Guides
ChangelogStatus PageAPI ExplorerAPI ReferenceCLI ReferenceBlogIMPACT 2025

Reference & operations

Toolsets

Not all tools are available in every deployment. The server organizes tools into toolsets that control what's exposed to the client:

ToolsetWhat it adds
defaultAlways active. Alerts, monitors, assets, lineage, data operations, and utility tools.
extendedDefault tools plus use-case and dashboard-widget tools (get_use_cases, get_use_case_tables, get_use_case_table_summary).
agent_observabilityDefault tools plus AI agent inspection tools (get_agent_metadata, get_agent_conversation, get_agent_trace).

To enable extended or agent_observability, pass the x-mcd-toolset header when connecting. With the key-based (mcp-remote) setup, add an extra header argument:

"--header", "x-mcd-toolset: extended"

Network access control

You can restrict access to the MCP Server endpoint by IP address using Network Access Control Lists. See Network Access Control for setup details.

Security & governance

For how Monte Carlo secures the MCP Server β€” tool governance, first-party ownership, scoped credentials, and subprocessor handling β€” see AI Security & Governance.

Troubleshooting

Connection won't start / shows an error

  • Verify the endpoint URL. The key-based (mcp-remote) setup expects a trailing slash: https://mcp.getmontecarlo.com/mcp/.
  • Ensure npx is on your PATH; the -y flag auto-installs mcp-remote if missing.

401 / Unauthorized

  • Double-check the Key id and Key secret.
  • Confirm headers are passed correctly (Authorization: Bearer <id>:<secret> or x-mcd-id / x-mcd-token).
  • Make sure the key type is MCP server β€” standard API keys won't work.

HTTP 403: Invalid OAuth error response

  • Often caused by an outdated client. Upgrade to the latest version.
  • If the console shows empty headers (e.g. Authorization:""), the token isn't being passed β€” some older client versions omit custom headers.

Network / proxy issues

  • Confirm your corporate proxy allows requests to mcp.getmontecarlo.com (and registry.npmjs.org on first npx run).
  • Try a different network to rule out blocking.

Install Node.js + npm (for key-based setups)

The mcp-remote bridge used by API-key clients requires Node.js. Quick check:

node -v && npm -v && npx -v
npx -y mcp-remote --version

Install tips: macOS brew install node or nvm install --lts; Linux via nvm; Windows winget install OpenJS.NodeJS.LTS.

Verify auth headers with curl

These checks confirm your endpoint accepts the auth headers β€” you're good if you do not get 401 / 403 (a 202 is fine):

export MCD_URL="https://mcp.getmontecarlo.com/mcp/"
export MCD_ID="<KEY_ID>"
export MCD_SECRET="<KEY_SECRET>"

curl -sS -o /dev/null -w "%{http_code}\n" -X POST "$MCD_URL" \
  -H "Authorization: Bearer $MCD_ID:$MCD_SECRET"