Overview

Connect coding agents to your Glossia projects through the Model Context Protocol.

Glossia exposes a Model Context Protocol (MCP) server that lets coding agents interact with your localization projects. The server implements OAuth 2.1 with PKCE and Dynamic Client Registration (RFC 7591), so any MCP-compatible client can authenticate without manual credential setup.

What the MCP server provides

Once connected, a coding agent can:

Query translation status across your projects
Trigger translations and revisions
Inspect configuration and content entries
Access project context for smarter code suggestions

Server URL

Environment	URL
Production	`https://glossia.ai/mcp`
Local development	`http://localhost:4050/mcp`

Authentication flow

The MCP server uses the standard OAuth 2.1 authorization code flow with PKCE. You do not need to create OAuth clients manually. The flow works like this:

The agent discovers your server through /.well-known/oauth-authorization-server
It registers itself as an OAuth client via the dynamic registration endpoint
It opens your browser for login and consent
After you approve, the agent receives an access token and attaches it to all MCP requests

Adding Glossia to a coding agent

OpenAI Codex

Add the server to your Codex configuration file at ~/.codex/config.toml:

[mcp_servers.glossia]
url = "https://glossia.ai/mcp"

Then run the OAuth login:

codex mcp login glossia

Your browser will open for authentication. After approving, Codex stores the token locally and uses it for future sessions.

To verify the connection:

codex mcp list

For local development, replace the URL:

[mcp_servers.glossia-local]
url = "http://localhost:4050/mcp"

Claude Code

Add the server to your Claude Code MCP settings (.claude/settings.json or the global settings file):

{
  "mcpServers": {
    "glossia": {
      "url": "https://glossia.ai/mcp",
      "transport": "streamable-http"
    }
  }
}

Claude Code will handle the OAuth flow automatically when it first connects.

Other MCP clients

Any client that supports the MCP authorization spec will work. The key requirements are:

Transport: Streamable HTTP
Discovery: The client must support OAuth 2.0 Protected Resource Metadata (RFC 9728)
Registration: Dynamic Client Registration (RFC 7591) or Client ID Metadata Documents
Auth flow: Authorization code with PKCE (S256)

Point the client at your Glossia MCP server URL and let it handle discovery and registration automatically.

Discovery endpoints

The server publishes two metadata documents that MCP clients use to bootstrap the OAuth flow:

Endpoint	Description
`/.well-known/oauth-authorization-server`	Authorization server metadata (endpoints, supported grant types, PKCE methods)
`/.well-known/oauth-protected-resource`	Protected resource metadata (scopes, authorization servers)

Rate limits

The OAuth endpoints enforce rate limits to prevent abuse:

Endpoint	Limit
`POST /oauth/register`	5 requests per minute
`POST /oauth/token`	30 requests per minute
`POST /oauth/introspect`	30 requests per minute
`POST /oauth/revoke`	30 requests per minute

When a rate limit is exceeded, the server returns HTTP 429 with a Retry-After header.

Troubleshooting

Registration fails with "invalid_client_metadata"

The dynamic registration endpoint only accepts specific token_endpoint_auth_method values. Public clients (most coding agents) should send "none", which Glossia handles automatically by falling back to default authentication methods with PKCE enforcement.