Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.vin.gs/llms.txt

Use this file to discover all available pages before exploring further.

The Vings Model Context Protocol server is exposed at: 
POST https://external.vin.gs/api/mcp
Send JSON-RPC 2.0 requests with the same bearer token as REST. See Authentication.

Transport (OpenAPI)

OpenAPI documents the HTTP transport, not each tool’s parameters:
MethodRole
initializeSession setup
notifications/initializedClient notification (HTTP 202, no body)
tools/listList readonly tools with inputSchema and outputSchema
tools/callInvoke a tool
GET /api/mcp returns 405 — use POST with a JSON-RPC body. Per-tool input and output JSON Schemas are returned only from tools/list (outputSchema uses JSON Schema draft 2020-12 for validating structuredContent from tools/call). They are intentionally not duplicated in OpenAPI.

V1 tools (readonly)

ToolPurpose
search_transactionsTransaction search
get_cashflow_summaryCashflow summary
get_spending_by_categorySpending by category
get_top_merchantsTop merchants
detect_recurring_paymentsRecurring payments
get_budget_summaryBudget summary
list_budget_categoriesBudget categories
get_connected_banks_statusBank connection status
get_portfolio_snapshotPortfolio snapshot
get_portfolio_historyPortfolio history
get_preferencesUser preferences
Scopes on the bearer token must allow the data each tool reads.

Test locally

From packages/external, run the API (for example bun run dev), then use MCP Inspector: 
npx @modelcontextprotocol/inspector
Point the server URL at http://localhost:<port>/api/mcp and set: 
Authorization: Bearer <access-token>
Production smoke check (expect 401 without a token): 
curl -sS -o /dev/null -w "%{http_code}\n" -X POST https://external.vin.gs/api/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}'

OAuth for ChatGPT and Claude

Discovery URLs:
  • GET /api/.well-known/oauth-protected-resource/mcp
ChatGPT app domain verification (hostname root, not under /api):
  • GET /.well-known/openai-apps-challenge
Shared AI connectors use known_mcp OAuth clients provisioned from the Vings server package; register redirect URIs per the OpenAI Apps SDK auth guide.