Vacation Tracker Docs
MCP Server

Setup

Connect Claude Desktop, Claude Code, and Cursor to Vacation Tracker over MCP.

This page covers the two most common MCP clients. Any HTTP-based MCP client follows the same pattern: point it at https://mcp.vacationtracker.io/mcp and let the built-in OAuth flow do the rest.

Server endpoint

https://mcp.vacationtracker.io/mcp

The authorization server is advertised at https://mcp.vacationtracker.io/.well-known/oauth-protected-resource. MCP clients discover it on their own, so you do not configure an auth URL manually.

Claude Desktop

  1. Open Claude DesktopSettingsConnectors (or Custom Connectors, depending on your version).
  2. Click Add custom connector.
  3. Fill in the form:
    • Name: Vacation Tracker (or anything you prefer)
    • URL: https://mcp.vacationtracker.io/mcp
  4. Save the connector.
  5. Claude Desktop opens your browser to the Vacation Tracker consent screen.
  6. Log in with your Vacation Tracker account and click Allow to grant the requested scopes.
  7. The browser redirects back to Claude Desktop. You should see the connector listed as Connected.

You can now ask questions like:

  • "Who's on vacation next week?"
  • "Find people in the Engineering department."
  • "When is the next public holiday in our Belgrade office?"
  • "What leave types does our workspace have?"

Claude Code

Claude Code supports MCP servers via claude mcp add. From any terminal:

claude mcp add --transport http vacationtracker https://mcp.vacationtracker.io/mcp

The first time you invoke an MCP tool, Claude Code opens your browser for the OAuth flow. It's the same consent screen the desktop app uses.

Cursor

  1. Open CursorSettingsMCP.

  2. Click Add new global MCP server.

  3. Add an entry for Vacation Tracker:

    {
  "mcpServers": {
    "vacationtracker": {
      "url": "https://mcp.vacationtracker.io/mcp"
    }
  }
}

  4. Cursor will prompt you to sign in; the flow is identical to Claude Desktop.

Other clients

The server implements the standard MCP Streamable HTTP transport. Any client that supports:

  • OAuth2 Authorization Code Grant with PKCE (S256),
  • Dynamic Client Registration (RFC 7591), and
  • Authorization Server discovery via RFC 9728 oauth-protected-resource metadata,

can connect without manual credentials. See Troubleshooting if your client is missing one of these pieces.

What the server sees

The Bearer token carries:

  • your Vacation Tracker user ID and company ID (as custom claims)
  • the scopes you granted on the consent screen (mcp:workspace:read, mcp:users:read, mcp:leaves:read)

Tool calls are authorized against your role the same way the web app is. A non-admin user calling find_users only sees people they can see in the Vacation Tracker UI. There is no separate "MCP permissions" layer to configure.

Revoking access

An AI connections (MCP) page is planned for the Vacation Tracker add-ons section. Once it ships, you'll see every AI client you've authorized, when it was last used, and a one-click revoke.

Until then:

  • In your AI client, disconnect the Vacation Tracker connector from its settings. This stops the client from sending the Bearer token but does not invalidate the token server-side.
  • For immediate server-side revocation, email developers@vacationtracker.io with the approximate date you authorized and the client (e.g. "Claude Desktop"). Support will revoke the underlying OAuth client.

Access tokens expire after 60 minutes, refresh tokens after 365 days.

MCP Server

Connect Claude Desktop, Cursor, and other AI clients to Vacation Tracker over the Model Context Protocol.

Tools

Full reference for every Vacation Tracker MCP tool. Input schemas, outputs, and LLM-facing descriptions.

On this page

Server endpointClaude DesktopClaude CodeCursorOther clientsWhat the server seesRevoking access

Need help?

developers@vacationtracker.io