Agents

Agents MCP

Model Context Protocol is a strong fit when your agent platform needs typed tools around NativeForm APIs. This guide outlines tool boundaries and runtime controls for reliable model-to-API execution.

MCP tools call the same underlying endpoints documented in read APIs and submit APIs. Secure your keys with the patterns in Agents Auth.

Transport

The NativeForm MCP endpoint uses OAuth. Use the URL below to connect agents (e.g. ChatGPT, Claude); users sign in with their NativeForm account and the platform receives a Bearer token for requests.

MCP endpoint (SSE / HTTP)

Use this URL as your MCP server URL. Clients send JSON-RPC via POST; platforms that use SSE connect to the same URL.

https://www.nativeform.app/mcp

How to connect

Set the MCP server URL to the endpoint above in your agent platform (e.g. ChatGPT Apps, Claude Connectors, Codex, Perplexity Computer). Auth with OAuth when prompted — that’s it.

Recommended flow

MCP tool call → internal service endpoint → NativeForm API → normalized tool response.

Stateless design

Avoid storing API keys or session state in the MCP server. Inject credentials at the service layer.

Available tools

The MCP server exposes the following tools. Schemas and parameters are returned by the server via tools/list.

  • init_formCreate a complete form in one call (sections, fields, smart fields). Returns a preview widget.
  • update_formBatch update an existing form: create/update/delete sections, fields, smart fields.
  • set_form_nameSet or update the name of a form.
  • publish_formPublish a form (set status to ACTIVE).
  • pause_formPause a form (set status to PAUSED).
  • update_form_ai_configUpdate form AI config: introduction, instructions, context, model preferences.
  • create_form_sectionCreate a section in a form.
  • update_form_sectionUpdate a section in a form.
  • reorder_form_sectionsReorder sections in a form.
  • delete_form_sectionDelete a section from a form.
  • create_form_fieldCreate a field in a form.
  • update_form_fieldUpdate a field in a form.
  • reorder_form_fieldsReorder fields in a form.
  • delete_form_fieldDelete a field from a form.
  • create_smart_fieldCreate a smart (AI-computed) field for a form.
  • update_smart_fieldUpdate a smart field in a form.
  • delete_smart_fieldDelete a smart field from a form.
  • move_sectionMove or reorder a section in a form.
  • move_fieldMove or reorder a field, optionally to another section.
  • get_form_snapshotLoad a form and display it in the widget (preview before edits).
  • list_formsList your forms so the user can pick one for follow-up.
  • get_form_settingsGet form structure plus AI settings and webhooks in one response.
  • get_form_responsesFetch form responses as JSON (with pagination).
  • get_form_responseFetch a single response with answers, attachments, smart-field outputs.
  • create_form_responseCreate and submit a response from free-form text; extraction and validation included.
  • update_form_responseUpdate response status, metadata, or answer values.
  • delete_form_responseDelete a response from a form.
  • process_response_smart_fieldsQueue smart-field processing for a submitted response.
  • get_public_form_manifestFetch the public AI manifest for a form slug.
  • create_public_form_draftCreate a draft submission on a public form (agent attribution).
  • submit_public_formSubmit answers to a public form directly or from a draft.
  • get_public_submission_confirmationInspect a public confirmation token before final submit.
  • confirm_public_submissionConfirm and submit a public draft using its confirmation token.
  • list_form_webhooksList webhooks configured for a form.
  • create_form_webhookCreate a webhook for a form (signing secret returned once).
  • update_form_webhookUpdate a webhook URL, name, active state, or metadata.
  • delete_form_webhookDelete a webhook from a form.
  • test_form_webhookSend a test payload to a webhook and store the delivery result.
  • list_form_webhook_deliveriesList delivery attempts for a form webhook.
  • list_api_keysList your API keys (masked).
  • create_api_keyCreate a new API key (plaintext returned once).
  • revoke_api_keyRevoke an API key.
  • rotate_api_keyRotate an API key (new plaintext returned once).
  • duplicate_formDuplicate a form with sections, fields, smart fields, and logic.
  • delete_formDelete a form.
  • pin_formPin a form for quick access.
  • unpin_formUnpin a form.

Hardening

Operational controls for safe MCP deployment.

Validate every tool input

Check types, lengths, and required fields before issuing a NativeForm request. Reject malformed inputs early.

Scope tools by context

Scope available tools by tenant, environment, and user role. Not every agent session needs write access.

Throttle tool calls

Rate-limit tool calls per session to avoid accidental loops. A runaway agent can exhaust your API quota in seconds.

Return structured errors

Return structured error objects so the model can recover with follow-up actions rather than retrying blindly.