strava_onboardingA | Read-only. Return the 11-question Delx Wellness onboarding flow (en or pt-BR), the current shared profile, missing critical fields, and a cross-connector hint. Use this when the user starts a fresh wellness session and you need to fill out preferred_name, goals, devices, training context, nutrition, preferences, and safety. Strava continues to redact GPS by default — onboarding does not change that. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| strava_daily_training_director | Use Strava activity context to produce a practical daily training and recovery plan. |
| strava_weekly_endurance_review | Use Strava weekly summary data to create a next-week training plan. |
| strava_activity_stream_investigator | Investigate one Strava activity using streams while respecting GPS privacy. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| strava_data_inventory | Static inventory of supported Strava data domains, privacy modes and recommended first calls. |
| strava_agent_manifest_resource | Static machine-readable install and runtime instructions for AI agents, including Hermes direct tool names. |
| strava_capabilities_resource | Static capabilities, API boundary, GPS privacy modes and recommended agent workflow. |
| strava_athlete | Authenticated athlete using the configured privacy mode. |
| strava_latest_activity | Latest activity using the configured privacy mode. |
| strava_daily_summary_resource | Daily activity load and action-candidate summary. |
| strava_weekly_summary_resource | Weekly volume, intensity, sport mix, bottlenecks and next-week actions. |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/davidmosiah/strava-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server