DataFast MCP
officialThe DataFast MCP server lets MCP-compatible clients such as Codex, Claude Code, and Cursor query your analytics and manage your account through natural language.
What can you do with Data Fast MCP?
- Query analytics overview — Ask for site-wide metrics like pageviews, visitors, and bounce rate using
datafast_analytics_overview. - List and manage websites — Retrieve all websites on your account with
datafast_websites_listand inspect their configuration. - Manage team members — Invite, list, update roles, or remove team members through the
datafast_team_*tools. - Create and view goals — Set up conversion goals and check their current status with
datafast_goals_*tools. - Inspect funnel performance — Pull funnel step data to see where visitors drop off using
datafast_funnels_*tools. - Monitor alerts — List and configure alert rules via
datafast_alerts_*to stay on top of traffic changes.
Documentation
DataFast MCP server
The DataFast MCP server lets MCP-compatible clients such as Codex, Claude Code, and Cursor query your analytics and manage your account through natural language. It provides the same functionality, permissions, and safety checks as the REST API and CLI.
It uses Streamable HTTP at https://datafa.st/api/mcp.
Step 1 — Create an account token
Open Account Settings → API / MCP, choose which websites and permissions the client can access, then create a token. Copy the dft_ token when it appears—you will use it in the next step, and it is only shown once.
Every MCP request uses the permissions and website access you selected for the token.
Step 2 — Connect your client
Codex
Save the copied token in a DATAFAST_TOKEN environment variable, then add DataFast:
codex mcp add datafast
--url https://datafa.st/api/mcp
--bearer-token-env-var DATAFAST_TOKEN
Claude Code
claude mcp add --transport http datafast https://datafa.st/api/mcp
--header "Authorization: Bearer dft_xxx"
Cursor, Claude Desktop, and other config-based clients
{ "mcpServers": { "datafast": { "url": "https://datafa.st/api/mcp", "headers": { "Authorization": "Bearer dft_xxx" } } } }
Clients that only support stdio
Bridge with mcp-remote:
{ "mcpServers": { "datafast": { "command": "npx", "args": [ "-y", "mcp-remote", "https://datafa.st/api/mcp", "--header", "Authorization: Bearer dft_xxx" ] } } }
Tools
See the full tool reference — analytics, websites, API keys, team, goals, funnels, visitors, alerts, account, access tokens, and integration status. Tool names follow datafast_<resource>_<action>, e.g. datafast_analytics_overview, datafast_websites_list.
Safety
- Confirmation gate: irreversible or credential-issuing tools (delete, roll, mint API keys/tokens) require an explicit
confirm: trueargument. Calling without it returns a preview of what would happen instead of doing it, so an agent can't fire a sensitive action on the first try. - No secret exfiltration: listing endpoints for API keys and access tokens never return secret values, only metadata (id, name, prefix, dates) — same as the REST API.
- Website deletion is dashboard-only: there is no MCP tool to delete a website; deletion can't be automated by design.
- Payment connect/disconnect is dashboard-only: MCP can report integration status, but connecting or disconnecting payment providers (and handling their credentials) stays in the dashboard.
- Scoped by token, not by tool: every tool call re-validates permissions against the real route — the transport resolves the bearer once per request, then reuses that result for in-process auth (no elevated MCP-only privilege).
Advanced: Limit MCP to one website
For a more restricted setup, use a df_ website API key instead of an account token. It limits the client to one website and mostly read-only analytics. Create one from that website's Settings → API / MCP page and see authentication and scopes for details.
Related
- Tool reference
- Authentication and scopes
- DataFast CLI
- Account API