Affinity Design
Agency Guide

MCP Overview

What the Model Context Protocol is and why your agency should use it

What is MCP?

The Model Context Protocol (MCP) is an open standard that lets AI clients — Claude, Cursor, custom agents — talk directly to your platform's tools. Instead of building separate integrations for every AI product, you expose your capabilities once through MCP and any compatible client can use them.

Think of it like a USB-C port for AI: one protocol, endless devices.

Why It Matters for Your Agency

Without MCP, your team wastes time on repetitive manual work:

  • Copying call summaries from one dashboard to another
  • Manually scheduling appointments in GHL
  • Exporting GA4 reports to share with clients
  • Updating WordPress content through slow admin panels

With MCP, an AI assistant connected to your platform can do this directly — in natural language, in real time.

What Your Platform Exposes

Your af-gemini-connect instance runs a full MCP server with 16 plugins covering:

CategoryPlugins
CRM & CalendarGHL appointments, contacts, pipelines, SMS
MarketingMeta Ads, Google Ads, GBP, SEO, Social
CommunicationTwilio calls/SMS, SendGrid email
InfrastructureWordPress, GitHub, Cloudflare, Vercel, docs bridge
IntelligenceGA4 analytics, image generation, verification, docs lookup
PlatformCore tools (time, notes, asset management)

How Clients Connect

Your MCP server supports two transports:

  • Endpoint: POST /mcp/http
  • Best for: Claude Code, Cursor, custom HTTP clients
  • Features: Direct JSON-RPC responses, stateless or session-based, 20MB body limit for image uploads

SSE (Legacy)

  • Endpoint: GET /mcp/sse + POST /mcp/messages
  • Best for: Claude Desktop, older MCP clients
  • Features: Server-Sent Events stream, session-based

Authentication

All MCP connections require authentication. Your platform supports two methods:

  1. API KeysX-API-Key: afk_... header. Scoped per client, with optional plugin restrictions.
  2. OAuth 2.1 — Full PKCE flow for claude.ai web connectors. Users paste their API key once; Claude handles tokens automatically.

Admin JWTs also work for agency-wide access across all clients.

Security Model

  • Per-client isolation: Each API key resolves to exactly one client. No cross-client data leakage.
  • Plugin scoping: Keys can be restricted to specific plugins (e.g., only ga4 and gbp).
  • Agent-level overrides: Individual voice agents can have their own plugin allowlists.
  • Token expiry: OAuth access tokens last 1 hour; refresh tokens last 30 days.
  • No raw secrets in tools: API keys are hashed (SHA-256) before storage. Only the key prefix is shown in admin UIs.

Typical Workflows

Sales Follow-Up

"Check GHL for leads created today, draft a personalized SMS for each, and send it through Twilio."

SEO Reporting

"Pull GA4 traffic for last 28 days, compare to the previous period, and update the client's WordPress blog with the summary."

Ad Optimization

"Audit the Meta Ads account, find underperforming campaigns, pause them, and create lookalike audiences from the top converters."

Website Updates

"Upload this image to the asset library, push it to the WordPress media gallery, and update the hero section on the homepage."

Next Steps

Ready to connect? Pick your client:

On this page