Sales Layer MCP Server URLs & Access Modes

Modified on Tue, 2 Jun at 10:55 AM

The Sales Layer MCP Server can be used through a hosted remote server or through a local installation package, depending on the AI client and the level of control you need.

This article explains which Sales Layer MCP Server URL to use, what each access mode means, and which OAuth endpoints may be needed when an AI client asks for manual authentication details.

Hosted server URL

The hosted Sales Layer MCP Server is available at:

https://mcp.saleslayer.com

Some AI clients only ask for the base server URL. Other clients ask for the exact MCP endpoint. When available, use the client-specific article for the tool you are configuring, such as Claude, Microsoft Copilot Studio, ChatGPT, Cursor, VS Code, or another MCP-compatible client.

Remote MCP endpoints

Sales Layer provides different remote MCP endpoints depending on the access profile needed for the connection.

Access mode	URL	Use
Base hosted server	https://mcp.saleslayer.com	Use this when the AI client asks for the remote server URL and handles the MCP path automatically.
Read-only	https://mcp.saleslayer.com/onlyread/mcp	Allows the AI client to query and analyze catalog data without modifying Sales Layer data.
Full access	https://mcp.saleslayer.com/full/mcp	Allows the AI client to use read and write tools. Use it only when the AI client must create or update Sales Layer data.
Client-specific endpoint	https://mcp.saleslayer.com/mcp	Use this only when a Sales Layer client-specific guide asks for it, for example in tools that expect a single MCP endpoint during setup.

Choosing the right access mode

For most first-time setups, use Read-only. This is the safest option because the AI client can answer questions, run checks, analyze product information, and help you understand your catalog without changing data in Sales Layer.

Use Full access only when the client needs to perform actions that can modify your PIM data, such as creating records, updating product descriptions, enriching attributes, or applying bulk changes. Before using Full access, make sure the users who will interact with the AI client understand that the AI tools may affect live Sales Layer data.

Need	Recommended mode
Ask questions about catalog data	Read-only
Run data quality checks or completeness audits	Read-only
Generate reports or identify missing information	Read-only
Create or update records in Sales Layer	Full access
Automate enrichment workflows that write back to the PIM	Full access

★

Tip: Start with Read-only unless your use case clearly requires updates in Sales Layer. You can move to Full access later if your workflow needs write operations.

Authentication endpoints

Remote MCP connections use OAuth 2.0. In many clients, the OAuth configuration is detected automatically. If your client asks for manual OAuth values, use the endpoints below.

Endpoint	URL
OAuth Authorization	https://mcp.saleslayer.com/oauth/authorize
OAuth Token	https://mcp.saleslayer.com/oauth/token
OAuth Registration	https://mcp.saleslayer.com/oauth/register
OAuth Discovery	https://mcp.saleslayer.com/.well-known/oauth-authorization-server
OAuth Protected Resource	https://mcp.saleslayer.com/.well-known/oauth-protected-resource

If the client supports Dynamic Discovery or Dynamic Client Registration, use those options when available. They help the client detect the OAuth configuration automatically and reduce manual configuration errors.

OAuth configuration values

If your client requires manual OAuth configuration, use these values unless a client-specific Sales Layer article gives different instructions.

Field	Value
Authentication	OAuth 2.0
Grant type	Authorization Code with PKCE
Code challenge method	S256
Client ID	A stable client identifier, for example copilot-studio
Client Secret	Leave empty, unless your AI client specifically requires another value
Scope	Leave empty, unless your AI client specifically requires a scope value

Remote server or local installation?

The hosted remote server is the easiest option for most users. It does not require local installation and is configured directly from the AI client using the Sales Layer MCP Server URL.

A local installation package is useful when your organization needs more control over the environment, such as running the MCP Server inside a protected network. Local installation steps depend on the AI client and operating system, so use the specific local installation article when this option is required.

Option	Best for
Hosted remote server	Quick setup in AI clients that support remote MCP and OAuth.
Local installation	Controlled environments, local desktop clients, or organizations with specific infrastructure requirements.

Common mistakes

Mistake	What to do instead
Using the Catalog Token as a direct Bearer token in the MCP Server URL.	Use OAuth 2.0 and enter the Catalog Token only in the Sales Layer authorization screen.
Using Full access for tests or catalog exploration.	Start with Read-only unless the AI client must update Sales Layer data.
Using OAuth endpoints as the MCP Server URL.	Use OAuth endpoints only in the authentication configuration. Use the MCP Server URL in the server URL field.
Confusing the Client ID with the Sales Layer Catalog Token.	Use a stable client identifier as the Client ID. The Catalog Token is entered later during Sales Layer authorization.

Best practices

Use the client-specific Sales Layer article whenever one is available, because some AI clients require a specific endpoint or a slightly different setup flow. Start with Read-only access for testing and catalog analysis, then move to Full access only when write operations are part of the intended workflow.

Keep your Catalog Token secure and enter it only in the Sales Layer authorization screen. If your client supports OAuth Dynamic Discovery or Dynamic Client Registration, use it before entering manual OAuth values.