Skip to main content

Overview

The proxy endpoint forwards requests to OAuth provider APIs (e.g., Google) using the user’s stored OAuth credentials. This allows your application to access provider APIs without ever handling the user’s OAuth tokens directly. Supported Methods: GET, POST, PUT, PATCH, DELETE

Path Parameters

provider
string
required
OAuth provider name. Currently supported: google
path
string
required
The API path to call on the provider. This is appended to the provider’s base URL.For Google, the base URL is https://www.googleapis.com/, so:
  • gmail/v1/users/me/messages becomes https://www.googleapis.com/gmail/v1/users/me/messages
  • calendar/v3/calendars/primary/events becomes https://www.googleapis.com/calendar/v3/calendars/primary/events

Headers

X-API-Key
string
required
Your MCP Rank API key
Authorization
string
required
Bearer token. Format: Bearer {mcp_identity_access_token}

Request Body

For POST, PUT, and PATCH requests, the request body is forwarded as-is to the provider API. Use the appropriate Content-Type header (typically application/json).

Response

The response from the provider API is returned as-is, including:
  • Status code
  • Response headers (except internal headers)
  • Response body

Google API Examples

Gmail

Calendar

Drive

Error Responses

Provider API errors (4xx, 5xx) are passed through as-is. Check the response body for provider-specific error details.

Security

  • Your application never sees the user’s OAuth tokens
  • Tokens are stored encrypted and managed by MCP Rank
  • Tokens are automatically refreshed when they expire
  • All proxy requests are logged for audit purposes