Skip to main content

What is MCP?

Model Context Protocol (MCP) is an open standard that lets AI agents securely connect to external services. Once you connect Mokaru to your AI agent, it can search jobs, manage your applications, edit your resume, and update your profile - all using natural language.
MCP integration requires a Plus plan. Connecting and OAuth are free; tool calls use the same per-account rate limits as the REST API.

What you can do

Out of the box, your AI agent can:

Job search

Search the Mokaru job database by query, location, work arrangement, employment type, and more.

Application tracking

List, create, update, and view applications. Auto-prepare tailored resumes from the default CV.

Resume management

List, read, create, update, and export resumes as PDF.

Profile & contacts

Read and update your career profile. Manage your professional contacts.
See the full tool reference for every available action.

Example prompts

Once connected, try these in your AI agent to see what Mokaru can do:

🔍 Find and apply to jobs with AI-tailored resume

“Search Mokaru for senior product manager roles in Amsterdam posted this week, remote-friendly. For the top three matches that pay above €80k, save them to my tracker and auto-prepare a tailored resume for each.”
Calls: mokaru_search_jobsmokaru_create_application (with autoPrepare: true) for each match. Mokaru’s AI duplicates your default resume and rewrites it for the job (keyword optimization, rephrased experience, focused summary) in ~30 seconds.

📄 Open a resume in the Mokaru export view

“Show me the resume I tailored for the Acme Corp role, then give me a link to export it as PDF.”
Calls: mokaru_list_resumesmokaru_get_resumemokaru_export_resume_pdf. The tool returns a clickable link to the Mokaru web app with the Export section open; the user clicks “Export PDF” inside Mokaru to download the file. Direct inline PDF download via MCP is coming soon.

👤 Bulk-update your career profile

“I just earned my AWS Solutions Architect Professional certification (credential AWS-SAP-12345). Add it to my certificates and update my summary to mention it.”
Calls: mokaru_get_profile (to read current certificates array) → mokaru_update_profile (with the updated array + new summary). The profile bundle returns/accepts all 8 sections (summaries, projects, certificates, awards, publications, interests, jobTitles, customSections) in one call.

📊 Track application status

“Show me all my applications in ‘interview_scheduled’ status. For each one, list the company and the interview date if I’ve already scheduled it.”
Calls: mokaru_list_applications (with status filter) → mokaru_get_application per item (returns timeline + interviews).

Quick start

Server URL (for every client): https://api.mokaru.ai/mcp No client to install, no API keys to copy - the first time your AI agent uses a Mokaru tool, it opens a Mokaru login in your browser to authorize the connection. For step-by-step setup in each client, see Connect MCP clients - covers Claude.ai web, Claude Desktop, Claude Code, Cursor, Gemini CLI, OpenClaw, Continue, Zed, and custom agents built on the MCP SDK.

How it works

  1. Your MCP client discovers Mokaru’s OAuth metadata at /.well-known/oauth-authorization-server.
  2. It registers itself with POST /oauth/register (Dynamic Client Registration, RFC 7591) and receives a client_id.
  3. It opens your browser to /oauth/authorize, which redirects to the Mokaru consent screen.
  4. You sign in to Mokaru (or are already signed in) and click Allow access.
  5. The browser is redirected back to your MCP client with an authorization code.
  6. Your client exchanges the code for an access token via /oauth/token (PKCE-protected).
  7. Every MCP tool call uses that token, which expires after 1 hour and is refreshed automatically.
Access tokens are JWT-signed and never grant access to other users’ data. The connection can be revoked any time from Mokaru → Settings → Connections.

MCP vs REST API

MCPREST API
Best forAI agents (Claude, Cursor, custom GPTs)Automation tools (n8n, Make), scripts
AuthOAuth 2.1 (browser login)API key (mk_...)
SetupOne URL, no installGenerate key in Settings, paste into config
Token lifetime1 hour access, 30 day refreshUntil manually revoked
Surface14 curated tools (LLM-optimised descriptions)30+ endpoints (full CRUD)
Rate limitsPer-account, shared with API keyPer-account, shared with MCP
Both can be used simultaneously - they share the same underlying data and rate-limit buckets.

Security

  • OAuth 2.1 + PKCE: no client secrets, no browser-leakable tokens.
  • Plus-gated consent: only Plus users can issue MCP tokens.
  • Short-lived tokens: access tokens expire after 1 hour; refresh tokens rotate (single-use detection triggers full session revocation).
  • Per-call ownership checks: tokens are bound to one account - no cross-account access is possible.
  • No PII in logs: server logs contain account id, tool name, duration, and status only.
  • Revocable: any user can revoke all MCP connections from Mokaru → Settings → Connections.
For OAuth implementation details (relevant if you’re building your own MCP client), see the OAuth flow reference.

Report security issues

Found a security issue in the MCP integration (or anywhere in Mokaru)? Email security@mokaru.ai. We respond within 48 hours and follow coordinated disclosure. Good-faith researchers are protected by our safe-harbor policy.