Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ascendgtm.net/llms.txt

Use this file to discover all available pages before exploring further.

Authentication

The gateway supports two authentication methods, both using Bearer tokens.

Static Bearer Tokens

Admin-generated tokens for direct API access. The token is hashed (SHA-256) and stored in KV. 
Authorization: Bearer {plaintext_token}
The gateway hashes the token and looks up tenant_auth:{sha256_hash} in KV. This resolves to a tenant_id and status.

OAuth-Issued Tokens

For MCP clients (Claude, ChatGPT, Cursor) that connect via the OAuth 2.1 flow:
  1. Client registers via Dynamic Client Registration (POST /oauth/register)
  2. Client redirects user to GET /oauth/authorize
  3. User authenticates with their tenant bearer token
  4. Gateway issues an auth code, exchanged for an access token
  5. Access token is valid for 90 days

MCP Client Configuration

{
  "mcpServers": {
    "ascend-gateway": {
      "url": "https://ascend-gateway-v5.ascendgtm.workers.dev/mcp",
      "transport": "streamable-http"
    }
  }
}
The OAuth flow is automatic — MCP-compatible clients handle DCR and token exchange transparently.

Rate Limits

EndpointLimit
API calls (per IP)30 requests/minute
OAuth DCR (per IP)5 registrations/hour

Multi-Account

Tenants can have multiple accounts per provider. Pass account_id to target a specific account: 
{"domain": "hubspot", "path": "/crm/v3/objects/contacts", "account_id": "kahuna_prod"}
If the tenant has multiple accounts and account_id is omitted, the gateway returns an error listing available accounts.