MCP server
The hosted Thryvate MCP endpoint gives your assistant a safe set of tools to publish and refresh sites — over HTTP, with nothing to install. Point it at a token and your AI can keep a site live as it works.
Connect it
Thryvate runs a remote MCP server at https://app.thryvate.com/api/mcp. There is no binary to download — your assistant connects over HTTP and authenticates with a Thryvate API token sent as a bearer header. Create a token in the dashboard, then add the server:
claude mcp add --transport http thryvate \
https://app.thryvate.com/api/mcp \
--header "Authorization: Bearer YOUR_API_TOKEN"Any client that supports custom HTTP (Streamable) MCP connectors works the same way: point it at the endpoint URL and send Authorization: Bearer <token>.
{
"mcpServers": {
"thryvate": {
"type": "http",
"url": "https://app.thryvate.com/api/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_TOKEN"
}
}
}
}What your AI can do
The server exposes a small, focused set of tools. Each one maps to an action you could take in the dashboard, so there are no surprises.
| Tool | What it does |
|---|---|
publish_site | Publish a site from HTML or a bundle and return its stable link. Pass a slug to update the same site in place on later calls. |
update_site | Replace the contents of an existing site by id without changing its link, visibility, or allowlist. |
list_sites | List your non-deleted sites with their status, visibility, and links. |
get_site | Fetch one site’s status, visibility, current version, and view count. |
set_visibility | Switch a site between public and a verified allowlist. |
set_allowlist | Replace who can view a private site with emails and/or domains. |
set_render_options | Set per-site delivery: deep-link routing (free) and the external-origin CSP allowlist (paid). |
set_link_expiry | Set or clear an expiry on a site’s share link (free on every plan). |
set_view_password / clear_view_password | Protect a site behind a view password or remove it. The password is never echoed back. |
list_access_requests | List people waiting for approval to view a private site. |
approve_access_request / deny_access_request | Approve (allowlisting the requester) or deny a pending access request. |
delete_site | Delete a site: purge its content and make the link non-viewable. |
list_versions | List a site’s versions newest-first with their size and timestamp. |
rollback_site | Restore a prior version as the current content; the link stays the same. |
Publish & watch — the link never changes
Give publish_site a slug and the publish becomes idempotent: the first call creates the site, and every later call with the same slug updates it in place at the same URL. Anyone already viewing sees the new version live, without reloading — so your assistant can iterate while an audience watches the page evolve.
update_site and rollback_site work the same way: the share link, visibility, and allowlist all stay put. Pair it with a Premium subdomain and your audience always has one stable address, with no manual uploads and no broken links.
Errors your AI can act on
Every tool reports failures as a structured result with a stable code and a human-readable message, mirroring the REST API. An assistant can branch on the code — drop a disallowed file on bundle_invalid, prompt for an upgrade on plan_limit — instead of parsing prose.
{
"code": "bundle_invalid",
"message": "Disallowed file type in bundle: script.exe"
}