Skip to main content

Overview

The proxy endpoint forwards requests to OAuth provider APIs (e.g., Google) using the user’s stored OAuth credentials. This allows your application to access provider APIs without ever handling the user’s OAuth tokens directly. Supported Methods: GET, POST, PUT, PATCH, DELETE

Path Parameters

provider
string
required
OAuth provider name. Currently supported: google
path
string
required
The API path to call on the provider. This is appended to the provider’s base URL.For Google, the base URL is https://www.googleapis.com/, so:
  • gmail/v1/users/me/messages becomes https://www.googleapis.com/gmail/v1/users/me/messages
  • calendar/v3/calendars/primary/events becomes https://www.googleapis.com/calendar/v3/calendars/primary/events

Headers

X-API-Key
string
required
Your MCP Rank API key
Authorization
string
required
Bearer token. Format: Bearer {mcp_identity_access_token}

Request Body

For POST, PUT, and PATCH requests, the request body is forwarded as-is to the provider API. Use the appropriate Content-Type header (typically application/json).

Response

The response from the provider API is returned as-is, including:
  • Status code
  • Response headers (except internal headers)
  • Response body
curl "https://api.mcprank.com/v1/proxy/google/gmail/v1/users/me/messages?maxResults=10" \
  -H "X-API-Key: your-api-key" \
  -H "Authorization: Bearer your-access-token"

{
  "messages": [
    {
      "id": "18d1234567890abc",
      "threadId": "18d1234567890abc"
    },
    {
      "id": "18d0987654321def",
      "threadId": "18d0987654321def"
    }
  ],
  "resultSizeEstimate": 150
}

Google API Examples

Gmail

OperationMethodPath
List messagesGETgmail/v1/users/me/messages
Get messageGETgmail/v1/users/me/messages/{id}
Send messagePOSTgmail/v1/users/me/messages/send
List labelsGETgmail/v1/users/me/labels
Get profileGETgmail/v1/users/me/profile

Calendar

OperationMethodPath
List eventsGETcalendar/v3/calendars/primary/events
Create eventPOSTcalendar/v3/calendars/primary/events
Update eventPUTcalendar/v3/calendars/primary/events/{id}
Delete eventDELETEcalendar/v3/calendars/primary/events/{id}
List calendarsGETcalendar/v3/users/me/calendarList

Drive

OperationMethodPath
List filesGETdrive/v3/files
Get fileGETdrive/v3/files/{id}
Create filePOSTdrive/v3/files
Update filePATCHdrive/v3/files/{id}
Delete fileDELETEdrive/v3/files/{id}

Error Responses

Status CodeDescription
400Unsupported provider
401Missing or invalid API key or access token
403User has not connected this provider
413Request body too large (max 10MB)
429Rate limit exceeded
502Failed to connect to provider
504Provider request timed out
Provider API errors (4xx, 5xx) are passed through as-is. Check the response body for provider-specific error details.

Security

  • Your application never sees the user’s OAuth tokens
  • Tokens are stored encrypted and managed by MCP Rank
  • Tokens are automatically refreshed when they expire
  • All proxy requests are logged for audit purposes