Connect 100Hires to Claude, ChatGPT, Cursor, and any AI assistant

What is MCP?

Model Context Protocol is an open standard from Anthropic that lets AI assistants connect to external systems through a uniform interface — think of it as USB-C for AI tools.

100Hires runs a remote MCP server, not a local one. There’s nothing to install, deploy or update on your machine — every client, including Claude Desktop and Cursor, points at https://mcp.100hires.com/mcp and authorizes via OAuth. New tools and bug fixes land server-side and reach all your assistants the next time they call tools/list.

What you can ask

Ten real prompts that work today, in plain English.

• “Show me candidates who applied this week for the Senior PM role”
• “Move all rejected candidates from this job to the talent pool”
• “Schedule a 30-minute interview with Sarah next Tuesday for the Backend Engineer role”
• “Draft a follow-up email to candidates who haven't replied in 5 days and send it”
• “Open a new Senior Product Designer job in New York and publish it to LinkedIn”
• “Find every LinkedIn candidate with Python on their resume and tag them 'pythonista'”
• “What's on my interview calendar tomorrow?”
• “How many candidates do we have at each stage in the Sales Rep pipeline?”
• “Reject everyone still in 'Phone Screen' for the Marketing Manager job with reason 'No response'”
• “Pull the resume and last 3 notes for the candidate I interviewed yesterday”

Quickstart

From zero to your first MCP prompt in under five minutes.

1. Prerequisites

   A 100Hires account on any plan, including the 14-day free trial. The MCP endpoint is available to every workspace.

2. Pick your AI client

   One-click install for Cursor and VS Code; copy a snippet for everything else. All clients connect to {{ endpointUrl }} over Streamable HTTP; stdio-only clients use the mcp-remote shim.

   ChatGPT Cursor VS Code Claude Desktop Claude Code Codex Other

   In ChatGPT, open Settings → Apps and click Advanced settings.

   

   Turn on Developer mode (Elevated risk) and click Create app.

   

   In the New App (Beta) dialog, fill in:

   • Name: 100Hires
   • Description (optional): AI-native ATS — candidates, jobs, interviews via MCP
   • MCP Server URL: {{ endpointUrl }}
   • Authentication: OAuth
   • Tick I understand and want to continue, then click Create.

   

   ChatGPT redirects you to the 100Hires consent screen. Sign in, click Allow, and you’re connected.

   Install in Cursor

   Click Install in Cursor to add 100Hires MCP automatically. Or paste the snippet below into ~/.cursor/mcp.json.

   Install in VS Code

   Opens VS Code and registers the server. Or paste the snippet into .vscode/mcp.json in your workspace.

   Add the snippet to your Claude Desktop config and restart the app:

   • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
   • Windows: %APPDATA%\Claude\claude_desktop_config.json

   Run this in your terminal:

   OpenAI Codex CLI — requires experimental_use_rmcp_client = true in ~/.codex/config.toml.

   For stdio-only clients (Zed, Windsurf, n8n, older builds) use the mcp-remote shim. It’s a third-party open source bridge: github.com/geelen/mcp-remote.

   {{ clientCopyLabel }}

   {{ activeSnippet }}

   Full list of MCP-compatible clients: modelcontextprotocol.io/clients.

3. Authorize

   Your client opens the 100Hires consent screen. Sign in, review the requested scope, click Allow. Tokens are stored on the client; 100Hires never sees its credentials.

4. Verify

   Ask your assistant: “List all open jobs in 100Hires.” If you get a list back — you’re wired up. If not, see FAQ.

5. Next steps

   • Browse all 130 tools
   • Understand OAuth and scopes
   • Review the safety model

Tools

Keep human confirmation on for destructive tools. Feedback: support@100hires.com.

Authentication

OAuth 2.1 with PKCE and Dynamic Client Registration. Hosts onboard themselves — no API keys to copy and paste, no client secrets to leak.

Flow

AI client → GET  /.well-known/oauth-authorization-server   (RFC 8414)
          → POST /oauth/register                            (DCR, RFC 7591)
          → GET  /oauth/authorize  + PKCE                   (consent in 100Hires)
          → POST /oauth/token                               (code → access_token)
          → POST /mcp  Authorization: Bearer <token>

Scopes

A single scope, mcp:full, mirrors the permissions of the authorizing user.

Token lifetime & refresh

• Access tokens expire after 1 hour.
• Refresh tokens are issued automatically; clients refresh transparently.
• Tokens are bound to the authorizing user and revoked when they leave the workspace.

Manage sessions

Settings → Integrations → Connected AI clients lists every active session: client name (from DCR), last used, IP, scope, and a one-click Revoke.

Safety

• Access is controlled by your API key permissions.
• Read operations are always safe.
• Destructive actions (delete, reject) require explicit IDs.
• Rate limiting with automatic retry is built-in.
• API key is never sent to third-party hosts.

Access model

Every token — OAuth or API key — is bound to a single 100Hires user. The MCP server only ever sees data that user could see in the UI; cross-company access is impossible. Sessions are listed under Settings → Integrations → Connected AI clients.

Destructive tools

These tools modify or remove data and always require explicit IDs — assistants cannot batch-delete by query:

• hires_delete_*
• hires_reject_application
• hires_disqualify_candidate
• hires_batch_reject_applications

Best practices

• Don’t hand AI assistants a blanket “delete by filter” permission — keep human confirmation on for destructive tools.
• Use a separate token per client so you can revoke one without disrupting the others.
• Revoke unused sessions on a regular cadence.
• For CI, prefer a restricted API key over a personal token.

FAQ

rm -rf ~/.mcp-auth/100hires