Setup & Connection
Connect ByteHide Radar to your AI coding agent in minutes. The MCP server uses a streamable HTTP transport with OAuth authentication — no API keys to manage manually.
Connection URL
All MCP clients connect to the same endpoint:
https://mcp.bytehide.com/mcphttps://mcp.bytehide.com/mcpTransport type: Streamable HTTP (POST requests only).
Claude Desktop & Claude.ai
The easiest way to connect. ByteHide is listed in the Anthropic MCP directory.
- Open Claude Desktop or go to claude.ai
- Navigate to Settings > MCP Servers (or find ByteHide in the MCP integrations directory)
- Search for ByteHide and click Connect
- A browser window opens — log in with your ByteHide account
- Authorize the connection and return to Claude
Once connected, Claude can use all ByteHide Radar tools automatically. Try asking: "Scan this file for security vulnerabilities" or "Is the lodash package safe to install?"
Claude Code (CLI)
Add the ByteHide MCP server with a single command:
claude mcp add bytehide --transport streamable-http https://mcp.bytehide.com/mcpclaude mcp add bytehide --transport streamable-http https://mcp.bytehide.com/mcpThe next time Claude Code needs to use a ByteHide tool, it will prompt you to authenticate via your browser.
To verify the connection:
claude mcp listclaude mcp listYou should see bytehide listed with the streamable-http transport.
Cursor
Add ByteHide to your Cursor MCP configuration:
- Open Cursor and go to Settings > MCP
- Click Add new MCP server
- Use the following configuration:
{
"mcpServers": {
"bytehide": {
"type": "streamable-http",
"url": "https://mcp.bytehide.com/mcp"
}
}
}{
"mcpServers": {
"bytehide": {
"type": "streamable-http",
"url": "https://mcp.bytehide.com/mcp"
}
}
}- Save and restart Cursor
- The first time a ByteHide tool is invoked, a browser window will open for authentication
VS Code (Copilot / MCP Extensions)
For VS Code with MCP support, add the server to your MCP settings file:
- Open or create
.vscode/mcp.jsonin your project root (or your global MCP configuration) - Add the ByteHide server:
{
"mcpServers": {
"bytehide": {
"type": "streamable-http",
"url": "https://mcp.bytehide.com/mcp"
}
}
}{
"mcpServers": {
"bytehide": {
"type": "streamable-http",
"url": "https://mcp.bytehide.com/mcp"
}
}
}- Reload the window
- Authenticate when prompted on first use
Other MCP Clients
Any client that supports the streamable-http transport can connect to ByteHide. The universal configuration is:
{
"mcpServers": {
"bytehide": {
"type": "streamable-http",
"url": "https://mcp.bytehide.com/mcp"
}
}
}{
"mcpServers": {
"bytehide": {
"type": "streamable-http",
"url": "https://mcp.bytehide.com/mcp"
}
}
}If your MCP client requires specifying the transport separately, use:
| Setting | Value |
|---|---|
| Server name | bytehide |
| Transport | streamable-http |
| URL | https://mcp.bytehide.com/mcp |
| Authentication | OAuth 2.1 (handled automatically) |
Authentication
ByteHide MCP uses OAuth 2.1 with PKCE for secure authentication. You don't need to create API keys or manage tokens — the flow is handled automatically by your MCP client.
How it works
- Your AI agent sends a request to the MCP server
- The server responds with an authentication challenge
- Your MCP client opens a browser window to the ByteHide login page
- You log in with your ByteHide account and authorize the connection
- The client receives a secure token and stores it locally
- All subsequent requests are authenticated automatically
Token refresh
Access tokens are short-lived and refreshed automatically by your MCP client using a refresh token. You should not need to re-authenticate unless you revoke access or your session expires after an extended period.
Scopes
The OAuth token includes scopes that determine which tools you can use:
| Scope | Grants Access To |
|---|---|
radar | Full Radar access (all tools) |
radar:read | Read findings and project data |
radar:scan | Launch scans |
radar:autofix | Generate AI-powered autofixes |
Organization Access
The MCP server uses your ByteHide organization context. All scans, findings, and projects are linked to the organization associated with your account. If you belong to multiple organizations, the connection uses your default organization.
Verifying the Connection
After setup, test that everything works by asking your AI agent:
- "List my ByteHide projects" — should return your organization's projects
- "Check if express@4.17.1 is safe" — should check the package against known CVEs
- "Scan this file for vulnerabilities" — should run a SAST scan on the current file
If any of these fail, check that:
- You completed the OAuth authentication in your browser
- Your ByteHide account has access to at least one organization
- Your MCP client is configured with the correct URL (
https://mcp.bytehide.com/mcp)
Troubleshooting
"Authentication required" on every request
Your MCP client may not be storing the OAuth token correctly. Try removing and re-adding the server:
# Claude Code
claude mcp remove bytehide
claude mcp add bytehide --transport streamable-http https://mcp.bytehide.com/mcp# Claude Code
claude mcp remove bytehide
claude mcp add bytehide --transport streamable-http https://mcp.bytehide.com/mcpFor other clients, remove the ByteHide entry from your MCP configuration, restart the client, and add it again.
"Unauthorized" or "Invalid token"
Your token may have expired. Trigger a new authentication by invoking any ByteHide tool — your MCP client should automatically open the login flow again.
Tools not appearing
Make sure the server is listed as connected in your MCP client settings. Some clients require a restart after adding a new server.
Next Steps
Tool Reference
Detailed documentation for each MCP tool: parameters, examples, and supported options.
MCP Overview
Overview of what ByteHide MCP offers and how it works.
Project Settings
Manage project tokens and configure project-level settings in the Radar dashboard.