Available Tools
The MCP server exposes 19 tools organized into three groups. Each tool maps to a public REST endpoint and returns the same response shape — you can cross-reference any field against the API Reference.Tools are advertised to your client only if your dashboard privileges include the required RBAC permission. If
list_attendees doesn’t appear in your client, your role lacks TICKETS_READ_TICKETS. Ask an admin to grant it.Reading events
List the organization’s events. Returns paginated results sorted by creation date.Required privilege:
EVENTS_READ_EVENTSArguments: page, page_size (max 200), status (CSV: active, inactive; default active)Equivalent REST: GET /eventsFetch one event by ID. Cross-tenant IDs return
Event not found. with no existence leak.Required privilege: EVENTS_READ_EVENTSArguments: event_id (required)Equivalent REST: GET /events/:idReading attendees & tickets
List attendees (tickets) for one of your events. Each attendee includes name, email, status, ticket-class info, and check-in timestamp. Form answers live on applications, not attendees — use
list_applications for that.Required privilege: TICKETS_READ_TICKETSArguments: event_id (required), page, page_size, status (CSV: valid, checked_in, pending_approval, invited; default valid,checked_in)Equivalent REST: GET /events/:id/attendeesFetch one attendee (ticket) by ID, scoped to an event you own.Required privilege:
TICKETS_READ_TICKETSArguments: event_id, attendee_id (both required)Equivalent REST: GET /events/:id/attendees/:attendeeIdList all ticket classes (products) for an event.Required privilege:
EVENTS_READ_EVENTSArguments: event_id (required)Equivalent REST: GET /events/:id/ticket-classesFetch one ticket class by ID for an event you own.Required privilege:
EVENTS_READ_EVENTSArguments: event_id, ticket_class_id (both required)Equivalent REST: GET /events/:id/ticket-classes/:tcIdReading forms & submissions
List the organization’s forms. Each form includes its
questions array — the schema you need to interpret answers from list_applications.Required privilege: FORMS_READ_FORMSArguments: page, page_size, status (CSV: active, inactive; default active)Equivalent REST: GET /formsFetch one form by ID, including the full
questions array. Use each question’s id to map answers back to the question that produced them.Required privilege: FORMS_READ_FORMSArguments: form_id (required)Equivalent REST: GET /forms/:idPrimary tool for analyzing form submissions. Each application carries an
answers array keyed by question_id — pair with get_form to render answers grouped by question.Required privilege: FORMS_READ_FORMSArguments: page, page_size, form_id (filter to one form), contact_id (filter to one submitter), status (CSV: Draft, Pending, Accepted, Rejected; default all)Equivalent REST: GET /applicationsFetch one submission by ID, including all answers.Required privilege:
FORMS_READ_FORMSArguments: application_id (required)Equivalent REST: GET /applications/:idReading custom fields
List the organization’s custom field definitions. Filter by
record_type (contact, event, etc.) to scope to a specific record family.Required privilege: FIELDS_READ_FIELDSArguments: page, page_size, record_type (optional filter)Equivalent REST: GET /custom-fieldsFetch one custom field definition by ID.Required privilege:
FIELDS_READ_FIELDSArguments: field_id (required)Equivalent REST: GET /custom-fields/:idReading payments
List successful payments by default. Filter by event, product, form, status, or date range. Each payment carries the relational keys (
event_id, application_id, form_id, contact_user_id) so you can join across resources.Required privilege: PAYMENTS_READ_PAYMENTSArguments: page, page_size, event_id, product_id, form_id, from (ISO timestamp), to (ISO timestamp), status (CSV; default succeeded)Equivalent REST: GET /paymentsFetch one payment by ID. Includes customer email and the Stripe payment ID for cross-referencing.Required privilege:
PAYMENTS_READ_PAYMENTSArguments: payment_id (required)Equivalent REST: GET /payments/:idContacts & lists
These tools predate the read surface above and have a slightly different shape — they accept aspaceId argument for space-level scoping and return spaceIds on each contact.
Paginated contact list. Omit
spaceId for an org-wide view; pass a space ID to scope to one space.Required privilege: CONTACTS_READ_CONTACTSArguments: page, page_size (max 50), sortBy, sortOrder, spaceId, listIds (CSV)Full-text search across contact name, email, phone, and other text fields. Backed by Algolia.Required privilege:
CONTACTS_READ_CONTACTSArguments: query (required), page, page_size (max 50)List the organization’s contact lists. Filter by name with
search.Required privilege: LISTS_READ_LISTSArguments: search (optional)Add contacts to a list. Each contact ID is verified to belong to your organization before the write happens — invalid IDs are skipped, not failed.Required privilege:
CONTACTS_UPDATE_CONTACTSArguments: listId (required), contactIds (CSV, required)Remove contacts from a list. Same org-membership verification as the add tool.Required privilege:
CONTACTS_UPDATE_CONTACTSArguments: listId (required), contactIds (CSV, required)Common patterns
”Analyze submissions to form X”
get_formwithform_id→ returns the question schema (each question’sid,title,type).list_applicationswithform_id→ returns the matching submissions, each carryinganswerskeyed byquestion_id.- Claude correlates
answers[].question_id→questions[].idand renders grouped output.
”Find paying attendees of event Y”
list_attendeeswithevent_id→ list of tickets.list_paymentswithevent_id, status: succeeded→ list of payments.- Claude joins on
customer_emailorcontact_user_id.
”Group last month’s submissions by status”
list_applicationswithstatus: Pending,Accepted,Rejected(or omit for all).- Claude buckets the results client-side. Status is on every application.
Limits
- Rate limit: 120 requests / 60 seconds per token (sliding window). Burstable up to 120 in a single window.
- Page size: max
200for the new read tools, max50for the contacts tools. - Token cache: validated tokens are cached server-side for 5 minutes — revocation propagates within that window.
- User context cache: RBAC privileges are cached for 5 minutes — privilege changes take effect within that window.