synauth-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| SYNAUTH_URL | No | Backend URL (override for self-hosted) | https://synauth.fly.dev |
| SYNAUTH_API_KEY | Yes | Your SynAuth API key (starts with `aa_`) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| request_approvalA | Request human approval for an AI agent action via Face ID. Submit any action (email, purchase, booking, contract, data access, social post, system change) for biometric verification by the authorized human. Returns immediately with request ID and initial status — the action may be auto-approved/denied by rules, or pending human review. Action types: communication, purchase, scheduling, legal, data_access, social, system Risk levels: low, medium, high, critical Example: Request approval to send an email action_type: "communication" title: "Send quarterly report to john@company.com" risk_level: "low" Example: Request approval for a $500 purchase action_type: "purchase" title: "Purchase cloud hosting credits" amount: 500.00 risk_level: "medium" |
| check_approvalA | Check the status of an approval request. Returns the current status (pending, approved, denied, expired) and full details including timestamps, resolution method, and any deny reason. Use this after request_approval to see if the human has responded. |
| wait_for_approvalA | Wait for an approval request to be resolved. Polls the backend until the request is approved, denied, or expired. Returns the final status. Use this when you need to block until the human responds. Default timeout is 120 seconds with 3-second polling intervals. |
| get_approval_historyA | Get history of resolved approval requests. Returns past approved, denied, and expired requests. Useful for reviewing what actions have been taken and their outcomes. |
| get_spending_summaryA | Check your current spending against configured limits. Returns all spending limits that apply to you (agent-specific and global limits), with your current spend, remaining budget, and utilization percentage for each. Use this BEFORE making purchases or other monetary actions to check if you have budget remaining. This prevents hitting spending limit denials. Each summary includes: limit_id, period (daily/weekly/monthly), limit amount, spent amount, remaining amount, and utilization percentage. |
| list_vault_servicesA | List available vault services (stored API credentials). Shows which services have credentials stored in SynAuth's vault. Each service has allowed hosts that restrict where credentials can be sent. The agent never sees the actual credential values — only service names and metadata. Use this to discover what API services are available before calling execute_api_call. |
| execute_api_callA | Make an API call using a credential stored in SynAuth's vault. This is the core structural enforcement tool: the agent provides the request details, SynAuth requests biometric approval, then executes the call with the stored credential. The agent never sees the raw API key or token. Flow:
The URL must match one of the service's allowed hosts (security: prevents credential exfiltration). Each approval is single-use — you cannot re-execute the same approved request. Example: Call OpenAI API service_name: "openai" method: "POST" url: "https://api.openai.com/v1/chat/completions" headers: {"Content-Type": "application/json"} body: '{"model": "gpt-4", "messages": [{"role": "user", "content": "Hello"}]}' |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dennischoubot-glitch/synauth-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server