MCP

MCP Column

Connect AI agents safely: User MCP for operations, Developer MCP for integrations — with profiles, confirm, dry-run, and human approvals.

MCP track_package(tracking_number) Tool
RPC tools/list JSON-RPC 2.0
RPC tools/call JSON-RPC 2.0
Documentation

MCP Column Overview

This guide is the Superroute MCP column in Developer Center. It covers both servers, agent security, and the live tool catalog from UserMcpToolCatalog.

What is MCP?

The Model Context Protocol (MCP) is an open standard that allows AI assistants like Claude, Cursor, and ChatGPT to interact with external tools and services. It enables your AI to perform real actions — such as tracking a package — directly within the conversation.

By configuring the Superroute MCP server, your AI assistant gains access to logistics tools without leaving your workflow.

Two MCP Servers

Use the right server for the audience. Do not give unattended agents the Developer server with a full-access token.

Server name Endpoint Audience Auth
superroute https://api.superlabel.ca/mcp Ops / support / business agents Bearer + optional profile/scopes (legacy full if unset)
superroute-developer https://api.superlabel.ca/mcp/developer Integration developers & coding agents Connection Bearer preferred; tool api_token sunset

Quick Start

Public tools like package tracking work without any authentication. Add this configuration to your MCP client:

JSON
{
  "mcpServers": {
    "super-label": {
      "type": "url",
      "url": "https://api.superlabel.ca/mcp"
    }
  }
}
Try it! After setup, ask your AI assistant: "Track package SR100012345"

Authenticated Access

To use tools that require user permissions, add your API Bearer token to the configuration:

Always put tokens in MCP connection headers — never in tool arguments or prompts.

JSON
{
  "mcpServers": {
    "super-label": {
      "type": "url",
      "url": "https://api.superlabel.ca/mcp",
      "headers": {
        "Authorization": "Bearer <your-api-token>",
        "X-MCP-Profile": "ops-readonly"
      }
    }
  }
}

How to Get an API Token

Call the login endpoint with your credentials:

Bash
curl -X POST https://api.superlabel.ca/api/v1/user/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "your-password"}'

The response will include your access token:

JSON Response
{
  "access_token": "eyJ0eXAiOiJKV1Qi...",
  "token_type": "Bearer",
  "expires_at": "2026-02-20 00:00:00"
}

Use the access_token value in the Authorization header of your MCP configuration.

Agent Security Model

User MCP is built for least-privilege agents. Create tokens with an MCP profile (default Ops Read-only) or pass profile/scopes headers.

Profiles (X-MCP-Profile)

Named scope bundles. Prefer ops-readonly or support for unattended agents.

Profile Label Scopes
ops-readonly Ops Read-only orders:read, labels:read, routes:read, drivers:read, analytics:read, address:read, approvals:read
support Support (customer service) orders:read, analytics:read, address:read, approvals:read
ops-write Ops Write (orders + labels + routes) orders:read, orders:write, labels:read, labels:write, routes:read, routes:write, drivers:read, analytics:read, address:read, approvals:read, approvals:write
wms-readonly WMS Read-only wms:read, orders:read
datasets-readonly Datasets Read-only datasets:read
alliance-readonly Alliance Read-only alliance:read
full Full Access (all MCP tools) — not for unattended agents *
.mcp.json — recommended agent config
{
  "mcpServers": {
    "super-label": {
      "type": "url",
      "url": "https://api.superlabel.ca/mcp",
      "headers": {
        "Authorization": "Bearer <ops-readonly-token>",
        "X-MCP-Profile": "ops-readonly"
      }
    }
  }
}

Optional headers

Header Purpose
Authorization: Bearer …API Bearer token (connection-level).
X-MCP-ProfileNamed profile: ops-readonly, support, ops-write, wms-readonly, datasets-readonly, alliance-readonly, full.
X-MCP-ScopesExplicit comma-separated scopes (overrides profile).
X-MCP-Dry-Run: 1Preview write tools without mutation.
X-MCP-Require-Approval: 1Queue high-risk writes for human approval instead of executing.

High-risk confirm

These tools require confirm=true on tools/call (or use the approval queue):

Human approval queue

Unattended agents should propose writes; humans approve in the app or via MCP.

  1. Agent: propose_write or send X-MCP-Require-Approval: 1
  2. Human: open MCP Approvals in the web app, or list_pending_approvals
  3. Human: approve_pending_write with confirm=true, or reject_pending_write

Web UI path (login required): /mcp-approvals

Developer MCP authentication

Prefer Authorization: Bearer on the connection. Per-tool api_token is deprecated and hard-cuts after 2026-12-31.

Available Tools

The following tools are currently available on the MCP server: 47 live tools from the server catalog

This table is generated from UserMcpToolCatalog at request time — it stays in sync with production tools/list for authenticated full access.

Tool Authentication Risk Scopes Description
track_package Public low Track a package by its tracking number. Returns delivery status, tracking events timeline, and proof of delivery if available.
otep_tracking Public low Get the unified OTEP (Open Tracking Event Protocol) timeline for a tracking number — self-delivery, third-party and carrier events normalize...
get_capabilities Public low List MCP tools available to the current connection, with risk level, required scopes, and whether confirm=true is needed. Call this first wh...
get_orders Required low orders:read List orders with filtering and pagination. Returns order details including status, tracking, and delivery info.
get_order_detail Required low orders:read Get full details of a specific order by ID, including address, status, packages, and tracking info.
find_order Required low orders:read Fuzzy-find orders across tracking number, external tracking, ref, recipient name, and phone in a single query. Use this instead of get_order...
get_operation_events Required low orders:read Get the full audit trail for orders — every status change, who performed it, GPS coordinates, and photos.
create_order Required medium orders:write Create a delivery/pickup order. D=delivery (warehouse→customer), P=pickup (customer→warehouse), P2P=peer-to-peer. Returns order ID and track...
cancel_order confirm Required high orders:write Cancel an existing order by order ID. Only works for orders not yet delivered.
bulk_create_orders confirm Required high orders:write Create up to 100 delivery orders in one call. Returns a per-order success/failure summary; partial failures do not abort the batch unless st...
reroute_to_address confirm Required high orders:write Change the delivery address of an order that has not been picked up yet: cancels the original order and recreates it with the new address. R...
update_delivery_instruction Required medium orders:write Update only the delivery_instruction field on an existing order (PATCH). Safer than full order rewrite.
update_order_note Required medium orders:write Update only the internal note field on an existing order (PATCH).
update_time_window_by_refs Required medium orders:write Bulk-update delivery time windows (and optional schedule_date) for orders identified by external refs.
hold_order confirm Required high orders:write Put an order on HOLD so it is not dispatched until release_order. HIGH-RISK: requires confirm=true.
release_order confirm Required high orders:write Release an order from HOLD back to NEW_ORDER. HIGH-RISK: requires confirm=true.
propose_write Required low approvals:read Queue a write/high-risk tool for human approval instead of executing it. Reviewers use list_pending_approvals + approve_pending_write.
list_pending_approvals Required low approvals:read List pending MCP write approvals for this business (or mine_only).
approve_pending_write confirm Required high approvals:write Approve and execute a pending write proposal. HIGH-RISK: requires confirm=true. Reviewer must have scopes for the underlying tool.
reject_pending_write Required medium approvals:write Reject a pending write proposal without executing it.
get_routes Required low routes:read List delivery routes with their status, assigned driver, and order count.
get_route_detail Required low routes:read Get one route with its stop/order list. Prefer this over get_routes when you already know route_id.
get_drivers Required low drivers:read List drivers for the authenticated business (ids, names, capacity defaults). Use driver id with get_driver_routes_today or route tools.
get_driver_routes_today Required low routes:read, drivers:read Orders assigned to a driver on a given date (defaults to today). Useful for "what is driver X running today?"
get_build_route_options Required low routes:read List routing engines, balance modes, capacity types, and defaults before calling build_route.
build_route confirm Required high routes:write Build/optimize a delivery route (POST /api/v3/client/build-route). HIGH-RISK: assigns orders to drivers. Call get_build_route_options first....
order_snapshot Required low orders:read One-call order context for support: order detail + operation events + public tracking (when tracking number is known). Pass order_id or trac...
list_exceptions Required low orders:read List failed/returned/exception-like orders for a schedule date (default today). Read-only ops triage helper.
get_shipping_methods Required low labels:read List available shipping carriers/methods. Returns IDs and names — use the ID for rate/label tools.
get_shipping_rate Required low labels:read Get a shipping cost quote. Dry-run — no label created. Returns rate options with pricing and transit time.
create_shipping_label Required medium labels:write Book a shipment with a carrier and generate a shipping label with tracking numbers.
quote_and_ship Required medium labels:write One-shot: rate across all enabled carriers, pick the best one by strategy, create the shipping label, return tracking number. Saves 3+ tool...
compare_all_carriers Required low labels:read Get rate quotes from every enabled carrier for the same shipment, in one call. Returns a sorted comparison (cheapest first) with price + tra...
search_address Required low address:read Search and resolve addresses by postal code or free-text query. Returns structured address suggestions.
daily_digest Required low analytics:read One-call summary of today's logistics activity: total orders, by status, exceptions (failed/returned), pending pickups. Designed as the firs...
get_orders_summary Required low analytics:read Aggregate order metrics over a time window: counts by status, top carriers, on-time rate, exception count. Use period=today|week|month or pa...
get_account_credits Required low analytics:read Get the authenticated customer's wallet balance, currency, and recent topup history. Customer (B2C) accounts only — returns an error for cli...
get_warehouses Required low wms:read List WMS warehouses available to the authenticated business.
get_inventory Required low wms:read Query WMS inventory (POST /api/v1/wms/inventory). Pass filters supported by the inventory API (sku, warehouse_id, etc.).
list_datasets Required low datasets:read List custom datasets available to the business.
get_dataset Required low datasets:read Get one dataset by id (metadata/columns).
list_dataset_groups Required low datasets:read List groups inside a dataset.
search_dataset_records Required low datasets:read Search records across groups in a dataset (POST .../search).
list_alliances Required low alliance:read List alliances the authenticated business belongs to.
get_alliance Required low alliance:read Get one alliance by id.
list_alliance_members Required low alliance:read List members of an alliance.
list_accessible_clients Required low alliance:read List clients accessible via alliance partnerships.

Client-Specific Setup

Select your AI client below for tailored setup instructions:

Claude Code

Claude Code reads MCP configuration from a .mcp.json file in your project root or home directory.

  1. Create a .mcp.json file in your project root (or ~/.claude/.mcp.json for global access).
  2. Add the following configuration:
.mcp.json
{
  "mcpServers": {
    "super-label": {
      "type": "url",
      "url": "https://api.superlabel.ca/mcp"
    }
  }
}

To use authenticated tools, add the headers field:

.mcp.json (with authentication)
{
  "mcpServers": {
    "super-label": {
      "type": "url",
      "url": "https://api.superlabel.ca/mcp",
      "headers": {
        "Authorization": "Bearer <your-api-token>",
        "X-MCP-Profile": "ops-readonly"
      }
    }
  }
}

Cursor

Cursor supports MCP servers via its built-in configuration.

  1. Create a .cursor/mcp.json file in your project root.
  2. Add the following configuration:
  3. Restart Cursor to load the new MCP server.
.cursor/mcp.json
{
  "mcpServers": {
    "super-label": {
      "type": "url",
      "url": "https://api.superlabel.ca/mcp"
    }
  }
}

Windsurf

Windsurf uses a global MCP configuration file.

  1. Edit ~/.codeium/windsurf/mcp_config.json (create it if it does not exist).
  2. Add the following configuration:
~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "super-label": {
      "serverUrl": "https://api.superlabel.ca/mcp"
    }
  }
}

ChatGPT

ChatGPT supports MCP connections for Plus, Pro, and Team users.

  1. Open ChatGPT and go to Settings.
  2. Navigate to "Connected apps" or "Tools" section.
  3. Add a new MCP server with the endpoint URL shown above.
ChatGPT MCP support may vary depending on your plan and region. Refer to OpenAI documentation for the latest instructions.

Technical Details