SalesTouch Docs

Authentication

Understand SalesTouch OAuth, MCP scopes, account resolution, and authorization failures.

SalesTouch uses OAuth 2.1 with PKCE. MCP clients discover the authorization server automatically from the protected-resource metadata published beside the remote MCP endpoint.

Scopes

ScopePurpose
openidIdentifies the signed-in SalesTouch user.
offline_accessAllows the MCP client to refresh access without repeated login prompts.
salestouch:useGrants access to the SalesTouch MCP service.
linkedin:accessGrants the LinkedIn read and write capabilities approved during consent.

Every tool page lists its required scopes. SalesTouch checks scopes before executing the tool and returns a new OAuth challenge when a permission is missing.

Account resolution

Most tools accept an optional account_id. When it is omitted, SalesTouch selects an eligible connected account and reuses a lead owner account when one is already known.

Use linkedin_accounts when you need to inspect or explicitly select an account. Never invent an account identifier.

Authentication sequence

  1. Add https://www.salestouch.io/api/mcp to the MCP client.
  2. Start the client login flow.
  3. Sign in to SalesTouch in the browser.
  4. Review and approve the requested scopes.
  5. Return to the client and start a fresh task or conversation.
  6. Verify access with linkedin_accounts.

Authorization errors

invalid_token or authorization required

The MCP entry exists, but the OAuth session is absent or expired. Run the client login flow again and then reload the tool list.

insufficient_scope

The current token does not include the permission required by the requested tool. Reconnect the MCP and approve the new scope.

Authentication succeeded, but the workspace does not currently have LinkedIn MCP access. Change the SalesTouch workspace entitlement before retrying.

No LinkedIn accounts returned

OAuth is working, but SalesTouch has no usable LinkedIn account for the workspace. Connect LinkedIn in SalesTouch, then call linkedin_accounts again.

Continue with workflows once the read-only verification succeeds.

On this page