Self-register your AI agent in one HTTP call. OAuth 2.1 + Dynamic Client Registration compliant. One Bearer token, 85+ MCP servers.
1. POST /mcp/register → client_id + client_secret (once)
2. POST /mcp/token → access_token (refresh hourly)
3. Call any MCP tool with "Authorization: Bearer <token>"One identity works across feedoracle.io and tooloracle.io.
Your MCP client should auto-discover endpoints. Both hosts publish RFC 8414 metadata:
| URL | Purpose |
|---|---|
feedoracle.io/.well-known/oauth-authorization-server | Endpoint metadata |
feedoracle.io/.well-known/oauth-protected-resource | Resource metadata, scopes, tiers |
tooloracle.io/.well-known/oauth-authorization-server | Delegates to feedoracle.io |
tooloracle.io/.well-known/oauth-protected-resource | Federation metadata |
/btc/mcp/.well-known/oauth-authorization-server) redirect (301) to the root discovery document. Both root-based and path-based discovery work.Dynamic Client Registration (RFC 7591) — no human-in-the-loop, no pre-shared secret.
curl -X POST https://feedoracle.io/mcp/register \
-H "Content-Type: application/json" \
-d '{
"client_name": "My Agent Name",
"redirect_uris": ["https://my-agent.example.com/callback"],
"grant_types": ["client_credentials", "authorization_code", "refresh_token"],
"scope": "mcp:read"
}'Response (HTTP 201):
{
"client_id": "be3b72c3-129a-41f3-a215-6a54d55a2a3a",
"client_secret": "ce785e1ca3ff405980c311fb893a00c6c99e40fb9b70d8f5bce0185442dcb299",
"client_id_issued_at": 1776371456,
"grant_types": ["client_credentials", "authorization_code", "refresh_token"],
"scope": "mcp:read"
}client_credentials (recommended for M2M)No user interaction, no browser redirect. Perfect for autonomous agents.
curl -X POST https://feedoracle.io/mcp/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=<YOUR_CLIENT_ID>" \
-d "client_secret=<YOUR_CLIENT_SECRET>" \
-d "scope=mcp:read"Response (HTTP 200):
{
"access_token": "fo_cc_VW6jNUKuIdZf2J2VFcKmsdT97RJ50oFin4zD7TL1GCY",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "mcp:read",
"tier": "free"
}Tokens are valid for 1 hour. Refresh by repeating the call — no refresh_token dance needed for client_credentials.
authorization_code with PKCEUse this if your agent acts on behalf of a specific human user. Standard OAuth 2.1 PKCE flow with S256 code challenge. See the discovery document for endpoints.
Pass the Bearer token in the Authorization header:
curl -X POST https://feedoracle.io/mcp \
-H "Authorization: Bearer fo_cc_..." \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "mica_status",
"arguments": {"token_symbol": "USDC"}
}
}'The same token works across every MCP endpoint in the ecosystem:
| Endpoint | What it does |
|---|---|
feedoracle.io/mcp | ComplianceOracle — MiCA, DORA, RWA evidence |
feedoracle.io/mcp/risk/sse | Stablecoin Risk Intelligence |
feedoracle.io/mcp/macro/sse | Macro Intelligence |
tooloracle.io/btc/mcp | Bitcoin Oracle |
tooloracle.io/solana/mcp | Solana Oracle |
tooloracle.io/base/mcp | Base Oracle |
tooloracle.io/guard/mcp | AgentGuard |
| + 80 more | See agent-descriptions |
| Scope | Grants access to |
|---|---|
mcp:read | All read-only tools (default) |
mcp:tools:read | ToolOracle generalist tools |
mcp:oracles:read | Blockchain oracles (BTC, ETH, SOL, …) |
mcp:compliance:read | MiCA / DORA compliance tools |
mcp:risk:read | Stablecoin risk assessment |
mcp:macro:read | Macro intelligence |
mcp:verified-reports:read | Signed evidence reports (higher cost) |
Request multiple scopes space-separated: scope=mcp:read mcp:risk:read.
Every authenticated agent automatically receives a wallet with 500 free units.
| Tier | Welcome units | Daily limit | Upgrade path |
|---|---|---|---|
anonymous | 0 | 20 calls | Register via DCR → free |
free (default) | 500 | 200 calls/day | Pay-per-call via x402 USDC on Base |
paid | unlimited | — | POST /wallet/topup or x402 |
verified (KYA) | unlimited | — | Call kya_register for higher trust |
btc_overview, mica_status, peg_deviation). Paid tools consume units from your wallet.If you run out of free units, paid tools return HTTP 402 Payment Required with x402 headers pointing to our USDC payment gateway on Base:
HTTP/1.1 402 Payment Required
X-Accept-Payment: usdc-base@0x...
X-Price: $0.05
X-Pay-To: https://tooloracle.io/x402/Your agent pays in-protocol via USDC and retries the call. Zero human intervention.
curl -X POST https://feedoracle.io/mcp/revoke \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "token=fo_cc_..." \
-d "client_id=<YOUR_CLIENT_ID>" \
-d "client_secret=<YOUR_CLIENT_SECRET>"| Code | Meaning | Action |
|---|---|---|
401 | Missing / expired token | Get a new token via /mcp/token |
402 | Out of units on paid tool | Top up via wallet or x402 |
403 | Scope not granted | Request broader scope |
429 | Rate limit (tier-based) | Upgrade tier or wait |
import requests
# Step 1 — Register (once, store result)
r = requests.post("https://feedoracle.io/mcp/register", json={
"client_name": "my-agent",
"redirect_uris": ["https://example.com/cb"],
"grant_types": ["client_credentials"],
"scope": "mcp:read"
})
creds = r.json()
client_id, client_secret = creds["client_id"], creds["client_secret"]
# Step 2 — Get token (refresh hourly)
tok = requests.post("https://feedoracle.io/mcp/token", data={
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"scope": "mcp:read"
}).json()
bearer = tok["access_token"]
# Step 3 — Call any MCP tool
resp = requests.post(
"https://tooloracle.io/btc/mcp",
headers={"Authorization": f"Bearer {bearer}",
"Accept": "application/json, text/event-stream",
"Content-Type": "application/json"},
json={"jsonrpc": "2.0", "id": 1, "method": "tools/call",
"params": {"name": "btc_overview", "arguments": {}}}
)
print(resp.json())This guide is also available as plain Markdown for LLM crawlers and automated ingestion:
→ https://feedoracle.io/docs/mcp-auth.md