# AI Assistants (MCP) (/docs/integrations/mcp-server) The Resytech **MCP server** (Model Context Protocol) lets an AI assistant like Claude Desktop, Cursor, or any other MCP-compatible client read information from your Resytech account, so you can ask it questions in plain English: * *"What activities does this location offer?"* * *"What jet-ski slots are open next Saturday afternoon?"* * *"Look up booking A2JF6C55 — what time and how much owed?"* You connect your assistant once with an **MCP token** you generate in the dashboard. The token controls **which locations** and **what kind of data** the assistant can see. The MCP server is **read-only** — an assistant can look things up but cannot create, change, or cancel anything. What you get [#what-you-get] The token unlocks up to six tools an AI client can call: | Tool | What it does | Required permission | | -------------------- | -------------------------------------------------------- | ------------------- | | `list_locations` | Returns the locations this token can access. | *(always allowed)* | | `list_activities` | Lists bookable activities at those locations. | Activities | | `get_activity` | Details about one activity. | Activities | | `check_availability` | Open time slots for an activity over a date range. | Activities | | `find_bookings` | Search bookings by date range, status, or customer info. | Bookings | | `get_booking` | Details about one booking by confirmation code or ID. | Bookings | Creating a token [#creating-a-token] 1. In the dashboard, go to **Location Settings** and open the **MCP Tokens** tab. 2. Click **Create Token**. 3. Fill in the form: * **Name** — anything memorable. *"Front-desk AI"*, *"Personal Claude Desktop"*, etc. * **Locations** — pick one or more locations the assistant should be allowed to read. You can only choose locations within your own company. * **Permissions** — see the next section. * **Expiry** *(optional)* — leave blank for no expiry. You can revoke or disable a token any time. 4. Click **Create Token**. 5. The plaintext token is shown **once** on the next screen. Copy it now — for security, it is never shown again. Only a hash is stored on our side. If you lose a token, just revoke it and create a new one. Permissions [#permissions] A token grants only the permissions you tick when creating it. They stack: each one unlocks a small group of tools and a slice of data. | Permission | What it unlocks | | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Activities & availability** | Listing activities, looking up activity details, checking open slots. **No customer data.** | | **Bookings** | Searching and reading bookings — date, time, status, balance, confirmation code. **Customer name/email/phone are redacted** unless the next permission is also granted. | | **Customer details** | Reveals customer name, email, and phone on booking results. Requires "Bookings" to do anything. | A token with only **Activities & availability** is the safest choice — your AI can answer scheduling questions but cannot see any customer's name, email, phone, or booking history. A token with **Bookings** but no **Customer details** can answer *"what's on the schedule for Saturday?"* and *"how much is owed on booking A2JF6C55?"* without exposing PII. A token with all three is appropriate for an AI assistant used by staff to look customers up by name or email. Connecting an AI client [#connecting-an-ai-client] The MCP server lives at **`https://mcp.resytech.com`**. The token goes in the `Authorization` header as `Bearer rmcp_...`. Claude Desktop [#claude-desktop] Claude Desktop's built-in **Custom Connectors** UI (Settings → Connectors) currently supports OAuth only — it doesn't accept Bearer tokens. To connect to the Resytech MCP server, use the official `mcp-remote` bridge in your `claude_desktop_config.json` (on Windows: `%APPDATA%\Claude\claude_desktop_config.json`, on macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`): ```json { "mcpServers": { "resytech": { "command": "npx", "args": [ "mcp-remote@latest", "https://mcp.resytech.com/", "--header", "Authorization:${AUTH_HEADER}" ], "env": { "AUTH_HEADER": "Bearer rmcp_your_token_here" } } } } ``` Three notes: * **`npx` requires Node.js**. Install Node from [nodejs.org](https://nodejs.org) if `node --version` errors in your terminal. * **The token lives in `env`, not in `args`.** Claude Desktop on Windows has a known escaping bug for spaces inside `args` that mangles the header; passing the value through an environment variable works around it. The literal `Authorization:${AUTH_HEADER}` in `args` is left as-is (no space around the colon). * **Fully quit Claude Desktop** (tray icon → Quit, not just closing the window) before relaunching, otherwise the config isn't reloaded. After restart, the Resytech tools appear in the tool list (🔌 icon at the bottom of the chat box) and Claude calls them automatically when a question would benefit. Cursor / Continue / other MCP clients [#cursor--continue--other-mcp-clients] Most MCP clients accept the same configuration shape. Look for an MCP or *"Model Context Protocol"* settings page and add a server with: * **Transport**: HTTP (sometimes called *Streamable HTTP*) * **URL**: `https://mcp.resytech.com/` * **Header**: `Authorization: Bearer rmcp_your_token_here` Trying it out [#trying-it-out] Once configured, ask your assistant something it would need the tools to answer: * *"What activities are offered at my location?"* * *"Check jet-ski availability next Friday."* * *"What bookings are confirmed for this weekend?"* If you have a Bookings permission you can also try: * *"Look up booking A2JF6C55."* * *"Show me pending bookings for next month."* Managing tokens [#managing-tokens] Back in **Location Settings → MCP Tokens**, every token your company has created shows up with its name, prefix (the first 12 characters like `rmcp_a1b2…`), permissions, locations, expiry, and last-used date. You can: * **Disable** a token — a soft toggle. The token stops working immediately but you can re-enable it later without re-issuing it. Use this when you're rotating credentials in a client and want to make sure the old one stops working the moment you swap. * **Revoke** a token — permanent. The token is invalidated forever. Use this when a token is compromised, when an employee leaves, or when you're sure it's no longer needed. Revoked tokens stay in the list for audit history but cannot be re-enabled. Security notes [#security-notes] * The plaintext token is shown **once** at creation. Treat it like a password. * Tokens carry **long-lived, location-scoped read access**. Don't paste them in screenshots, public chat channels, or unencrypted notes. * The MCP server is **read-only**. No AI assistant connected through this server can create, modify, or cancel bookings, change pricing, refund payments, or alter any setting. * All connections use **HTTPS**. The server never accepts unencrypted connections. * **Only administrators** can create, disable, or revoke MCP tokens. Regular staff users cannot mint credentials that would grant customer-PII access. * The MCP server is **rate-limited per token** to protect against runaway clients. What is not (yet) supported [#what-is-not-yet-supported] * **Customer-facing tokens.** The current MCP server is for operators only. A public/anonymous tier scoped to availability lookups for customers' own AI clients is a planned future addition. * **Activity-level scoping.** Tokens are scoped to *locations*. Restricting a token to specific *activities* at a location (e.g. *only jet skis at Diversey Harbor*) is not yet available. * **Write tools.** Creating, rescheduling, or canceling bookings via MCP is not supported. If you need an AI to perform actions, do it through the dashboard. * **Party-size / specific-equipment filtering on availability.** `check_availability` returns all slots with any inventory open. It does not yet filter by *"slots that can fit a party of 4"* or *"slots with a specific equipment type available"*. Troubleshooting [#troubleshooting] | Symptom | Likely cause | | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Assistant says it has no tools / connection refused | Check the `Authorization` header is exactly `Bearer rmcp_...` with a space, and the token has not been revoked or expired. | | AI gets *"This token does not have the 'read\_bookings' permission"* | The token is missing the required permission. Edit the token's permissions in the dashboard or create a new one. | | AI gets results but customer names come back blank | The token does not have **Customer details**. This is intentional redaction, not a bug. Add the permission if you want PII visible. | | `check_availability` returns no slots | The activity may be unpublished, have no durations configured, be inside a blackout window, or all slots may simply be booked. Try a wider date range first. | | Tokens unexpectedly stop working | An expiry may have passed, or an administrator may have revoked or disabled the token. Check the status badge in **Location Settings → MCP Tokens**. |