Skip to main content
Metabase has a built-in MCP server that connects over OAuth — but unlike vendor-hosted servers such as Atlassian or Slack, the endpoint is your own Metabase instance, not a shared vendor URL. Every customer’s MCP endpoint is different: it’s your Metabase domain with /api/metabase-mcp appended. Metabase runs its own embedded OAuth server with dynamic client registration, so once you have the URL, the connection flow is a standard OAuth approval — no external provider or pre-registered credentials needed.
When you paste your Metabase MCP endpoint and click Continue, MCP Manager’s authentication detection lands on Standard OAuth (dynamic client registration). You don’t supply any keys — Metabase handles client registration automatically and redirects you to approve the connection.
This guide is a convenience based on Metabase’s setup at the time of writing. Metabase’s own MCP documentation is authoritative and may be more current. The requirements below — enabling the MCP server, the endpoint path, the OAuth flow — come from Metabase, not from MCP Manager. If a step here has drifted or a connection problem is specific to how Metabase works, Metabase support is the fastest path to an answer.

Before you start

  • A Metabase instance with the MCP server enabled. Your Metabase admin enables this under Admin → AI → MCP. If the setting isn’t visible or MCP is toggled off, the endpoint won’t respond.
  • Your Metabase instance URL. The MCP endpoint is your instance’s domain with /api/metabase-mcp appended — for example, https://analytics.yourcompany.com/api/metabase-mcp. If you’re not sure of your instance URL, ask your Metabase admin.
  • A Metabase login you can complete in a browser — the approval is an interactive, browser-based OAuth 2.1 flow.

Connect the server

1

Find your Metabase MCP endpoint

Your MCP endpoint is your Metabase instance URL with /api/metabase-mcp appended:
https://<your-metabase-domain>/api/metabase-mcp
For example, if your Metabase instance is at https://analytics.yourcompany.com, your endpoint is https://analytics.yourcompany.com/api/metabase-mcp. Ask your Metabase admin if you’re not sure of the base URL.
2

Add the server in MCP Manager and approve the consent screen

On the Servers page, add a server, paste your Metabase MCP endpoint, and click Continue. Detection resolves to Standard OAuth (dynamic client registration). MCP Manager redirects you to your Metabase instance’s login and consent screen. Sign in if prompted, then approve the connection. You provide no keys at this step. Tool calls run scoped to your own Metabase permissions.
3

Finish in MCP Manager

After you approve, MCP Manager stores the resulting OAuth token encrypted and attaches it to every request it makes to your Metabase instance. The server’s tools are now available to add to a gateway.

Available tools

Metabase’s MCP server exposes tools across three categories:
CategoryTools
Discovery & readingSearch across tables, metrics, cards, dashboards, and collections; read entities by URI
Query construction & executionBuild queries against tables or metrics, execute pre-constructed queries, run SQL (requires native-query permission)
WritingCreate and update questions, dashboards, and collections
All results are automatically filtered to the connecting user’s Metabase permissions — the server does not expose data the user can’t already access.

Gotchas & things to keep in mind

The MCP server must be enabled by a Metabase admin. The server is off by default. Your admin enables it under Admin → AI → MCP. If the endpoint returns an error on connection, confirm it’s toggled on. Your instance’s MB_SITE_URL must match the URL you paste. Metabase uses MB_SITE_URL to construct OAuth redirect URLs. If it’s set to an internal hostname — common in Docker deployments — but you’re connecting from an external address, authentication silently fails: the symptom is “Failed to connect” rather than a login prompt or an authentication error. Ask your admin to confirm MB_SITE_URL is set to the externally reachable address. SQL execution requires native-query permission. The SQL execution tool is available only to users with native-query permission in their Metabase database role. Admins can also disable SQL execution entirely via the mcp-execute-sql-enabled setting. If SQL tools are missing or return permission errors, check with your admin. MCP Manager’s domain needs to be added to Metabase’s CORS allowlist. Metabase’s MCP settings include a toggle list of natively supported clients — Claude Desktop, Claude web, Cursor, VS Code, and ChatGPT — where toggling one automatically adds its domains to the CORS allowlist. MCP Manager is a gateway rather than one of those listed clients, so your Metabase admin will need to add https://app.mcpmanager.ai to the Custom MCP client domains field in Admin → AI → MCP. Access is per-user and permission-bound. Tool calls run as the authenticating user. Metabase filters all results to that user’s permissions — it does not bypass access controls. See per-user versus shared identity for how this maps to gateway identities.

Further reading

Find & Connect MCP Servers

How MCP Manager detects authentication type, and how to find other servers’ URLs.

How MCP Manager authenticates

The OAuth flow Metabase uses, in depth, plus per-user versus shared identity.

Identities for remote servers

How the OAuth credential you just approved is secured and made available.

Connect your AI client

Point Claude, Cursor, or another client at the gateway once the server is connected.

External sources

Metabase MCP server

Metabase’s authoritative reference for the built-in MCP server — enabling it, the endpoint path, OAuth setup, and available tools.