Developer Docs

MCP endpoints, JSON-RPC flow and extension points.

This page summarizes the technical surface for developers building with or extending StifLi Flex MCP.

Request flow Endpoints JSON-RPC methods OAuth Extending tools Debug logs

Request flow

AI Client -> OAuth authorize
AI Client -> SSE connect
AI Client -> initialize
AI Client -> tools/list
AI Client -> tools/call
StifLi Flex MCP -> WordPress APIs

Endpoints

Endpoint	Purpose
`/wp-json/stifli-flex-mcp/v1/sse`	SSE connection for MCP clients.
`/wp-json/stifli-flex-mcp/v1/messages`	JSON-RPC message handling.
OAuth endpoints	Authorization, token, revocation and dynamic client registration.

JSON-RPC methods

The MCP server supports lifecycle and tool operations such as initialization, tool discovery and tool execution. Enabled tools are filtered by registry state, active profile and WordPress capability checks.

OAuth

OAuth 2.1 with PKCE is the preferred authentication model for modern clients. Application Passwords remain available for advanced or legacy integrations.

Extending tools

Native tools for stable plugin features.
Custom HTTP tools for external APIs.
Custom ACTION tools for WordPress hooks.
WordPress Abilities for plugins that register abilities.

Debug logs

The Debug Log panel can show recent request handling, authentication events, API calls and tool execution failures. Logging can also be enabled through the plugin settings or constants depending on the environment.