MCP Server

The Arraylake MCP server lets AI assistants and agents discover, explore, and query your Arraylake data with natural-language. Ask "what's the temperature forecast look like over California?" and the assistant can browse your repos, inspect the dataset schema, grab the data using a Flux EDR query, and render an interactive map without you leaving the chat.

What you can do

Once connected, your AI assistant can:

Discover — list your organizations, browse repositories, search the Marketplace
Explore — walk the group/array tree of a repo, inspect xarray schemas, read commit history and diffs
Query — run OGC EDR position, area, and cube queries against Flux compute services
Visualize — render live pan/zoom maps of any variable, or mint Flux tile URLs for use in custom apps
Link — surface clickable deep links to the Arraylake web app for every result

The full list of tools is in the Tool Reference.

Early access — we want your feedback

The MCP server is under active development. If there's a workflow you'd like to drive from an AI assistant or agent we'd love to hear about it! Contact us at support@earthmover.io.

Current Limitations

Currently our MCP does not expose tools for running server-side python execution. We are working on augmenting Flux to support more flexible compute workloads, stay tuned!

Connecting a client

Any MCP client that supports the Streamable HTTP transport and OAuth 2.1 authorization can connect to https://app.earthmover.io/mcp.

Claude.ai
ChatGPT
Claude Code
Cursor
Codex CLI

Open claude.ai and go to Settings → Connectors.
Click Add custom connector.
Name it Arraylake and set the URL to https://app.earthmover.io/mcp.
Complete the sign-in flow in the popup window.

The connector is now available in every new Claude conversation.

note

On Team and Enterprise plans, only organization admins can add custom connectors. Ask your Anthropic workspace admin to install it once for the whole org.

ChatGPT supports custom MCP servers through its Developer-mode Apps feature.

Open ChatGPT and go to Settings → Apps → Advanced. Enable Developer mode.
Back in Settings → Apps, click Create app.
Fill in the New App form:
- Name: Arraylake
- MCP Server URL: https://app.earthmover.io/mcp
- Authentication: OAuth
- Check I understand and want to continue to acknowledge the custom-server risk notice.
Click Create. ChatGPT runs the OAuth flow in a popup the first time you invoke a tool.

The app is now available in the composer's + → Apps menu.

Add the server with the claude CLI:

claude mcp add --transport http arraylake https://app.earthmover.io/mcp

On first use, Claude Code opens a browser for authentication.

Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "arraylake": {
      "url": "https://app.earthmover.io/mcp"
    }
  }
}

Restart Cursor. The first invocation triggers the OAuth flow.

Add the server with the codex CLI:

codex mcp add arraylake --url https://app.earthmover.io/mcp

codex mcp add opens a browser and runs the OAuth flow immediately. Once it completes, the server is ready to use. See the Codex MCP docs for additional options.

Authentication

The MCP server accepts two kinds of bearer token:

OAuth access tokens from the standard MCP OAuth flow — best for interactive use.
Arraylake API tokens (strings starting with ema_) — best for headless, scripted, or long-running setups, or when your client supports static headers but not OAuth.

Use whichever fits your workflow. Both carry the permissions of the identity the token was issued for.

Option 1 — OAuth (recommended for interactive clients)

When your client first connects, it performs a standard OAuth 2.1 + PKCE flow:

Client dynamically registers itself at /mcp/register (RFC 7591).
Client redirects you to /mcp/authorize, which hands off to the Arraylake login page.
After you sign in, the client receives a bearer token and stores it.
Subsequent MCP requests carry the token as Authorization: Bearer <token>.

You see your Arraylake login page and consent screen exactly as you would in the web app — no separate credential is involved. Tokens are refreshed automatically; to revoke access, disconnect the client from your Arraylake account.

Option 2 — Arraylake API token (for headless or header-based clients)

Generate an API token at https://app.earthmover.io/{org}/settings/api-clients (see API Clients for details on org-level vs. repo-level tokens). Pass it as an Authorization: Bearer {token} header on every MCP request. API tokens don't expire, don't need a browser, and skip the OAuth flow entirely — useful for CI, automation, remote dev environments, or any client that supports static headers but not MCP OAuth.

warning

API tokens grant the full permissions of the identity they were issued for. Store them in a secret manager or environment variable and never check them into source control or paste them into a shared config.

Claude Code
Codex CLI
Cursor
Other clients

Pass the token with --header on claude mcp add. This skips OAuth:

claude mcp add --transport http arraylake https://app.earthmover.io/mcp \
  --header "Authorization: Bearer ema_XXXXXXXXXXXX"

For dynamic or rotating tokens, use headersHelper in the generated config to shell out to a secret manager on every connection.

Codex reads bearer tokens from an environment variable. Set the env var, then edit ~/.codex/config.toml:

[mcp_servers.arraylake]
url = "https://app.earthmover.io/mcp"
bearer_token_env_var = "ARRAYLAKE_TOKEN"

Export the token before launching Codex:

export ARRAYLAKE_TOKEN=ema_XXXXXXXXXXXX
codex

Add a headers block alongside url in ~/.cursor/mcp.json:

{
  "mcpServers": {
    "arraylake": {
      "url": "https://app.earthmover.io/mcp",
      "headers": {
        "Authorization": "Bearer ema_XXXXXXXXXXXX"
      }
    }
  }
}

Use "${env:ARRAYLAKE_TOKEN}" as the header value to pull the token from an environment variable instead of hard-coding it.

Any client that lets you set a static HTTP header can use API-token auth. Configure an Authorization: Bearer ema_XXXXXXXXXXXX header on every request; the MCP server will accept it and skip the OAuth handshake.

Permissions

Tools inherit the Arraylake permissions of the token-holder — either your user account (OAuth) or the identity the API token was issued for. You can only see repos the token has access to, and query data from Flux services where the token has the CAN_READ_WITH_FLUX permission on the underlying repo.

Discovery tools (list_orgs, list_repos, search_marketplace, etc.) only return resources you can see.
Repo tools (get_repo_info, get_dataset_info, list_commits, etc.) require read access on the target repo.
Flux tools (query_edr, get_tile_url, get_service_dataset_info, etc.) require CAN_READ_WITH_FLUX on the target repo.
Log access (get_service_logs) requires org admin.

Rate limits and cost

The MCP server proxies the standard Arraylake REST API and Flux. Read calls count against your usage like any other API request. EDR queries and tile requests behave identically to the equivalent HTTP calls.

What you can do​

Current Limitations​

Connecting a client​

Authentication​

Option 1 — OAuth (recommended for interactive clients)​

Option 2 — Arraylake API token (for headless or header-based clients)​

Permissions​

Rate limits and cost​