griptonite-mcp
This MCP server provides an interface to the Griptonite indoor climbing app, letting you browse climbing data, track progress, and log climbs through any MCP client.
Authentication
auth_status– Check sign-in status and token expiryget_login_url– Generate an OAuth login URL to start the sign-in flow
Venues & Routes
list_venues– Find climbing gyms/venues with optional searchlist_routes– Browse routes/problems, filterable by venue, grade, and limitget_route– Get full details for a single route by IDlist_grades– View all supported grade systems (V-scale, Font, etc.)
Logging Climbs
log_climb– Log a send, flash, onsight, attempt, or project with optional grade opinion, star rating, notes, and timestamplog_attempt– Shortcut to log an unsuccessful attempt or project try
Your Climbing Log
get_completed_climbs– List every climb you've sent, including try countsget_projects– View climbs you're currently projecting, with attempt countsget_all_logs– Retrieve all logged entries (sends + attempts)
Profile & Social
get_profile– View a climber profile (defaults to your own)get_feed– See recent activity from you and your crewget_notifications– Check your notifications
Rankings & Competitions
get_gym_rankings– View leaderboards for gyms you've joinedget_world_rankings– See the global ranking across all Griptonite climbersget_competition_rankings– View standings for a specific competition or all visible ones
Training & Events
list_workouts– Browse available workoutslist_competitions– View competitions and eventslist_challenges– See active challenges
Advanced / Discovery
raw_request– Make any arbitrary authenticated API call for exploring undocumented endpointslist_known_endpoints– View all confirmed API endpoints
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@griptonite-mcplog a flash on route 456"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
griptonite-mcp
An MCP server for Griptonite, the indoor climbing app. Log attempts and sends, browse routes and grades, and pull your climbing log into any MCP client — Claude Desktop, Claude Code, Cursor, and friends. Built in the same spirit as the popular Garmin MCP servers: a thin, auth-aware wrapper around a fitness backend that has no official public API.
Unofficial. Not affiliated with or endorsed by Griptonite / Cascom Ltd. Reverse-engineered from the app's backend for personal use. Respect Griptonite's Terms of Service and don't hammer their API.
What it can do
Tool | What it does |
| Check whether you're signed in and when the token expires |
| Get an OAuth login URL to start the sign-in flow |
| Find climbing gyms/venues (optional search) |
| List routes/problems, filter by venue and grade |
| Full detail for one route (e.g. an id from an NFC tag) |
| Grade systems Griptonite knows (V-scale, Font, ...) |
| A climber profile (defaults to you) |
| Recent activity feed (your + crew sends) |
| Your notifications |
| Training + events |
| Leaderboard for the gyms you've joined |
| Global ranking across all climbers |
| Standings for a competition |
| Every climb you've sent, with tries |
| Climbs you're currently projecting, with tries |
| All logged entries (sends + attempts) with tries |
| Log a send / flash / onsight / attempt / project on a route |
| Shortcut for logging an unsuccessful try |
| Call any API path with your token (discovery / wiring) |
| Show the confirmed API surface |
Related MCP server: Health MCP Server
How it works
Griptonite's backend lives at https://api.griptonite.io and is a Django REST
Framework API guarded by OAuth2 (authorization-code, scope appuser). The
endpoint names in config.py were confirmed by probing the live API — paths
that answer 401 Unauthorized exist; 404s don't. Confirmed groups include routes, grades, venues, feed, venues/rankings (gym leaderboards), profiles/rankings (world), and routes/completed / routes/projects / routes/logs (your climbs). Auth follows the app's own
browser login: you sign in once, hand back the code, and the server caches a
bearer token (default ~/.griptonite/token.json, gitignored) and refreshes it
transparently.
Install
git clone https://github.com/<your-username>/griptonite_mcp.git
cd griptonite_mcp
pip install -e . # or: pip install -e ".[dev]" for testsRequires Python 3.10+.
Authenticate (once)
Griptonite has no public API, so there's no API key to paste. Instead you sign in through the browser once and hand the tool the one-time code, exactly like the mobile app does. Run:
griptonite-auth # or: python -m griptonite_mcp.authIt prints a login URL. Open it, sign into Griptonite, and copy the code from
the redirect back into the terminal. The token is cached (and auto-refreshed)
from then on, so you only do this once.
Catching the code (important)
After you log in, Griptonite redirects to https://www.griptonite.io/?code=...
— but www.griptonite.io instantly redirects to griptonite.io, and that
redirect strips the ?code out of the address bar. That's expected. Grab the
code from the Network tab instead:
Open your browser's DevTools (F12) and click the Network tab.
Tick Preserve log (so redirect entries aren't cleared).
Log in via the printed URL.
Filter the list by typing
code, and click the request named?code=...(the request towww.griptonite.io). Its Request URL ishttps://www.griptonite.io/?code=LONGCODE&state=....No such row? Click the
authorizerequest and read its responselocationheader — the code is there.
Copy that whole URL (or just the
codevalue) and paste it at the prompt.
The code is single-use and expires in about a minute, so grab it promptly. If
you miss it, just re-run griptonite-auth. The tool detects a stripped/empty
paste and re-prompts with this reminder.
Why not a localhost redirect? The OAuth client is registered to redirect only to
griptonite.io, so the usual "spin up a local server and auto-capture" trick isn't available — hence the one-time manual copy.
Add to Claude Desktop
Add to claude_desktop_config.json (Settings → Developer → Edit Config):
{
"mcpServers": {
"griptonite": {
"command": "python",
"args": ["-m", "griptonite_mcp"]
}
}
}Then restart Claude Desktop and ask things like "log a V4 flash on route " or "what have I sent at my gym this week?".
Wiring the log endpoint
Reads are fully mapped. The write path for logging a climb
(log_climb / log_attempt) is the one piece that couldn't be confirmed
without capturing an authenticated request, because the mobile app doesn't
expose it publicly. The server's default is POST /routes/log — the singular /routes/log path
is confirmed to exist — with the route id sent in the body. That's still a best
guess until someone captures the real request; it's trivial to correct:
Sign into Griptonite in a browser or proxy the app (Charles / mitmproxy / browser DevTools → Network).
Log a climb in the app and find the request it fires.
Set the real path and, if needed, adjust the JSON field names:
export GRIPTONITE_LOG_ENDPOINT="/routes/log" # or the real path you capturedFor field names, tweak the
payloaddict inlog_climb(server.py) or thelog_climbmethod inclient.py.Meanwhile you can experiment live with the
raw_requesttool, e.g.raw_request("POST", "/routes/123/ticks", body={...}).
Example prompts
Once it's wired into your MCP client, try:
"What have I sent at my home gym this month, and how many tries did each take?"
"Show my current projects ordered by number of attempts."
"Where do I rank in my gym right now? And globally?"
"Log a V4 flash on route
<id>.""Find blue V3–V5 routes at venue
<id>I haven't tried yet."
Configuration
All optional; sensible defaults are baked in. Copy .env.example to .env.
Variable | Default | Purpose |
| (discovered) | OAuth client id |
|
| OAuth redirect |
|
| API base URL |
|
| Token cache location |
|
| Climb-log write path |
Develop
pip install -e ".[dev]"
pytest # unit tests (no network / creds needed)
python scripts/discover_endpoints.py # re-probe the live API surfaceProject layout
griptonite_mcp/
config.py # env-driven settings + confirmed endpoint constants
auth.py # OAuth2 auth-code flow, PKCE, token cache, refresh
client.py # async httpx client with 401-refresh-retry
server.py # FastMCP server + tool definitions
scripts/
discover_endpoints.py # re-map the API surface
tests/
test_client.py # request building, error handling, auth URLContributing
Issues and PRs welcome — especially confirming API endpoints/payloads. See CONTRIBUTING.md and the CHANGELOG.
Disclaimer
This is an unofficial, community project and is not affiliated with, endorsed by, or supported by Griptonite / Cascom Ltd. It talks to the same backend the official app uses, discovered by observing public network behaviour. Use it for your own data, respect Griptonite's Terms, and don't hammer the API. If Griptonite ships an official API, prefer that.
License
MIT — see LICENSE.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mcarch-drdoof/griptonite_mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server