DataFast MCP

official

The DataFast MCP server lets MCP-compatible clients such as Codex, Claude Code, and Cursor query your analytics and manage your account through natural language.

What can you do with Data Fast MCP?

  • Query analytics overview — Ask for site-wide metrics like pageviews, visitors, and bounce rate using datafast_analytics_overview.
  • List and manage websites — Retrieve all websites on your account with datafast_websites_list and inspect their configuration.
  • Manage team members — Invite, list, update roles, or remove team members through the datafast_team_* tools.
  • Create and view goals — Set up conversion goals and check their current status with datafast_goals_* tools.
  • Inspect funnel performance — Pull funnel step data to see where visitors drop off using datafast_funnels_* tools.
  • Monitor alerts — List and configure alert rules via datafast_alerts_* to stay on top of traffic changes.

Documentation

DataFast MCP server

The DataFast MCP server lets MCP-compatible clients such as Codex, Claude Code, and Cursor query your analytics and manage your account through natural language. It provides the same functionality, permissions, and safety checks as the REST API and CLI.

It uses Streamable HTTP at https://datafa.st/api/mcp.

Step 1 — Create an account token

Open Account Settings → API / MCP, choose which websites and permissions the client can access, then create a token. Copy the dft_ token when it appears—you will use it in the next step, and it is only shown once.

Every MCP request uses the permissions and website access you selected for the token.

Step 2 — Connect your client

Codex

Save the copied token in a DATAFAST_TOKEN environment variable, then add DataFast:

codex mcp add datafast
--url https://datafa.st/api/mcp
--bearer-token-env-var DATAFAST_TOKEN

Claude Code

claude mcp add --transport http datafast https://datafa.st/api/mcp
--header "Authorization: Bearer dft_xxx"

Cursor, Claude Desktop, and other config-based clients

{ "mcpServers": { "datafast": { "url": "https://datafa.st/api/mcp", "headers": { "Authorization": "Bearer dft_xxx" } } } }

Clients that only support stdio

Bridge with mcp-remote:

{ "mcpServers": { "datafast": { "command": "npx", "args": [ "-y", "mcp-remote", "https://datafa.st/api/mcp", "--header", "Authorization: Bearer dft_xxx" ] } } }

Tools

See the full tool reference — analytics, websites, API keys, team, goals, funnels, visitors, alerts, account, access tokens, and integration status. Tool names follow datafast_<resource>_<action>, e.g. datafast_analytics_overview, datafast_websites_list.

Safety

  • Confirmation gate: irreversible or credential-issuing tools (delete, roll, mint API keys/tokens) require an explicit confirm: true argument. Calling without it returns a preview of what would happen instead of doing it, so an agent can't fire a sensitive action on the first try.
  • No secret exfiltration: listing endpoints for API keys and access tokens never return secret values, only metadata (id, name, prefix, dates) — same as the REST API.
  • Website deletion is dashboard-only: there is no MCP tool to delete a website; deletion can't be automated by design.
  • Payment connect/disconnect is dashboard-only: MCP can report integration status, but connecting or disconnecting payment providers (and handling their credentials) stays in the dashboard.
  • Scoped by token, not by tool: every tool call re-validates permissions against the real route — the transport resolves the bearer once per request, then reuses that result for in-process auth (no elevated MCP-only privilege).

Advanced: Limit MCP to one website

For a more restricted setup, use a df_ website API key instead of an account token. It limits the client to one website and mostly read-only analytics. Create one from that website's Settings → API / MCP page and see authentication and scopes for details.

Related

  • Tool reference
  • Authentication and scopes
  • DataFast CLI
  • Account API