bitbybit ships a built-in MCP server, so AI
assistants like Claude and Cursor can work with your bitbybit data: search your
support inbox, read conversations, inspect campaign performance, look up
customers and orders, query your AI Studio knowledge base — and, with your
explicit permission, take actions like replying to conversations or drafting
campaigns.
| |
|---|
| Server URL | https://mcp.bitbybit.studio/mcp |
| Transport | Streamable HTTP |
| Auth | OAuth — sign in with your bitbybit account (no API keys to copy) |
| Plan requirement | Standard plan or higher on bitChat or bitCRM (same as the Open API) |
A connection is scoped to one company. During sign-in you pick which of
your companies to connect and which permissions to grant. To work with another
company, connect the server again and pick the other company.
Connect from Claude Code
claude mcp add --transport http bitbybit https://mcp.bitbybit.studio/mcp
/mcp inside Claude Code and select bitbybit. Your browser opens
the bitbybit consent screen: sign in if needed, choose the company, and review
the permissions. Read access is pre-selected; actions (sending messages,
creating campaigns, updating tickets) are opt-in checkboxes.
Connect from Claude (web and desktop)
- Open Settings → Connectors → Add custom connector.
- Paste
https://mcp.bitbybit.studio/mcp.
- Sign in and complete the consent screen when prompted.
Connect from Cursor and other MCP clients
Add an HTTP (Streamable HTTP) MCP server with the URL
https://mcp.bitbybit.studio/mcp. Any client that implements MCP
specification authorization (OAuth 2.1 with dynamic client registration) works
without extra configuration.
| Area | Read | Act (opt-in permission) |
|---|
| bitChat inbox | search tickets, read conversations, chat analytics | reply to a conversation, update or resolve tickets |
| bitCRM | list campaigns with delivery stats, WhatsApp templates, campaign analytics | create draft or scheduled campaigns, send a WhatsApp message |
| AI Studio | search the knowledge base, list sources, agent configuration, AI performance | add knowledge base sources |
| Customers | search customers, full profiles, orders, segments | — |
| Billing | plan per app, feature quotas, AI credit and template balances | — |
Managing and revoking access
Settings → MCP & AI apps lists every connected app for your company: which
client is connected, who connected it, the granted permissions, and when it
was last used. Revoking a connection cuts off access immediately.
- Members see and manage their own connections.
- Admins (SUPER_ADMIN / ADMIN) see and can revoke every connection in the
company.
Security
- Connections use OAuth 2.1 with PKCE. Access tokens are short-lived and
refresh automatically; revoking a connection invalidates its tokens
immediately.
- A connection can only ever see the single company chosen at consent, with at
most the permissions granted on the consent screen.
- Action tools are marked destructive in the MCP protocol, so well-behaved
clients (like Claude) ask for confirmation before using them. Direct message
sends additionally require an explicit confirmation flag from the assistant.
- Every tool call is audit-logged with the calling user, company and client.
Tool arguments are stored only as a hash, never in plain text.
