Create Automations Using the Staircase AI MCP Server

Last updated
Save as PDF

This article explains how to create personal OAuth credentials (Client ID and Client Secret) to authenticate against the Staircase AI MCP server using the OAuth2 `client_credentials` grant. This method does not require an interactive browser-based login flow.

This article explains how to create personal OAuth credentials (Client ID and Client Secret) to authenticate against the Staircase AI MCP server using the OAuth2 client_credentials grant. This method does not require an interactive browser-based login flow.

Overview

Users can generate personal OAuth 2.0 credentials (Client ID and Client Secret) to authenticate LLM clients with the Staircase AI MCP server. This enables secure, programmatic access to Staircase AI data without a browser login, making it easier to integrate automated clients and LLM tools such as Claude.

This capability supports system-to-system connections, allowing customers to automate processes and enable machines, not just users, to interact with Staircase AI.

The Staircase AI MCP server exposes customer relationship data and account intelligence to large language models (LLMs) through the Model Context Protocol (MCP). To connect an LLM client, each user must authenticate using their personal OAuth 2.0 credentials.

Once authenticated, the client can call MCP tools to retrieve account health summaries, risk signals, stakeholder changes, and other customer data in real time.

Prerequisites

Before you begin, make sure the following prerequisite is met:

MCP must be enabled at the organization level by your admin. For more information, refer to the Connect Staircase AI to LLMs Using MCP article.

Create Personal API Credentials for the Staircase AI MCP Integration

To add credentials:

Log in to Staircase.ai.
Navigate to Settings > Profile > Staircase AI MCP. The Staircase AI MCP details page appears.
Click Add credential. The Add MCP credentials dialog box appears.
Enter a Name.
Click Add. The Add MCP credentials dialog box appears.
Copy the Client ID and Client secret and paste them in a notepad.

IMPORTANT: The Client Secret is displayed only once. If you lose it, you must delete the credential and create a new one. There is no way to recover the secret afterward.
Click Done. The credential now appears in the credentials list with its creation date and last-used timestamp. You can revoke any credential from this screen at any time.

Use the Credentials

The credentials authenticate to the MCP server using the OAuth2 client_credentials grant. The authentication flow works as follows:

POST your client_id and client_secret to https://mcp.staircase.ai/oauth/token.
Receive a short-lived JWT access token (valid for 12 hours).
Pass the JWT as a bearer token on subsequent MCP requests.

Set Environment Variables

Export the values you copied from the UI before running the sample:

export MCP_CLIENT_ID=<your client_id from the dialog>
export MCP_CLIENT_SECRET=<your client_secret from the dialog>

Sample Python Client

The following minimal reference client uses fastmcp and authlib. It requires Python 3.13 or later, along with the fastmcp and authlib packages.

import asyncio
import json
import os
import sys
 
from authlib.integrations.httpx_client import AsyncOAuth2Client
from fastmcp import Client
 
MCP_SERVER_URL = os.environ.get("MCP_SERVER_URL", "https://mcp.staircase.ai/mcp")
TOKEN_ENDPOINT = MCP_SERVER_URL.rsplit("/mcp", 1)[0] + "/oauth/token"
CLIENT_ID = os.environ["MCP_CLIENT_ID"]
CLIENT_SECRET = os.environ["MCP_CLIENT_SECRET"]
 


QUESTIONS = [
    "Prep me for my upcoming call with Acme Corp and summarize account health, "
    "recent risks, wins, and key stakeholder changes into a one-page brief.",
]
 
 
async def fetch_client_credentials_token() -> str:
    """Fetch a JWT via OAuth2 client_credentials grant using authlib."""
    oauth_client = AsyncOAuth2Client(
        client_id=CLIENT_ID,
        client_secret=CLIENT_SECRET,
        token_endpoint_auth_method="client_secret_post",
    )
    token = await oauth_client.fetch_token(
        url=TOKEN_ENDPOINT, grant_type="client_credentials"
    )
    await oauth_client.aclose()
    return token["access_token"]
 
 
async def main():
    access_token = await fetch_client_credentials_token()
    print(f"[Auth] Obtained client_credentials token (len={len(access_token)})")
 
    client = Client(MCP_SERVER_URL, auth=access_token)
    async with client:
        tools = await client.list_tools()
        print(f"[MCP] Available tools: {', '.join(t.name for t in tools)}")
 
        for question in QUESTIONS:
            try:
                print(f"\n[MCP] Question: {question}")
                response = await client.call_tool(
                    "staircase_query",
                    {"query": question},
                )
                print(
                    f"[MCP] Response:\n{json.dumps(response.structured_content, indent=2)}"
                )
            except Exception as e:
                print(f"[MCP] Error: {e}", file=sys.stderr)
 
 
if __name__ == "__main__":
    asyncio.run(main())

Run it

python creds_client.py

Security Considerations

Keep the following in mind when managing MCP credentials:

Treat the Client Secret like a password — never commit it to a code repository or share it in chats or documents.
Each credential is scoped to the user who created it. Revoke credentials from the MCP credentials screen when they are no longer needed.
Access tokens issued by /oauth/token expire after 12 hours. The client refreshes automatically by calling fetch_token again.
If an organization admin disables MCP at the org level, all existing credentials stop working immediately.